Updates from: 06/05/2022 01:06:10
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Administrativeunit Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To remove a member from an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Delete Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete-scopedrolemembers.md
Title: "Remove a scopedRoleMember"
-description: "Remove a scoped-role member from an adminstrative unit."
+description: "Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Remove a scoped-role member from an adminstrative unit.
+Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | RoleManagement.ReadWrite.Directory |
+To remove a role assignment from an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To delete an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Get Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-get-scopedrolemembers.md
Title: "Get a scopedRoleMember"
-description: "Retrieve a specific scopedRoleMembership resource."
+description: "Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a specific [scopedRoleMembership](../resources/scopedrolemembership.md) resource.
+Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Administrativeunit List Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-list-scopedrolemembers.md
Title: "List scopedRoleMembers"
-description: "Retrieve a list of scopedRoleMembership resources."
+description: "List Azure Active Directory (Azure AD) role assignments with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of [scopedRoleMembership](../resources/scopedrolemembership.md) resources.
+List Azure Active Directory (Azure AD) role assignments with administrative unit scope.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Administrativeunit Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All |
+To add a member to an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request The following request adds an existing user, group, or device to the administrative unit.
Content-type: application/json
[!INCLUDE [sample-code](../includes/snippets/go/post-administrativeunits-members-ref-go-snippets.md)] [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-# [PowerShell](#tab/powershell)
-
v1.0 Administrativeunit Post Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-post-scopedrolemembers.md
Title: "Add a scopedRoleMember"
-description: "Add a new scopedRoleMembership. NOTE: Only the *User account administrator* and *Helpdesk administrator* roles are currently supported for scoped-role memberships."
+description: "Assign an Azure Active Directory (Azure AD) role with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Add a new [scopedRoleMembership](../resources/scopedrolemembership.md). NOTE: Only the *User account administrator* and *Helpdesk administrator* roles are currently supported for scoped-role memberships.
+Assign an Azure Active Directory (Azure AD) role with administrative unit scope. For a list of roles that can be assigned with administrative unit scope, see [Assign Azure AD roles with administrative unit scope](/azure/active-directory/roles/admin-units-assign-roles).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | RoleManagement.ReadWrite.Directory |
+To assign Azure AD roles with an administrative unit scope, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/administrativeunit-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To update an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/directory-post-administrativeunits.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To create an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Educationassignment Setupfeedbackresourcesfolder https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/educationassignment-setupfeedbackresourcesfolder.md
+
+ Title: "educationAssignment: setUpFeedbackResourcesFolder"
+description: "Create a SharePoint folder to upload feedback files for a given educationSubmission."
+ms.localizationpriority: medium
+++
+# educationAssignment: setUpFeedbackResourcesFolder
+
+Namespace: microsoft.graph
++
+Create a SharePoint folder to upload feedback files for a given [educationSubmission](../resources/educationsubmission.md).
+
+The teacher determines the resources to upload in the feedback resources folder of a submission.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | EduAssignments.ReadBasic, EduAssignments.Read |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Not supported. |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /classes/{classId}/assignments/{assignmentId}/setUpFeedbackResourcesFolder
+```
+
+## Request headers
+| Header | Value |
+|:|:--|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json |
+
+## Request body
+In the request body, supply an empty JSON object `{}` for this method.
+
+## Response
+If successful, this method returns a `200 OK` response code and an [educationAssignment](../resources/educationassignment.md) object in the request body.
+
+## Example
+The following example shows how to call this API.
+
+### Request
+The following is an example of a request.
+
+<!-- {
+ "blockType": "request",
+ "sampleKeys": ["37d99af7-cfc5-4e3b-8566-f7d40e4a2070","a3cce0ba-2008-4c4d-bf62-079408562d96"],
+ "name": "educationassignment_setupfeedbackresourcesfolder"
+}-->
+```http
+POST https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/a3cce0ba-2008-4c4d-bf62-079408562d96/setUpFeedbackResourcesFolder
+Content-type: application/json
+
+{
+}
+```
+
+### Response
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.educationAssignment"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#educationAssignment",
+ "@odata.type": "#microsoft.graph.educationAssignment",
+ "classId": "155c5142-1716-4c24-b2ac-cd1bcd8ad7ac",
+ "displayName": "2022-02-25T18_57_26_443Z",
+ "closeDateTime": null,
+ "dueDateTime": "2022-02-25T18:57:26.443Z",
+ "assignDateTime": null,
+ "assignedDateTime": null,
+ "allowLateSubmissions": true,
+ "resourcesFolderUrl": null,
+ "feedbackResourcesFolderUrl": "https://graph.microsoft.com/beta/drives/b!9i0vapy4v02vPa13nXvmLuPofkLptz5InpCzu0fn0IRzOBm8o5mJQbXuPddtkYG7/items/01PREZ76FARBTP25X74JFISOFAN7QAHOYW",
+ "createdDateTime": "2022-02-24T18:57:27.8611453Z",
+ "lastModifiedDateTime": "2022-02-24T18:57:40.5319603Z",
+ "allowStudentsToAddResourcesToSubmission": true,
+ "status": "draft",
+ "notificationChannelUrl": null,
+ "webUrl": "https://teams.microsoft.com/l/entity/66aeee93-507d-479a-a3ef-8f494af43945/classroom?context=%7B%22subEntityId%22%3A%22%7B%5C%22version%5C%22%3A%5C%221.0%5C%22,%5C%22config%5C%22%3A%7B%5C%22classes%5C%22%3A%5B%7B%5C%22id%5C%22%3A%5C%22155c5142-1716-4c24-b2ac-cd1bcd8ad7ac%5C%22,%5C%22displayName%5C%22%3Anull,%5C%22assignmentIds%5C%22%3A%5B%5C%22d10f56f7-ba7e-4dfc-b5a2-ae9f10b0d1ad%5C%22%5D%7D%5D%7D,%5C%22action%5C%22%3A%5C%22navigate%5C%22,%5C%22view%5C%22%3A%5C%22assignment-viewer%5C%22%7D%22,%22channelId%22%3Anull%7D",
+ "addToCalendarAction": "none",
+ "addedStudentAction": "none",
+ "id": "d10f56f7-ba7e-4dfc-b5a2-ae9f10b0d1ad",
+ "instructions": {
+ "content": "2022-02-25T18_57_26_443Z",
+ "contentType": "text"
+ },
+ "grading": {
+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",
+ "maxPoints": 100
+ },
+ "assignTo": {
+ "@odata.type": "#microsoft.graph.educationAssignmentClassRecipient"
+ },
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "fadaae59-b18c-44d1-993f-fe8a281bd69c",
+ "displayName": null
+ }
+ },
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "AAAAAAAA-0123-4567-89AB-1B4BB48C3119",
+ "displayName": null
+ }
+ }
+}
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2022-05-05 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "educationAssignment: setUpFeedbackResourcesFolder",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Educationfeedbackresourceoutcome Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/educationfeedbackresourceoutcome-delete.md
+
+ Title: "Delete educationFeedbackResourceOutcome"
+description: "Delete a feedback resource from a submission. This can only be done by a teacher."
+
+ms.localizationpriority: medium
++
+# Delete educationFeedbackResourceOutcome
+
+Namespace: microsoft.graph
++
+Delete a [feedback resource](../resources/educationfeedbackresourceoutcome.md) from a submission. This can only be done by a teacher.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Not supported. |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+DELETE /education/classes/{classId}/assignments/{assignmentId}/submissions/{submissionId}/outcomes/{outcomeId}
+```
+
+## Request headers
+| Header | Value |
+|:|:--|
+| Authorization | Bearer {token}. Required. |
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.
+
+## Example
+### Request
+The following is an example of a request.
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_educationfeedbackresourceoutcome"
+}-->
+```http
+DELETE https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/a3cce0ba-2008-4c4d-bf62-079408562d96/submissions/2185e6d7-2924-4ed1-dde1-269f89e29184/outcomes/ba12f282-2190-4958-80b3-42b8afb9626a
+```
+
+### Response
+The following is an example of the response.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+```http
+HTTP/1.1 204 No Content
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2022-05-06 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Delete educationFeedbackResourceOutcome",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": [
+ ]
+}
+-->
v1.0 Educationfeedbackresourceoutcome Post Outcomes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/educationfeedbackresourceoutcome-post-outcomes.md
+
+ Title: "Create educationFeedbackResourceOutcome"
+description: "Create a new feedback resource for a submission."
+ms.localizationpriority: medium
+++
+# Create educationFeedbackResourceOutcome
+
+Namespace: microsoft.graph
++
+Create a new [feedback resource](../resources/educationfeedbackresourceoutcome.md) for a submission.
+
+Only a teacher can perform this operation.
+
+To create a new file-based resource, upload the file to the feedback resources folder associated with the assignment. If the file doesn't exist or is not in that folder, the `POST` request will fail.
+
+> [!IMPORTANT]
+> Before you can upload an assignment feedback resource, you must [set up the feedback resources folder](../api/educationassignment-setupfeedbackresourcesfolder.md) for the [educationAssignment](../resources/educationassignment.md) to upload the files to.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type | Permissions (from least to most privileged) |
+|:--|:|
+|Delegated (work or school account) | EduAssignments.ReadWriteBasic, EduAssignments.ReadWrite |
+|Delegated (personal Microsoft account) | Not supported. |
+|Application | Not supported. |
+
+## HTTP request
+<!-- { "blockType": "ignored" } -->
+```http
+POST /education/classes/{classId}/assignments/{assignmentId}/submissions/{submissionId}/outcomes
+```
+
+## Request headers
+| Header | Value |
+|:|:--|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json |
+
+## Request body
+In the request body, supply a JSON representation of an [educationFeedbackResourceOutcome](../resources/educationfeedbackresourceoutcome.md) object.
+
+## Response
+If successful, this method returns a `201 Created` response code and an [educationFeedbackResourceOutcome](../resources/educationfeedbackresourceoutcome.md) object in the response body.
+
+This method returns a `400 Bad Request` when the submission has exceeded more than five feedback resources.
+
+## Example
+### Request
+The following is an example of a request.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_educationFeedbackResourceOutcome"
+}-->
+```http
+POST https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/a3cce0ba-2008-4c4d-bf62-079408562d96/submissions/2185e6d7-2924-4ed1-dde1-269f89e29184/outcomes
+Content-type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.educationFeedbackResourceOutcome",
+ "feedbackResource": {
+ "@odata.type": "#microsoft.graph.educationWordResource",
+ "displayName": "Document1.docx"
+ }
+}
+```
+
+### Response
+The following is an example of the response.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.educationFeedbackResourceOutcome"
+} -->
+```http
+HTTP/1.1 201 Created
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignments('a3cce0ba-2008-4c4d-bf62-079408562d96')/submissions('2185e6d7-2924-4ed1-dde1-269f89e29184')/outcomes/$entity",
+ "@odata.type": "#microsoft.graph.educationFeedbackResourceOutcome",
+ "lastModifiedDateTime": "2022-05-06T00:50:30.0772434Z",
+ "id": "ba12f282-2190-4958-80b3-42b8afb9626a",
+ "resourceStatus": "notPublished",
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "feedbackResource": {
+ "@odata.type": "#microsoft.graph.educationWordResource",
+ "displayName": "Document1.docx",
+ "createdDateTime": "2022-05-06T00:50:30.0772177Z",
+ "lastModifiedDateTime": "2022-05-06T00:50:30.0772434Z",
+ "fileUrl": "https://graph.microsoft.com/beta/drives/b!-Ik2sRPLDEWy_bR8l75jfeDcpXQcRKVOmcml10NQLQ1F8CNZWU38SarWxPyWM7jx/items/01VANVJQZQ33I4AJBSURHZJDDQKEJ5TEMJ",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ }
+ }
+}
+
+```
+
+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79
+2022-05-06 14:57:30 UTC -->
+<!--
+{
+ "type": "#page.annotation",
+ "description": "Create educationFeedbackResourceOutcome",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": "",
+ "suppressions": []
+}
+-->
v1.0 Educationsubmission List Outcomes https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/educationsubmission-list-outcomes.md
Title: "List outcomes" description: "Retrieve a list of educationoutcome objects." ms.localizationpriority: medium-+ ms.prod: "education" doc_type: "apiPageType"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of [educationOutcome](../resources/educationoutcome.md) objects. There are three types of outcomes: **educationPointsOutcome**, **educationFeedbackOutcome**, and **educationRubricOutcome**.
+Retrieve a list of [educationOutcome](../resources/educationoutcome.md) objects. There are four types of outcomes: **educationPointsOutcome**, **educationFeedbackOutcome**, **educationRubricOutcome**, and **educationFeedbackResourceOutcome**.
A submission for a credit assignment (one that has no point value and no rubric) will have an [educationFeedbackOutcome](../resources/educationpointsoutcome.md). (It might also return an [educationPointsOutcome](../resources/educationpointsoutcome.md), but that outcome is ignored.)
A submission for an assignment with an attached rubric, if the rubric is a credi
A submission for an assignment with an attached rubric, if the rubric is a points rubric, will have an [educationFeedbackOutcome](../resources/educationpointsoutcome.md), an [educationPointsOutcome](../resources/educationpointsoutcome.md, and an [educationRubricOutcome](../resources/educationrubricoutcome.md).
+A submission for a feedback resource will have an [educationFeedbackResourceOutcome](../resources/educationfeedbackresourceoutcome.md).
+ All outcome types have a regular and a published property appropriate to that type of outcome; for example, **points** and **publishedPoints**, **feedback** and **publishedFeedback**. The regular property is the most recent value updated by the teacher; the published property is the most recent value returned to the student. ## Permissions
If successful, this method returns a `200 OK` response code and a collection of
## Examples
-### Request
+### Example 1: Get all outcomes
+
+The following example shows how to retrieve all outcomes.
+
+#### Request
The following is an example of the request.
GET https://graph.microsoft.com/beta/education/classes/{id}/assignments/{id}/sub
-
-### Response
+#### Response
The following is an example of the response.
Content-type: application/json
} ```
+### Example 2: Get outcomes filtered by outcome type
+
+The following example shows how to retrieve outcomes filtered by outcome type.
+
+#### Request
+
+The following is an example of a request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_outcomes_by_type"
+}-->
+
+```http
+GET https://graph.microsoft.com/beta/education/classes/37d99af7-cfc5-4e3b-8566-f7d40e4a2070/assignments/a3cce0ba-2008-4c4d-bf62-079408562d96/submissions/2185e6d7-2924-4ed1-dde1-269f89e29184/outcomes?$filter=isof('microsoft.graph.educationFeedbackResourceOutcome')
+```
+
+#### Response
+
+The following is an example of the response.
+
+> **Note:** The response object shown here might be shortened for readability.
+
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.educationOutcome",
+ "isCollection": true
+} -->
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('37d99af7-cfc5-4e3b-8566-f7d40e4a2070')/assignments('a3cce0ba-2008-4c4d-bf62-079408562d96')/submissions('2185e6d7-2924-4ed1-dde1-269f89e29184')/outcomes",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.educationFeedbackResourceOutcome",
+ "lastModifiedDateTime": "2022-05-06T00:52:12.8318457Z",
+ "id": "8fb409c5-570b-4fe5-8473-d3666e61f3a0",
+ "resourceStatus": "notPublished",
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "feedbackResource": {
+ "@odata.type": "#microsoft.graph.educationWordResource",
+ "displayName": "Document2.docx",
+ "createdDateTime": "2022-05-06T00:52:12.8318064Z",
+ "lastModifiedDateTime": "2022-05-06T00:52:12.8318457Z",
+ "fileUrl": "https://graph.microsoft.com/beta/drives/b!-Ik2sRPLDEWy_bR8l75jfeDcpXQcRKVOmcml10NQLQ1F8CNZWU38SarWxPyWM7jx/items/01VANVJQ26WF6K2W2IOFAKDITG4F5GWRH5",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ }
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.educationFeedbackResourceOutcome",
+ "lastModifiedDateTime": "2022-05-06T00:52:17.3180275Z",
+ "id": "0710aeea-590d-46b4-9eb8-1c08b6549677",
+ "resourceStatus": "notPublished",
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "feedbackResource": {
+ "@odata.type": "#microsoft.graph.educationWordResource",
+ "displayName": "Document3.docx",
+ "createdDateTime": "2022-05-06T00:52:17.3180176Z",
+ "lastModifiedDateTime": "2022-05-06T00:52:17.3180275Z",
+ "fileUrl": "https://graph.microsoft.com/beta/drives/b!-Ik2sRPLDEWy_bR8l75jfeDcpXQcRKVOmcml10NQLQ1F8CNZWU38SarWxPyWM7jx/items/01VANVJQ563EMEMHRTBBH2SOZ4GDSNEUZK",
+ "createdBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ },
+ "lastModifiedBy": {
+ "application": null,
+ "device": null,
+ "user": {
+ "id": "cb1a4af3-0aba-4679-aa12-9f99bab0b61a",
+ "displayName": null
+ }
+ }
+ }
+ }
+ ]
+}
+```
+ <!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98 2019-02-04 14:57:30 UTC --> <!-- {
Content-type: application/json
"section": "documentation", "tocPath": "" }-->--
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
```http DELETE /groups/{id}/members/{id}/$ref ```
+> [!IMPORTANT]
+> If `/$ref` is not appended to the request, the user will be deleted from Azure Active Directory (Azure AD) if the appropriate permissions are used; otherwise, a `403 Forbidden` error is returned.
## Request headers
v1.0 Policyroot List Rolemanagementpolicies https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/policyroot-list-rolemanagementpolicies.md
Title: "List unifiedRoleManagementPolicies"
-description: "Get a list of the unifiedRoleManagementPolicy objects and their properties."
+ Title: "List roleManagementPolicies"
+description: "Get role management policies and their details."
ms.localizationpriority: medium ms.prod: "governance" doc_type: apiPageType
-# List unifiedRoleManagementPolicies
+# List roleManagementPolicies
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects and their properties. This API only applies to Azure AD roles. To retrieve policies that apply to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/list-for-scope).
+Get role management policies and their details. This API only applies to Azure AD roles. To retrieve policies that apply to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/list-for-scope).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /policies/roleManagementPolicies?$filter=scopeId eq 'scopeId' and scopeType
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method requires the `$filter` (`eq`) query parameter to scope the request to a **scopeId** and a **scopeType**. You can also use the `$select` and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Rbacapplication List Roleassignmentscheduleinstances https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-list-roleassignmentscheduleinstances.md
Title: "List roleAssignmentScheduleInstances"
-description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties."
+description: "Get the instances of active role assignments in your tenant."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects and their properties.
+Get the instances of active role assignments in your tenant. The active assignments include those made through [assignments and activation requests](rbacapplication-post-roleassignmentschedulerequests.md), and directly through the [role assignments API](../resources/unifiedroleassignment.md).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentScheduleInstances
``` ## Optional query parameters
-This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Rbacapplication List Roleassignmentschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-list-roleassignmentschedulerequests.md
Title: "List roleAssignmentScheduleRequests"
-description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties."
+description: "Retrieve the requests for active role assignments to principals made through the PIM unifiedRoleAssignmentScheduleRequest object or the role assignments API."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties.
+Retrieve the requests for active role assignments to principals. The active assignments include those made through [assignments and activation requests](rbacapplication-post-roleassignmentschedulerequests.md), and directly through the [role assignments API](../resources/unifiedroleassignment.md). The role assignments can be permanently active with or without an expiry date, or temporarily active after user activation of eligible assignments.
+ ## Permissions
GET /roleManagement/directory/roleAssignmentScheduleRequests
## Optional query parameters
-This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
v1.0 Rbacapplication List Roleassignmentschedules https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/rbacapplication-list-roleassignmentschedules.md
Title: "List roleAssignmentSchedules"
-description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties."
+description: "Get the schedules for active role assignment operations."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties.
+Get the schedules for active role assignment operations.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentSchedules
``` ## Optional query parameters
-This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Signin Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/signin-get.md
In addition to the delegated permissions, the signed-in user needs to belong to
+ Security Operator + Security Reader + ## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Signin List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/signin-list.md
In addition to the delegated permissions, the signed-in user needs to belong to
+ Security Operator + Security Reader + ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
|:--|:--|:--|:--| |[baseTask](../resources/todotask.md) (deprecated) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported. | |[callRecord](../resources/callrecords-callrecord.md) | Not supported. | Not supported. | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported. | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported. | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported. | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported. | Not supported. | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported. | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All | Not supported. | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported. | Not supported. | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported. | Not supported. | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported. | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported. | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported. | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported. | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported. | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
|:--|:--|:--|:--| |[baseTask](../resources/basetask.md) (deprecated) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[callRecord](../resources/callrecords-callrecord.md) | Not supported | Not supported | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
|:--|:--|:--|:--| |[baseTask](../resources/basetask.md) (deprecated) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[callRecord](../resources/callrecords-callrecord.md) (/communications/callRecords) | Not supported | Not supported | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All, Subscription.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All, Subscription.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite, Subscription.Read.All | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All, Subscription.Read.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
This API supports the following permission scopes; to learn more, including how
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All, Subscription.Read.All | Not supported | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All, Subscription.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All, Subscription.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
|:--|:--|:--|:--| |[baseTask](../resources/basetask.md) (deprecated) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[callRecord](../resources/callrecords-callrecord.md) (/communications/callRecords) | Not supported | Not supported | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
|:--|:--|:--|:--| |[baseTask](../resources/basetask.md) (deprecated) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[callRecord](../resources/callrecords-callrecord.md) | Not supported | Not supported | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Unifiedroleassignmentschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentschedule-filterbycurrentuser.md
Title: "unifiedRoleAssignmentSchedule: filterByCurrentUser"
-description: "Get a list of the unifiedRoleAssignmentSchedule objects and their properties filtered by a particular user principal"
+description: "Retrieve the schedules for active role assignment operations for which the signed-in user is the principal."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedRoleAssignmentSchedule.md) objects and their properties associated with a particular principal object.
+Retrieve the schedules for active role assignment operations for which the signed-in user is the principal.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='pr
``` ## Function parameters
-The following table shows the query parameters that can be used with this method.
+In the request URL, provide the following query parameters with values.
+The following table shows the parameters that are required with this function.
|Parameter|Type|Description| |:|:|:|
-|on|roleAssignmentScheduleFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+|on|roleAssignmentScheduleFilterByCurrentUserOptions| The possible values are `principal`, `unknownFutureValue`.|
## Optional query parameters
-This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedroleassignmentschedule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentschedule-get.md
Title: "Get unifiedRoleAssignmentSchedule"
-description: "Read the properties and relationships of an unifiedRoleAssignmentSchedule object."
+description: "Retrieve the schedule for an active role assignment operation."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Read the properties and relationships of an [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) object.
+Retrieve the schedule for an active role assignment operation.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). |Permission type|Permissions (from least to most privileged)| |:|:|
-|Delegated (work or school account)|RoleAssignmentSchedule.Read.Directory, RoleManagement.Read.Directory, RoleManagement.Read.All, RoleAssignmentSchedule.ReadWrite.Directory|
+|Delegated (work or school account)|RoleAssignmentSchedule.Read.Directory, RoleManagement.Read.Directory, RoleManagement.Read.All, RoleAssignmentSchedule.ReadWrite.Directory |
|Delegated (personal Microsoft account)|Not supported|
-|Application|RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory|
+|Application|RoleManagement.Read.All, RoleManagement.Read.Directory, RoleManagement.ReadWrite.Directory |
## HTTP request
GET /roleManagement/directory/roleAssignmentSchedules/{unifiedRoleAssignmentSche
``` ## Optional query parameters
-This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedroleassignmentscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md
Title: "unifiedRoleAssignmentScheduleInstance: filterByCurrentUser"
-description: "Get a list of the unifiedRoleAssignmentScheduleInstance objects and their properties filtered by a particular user principal"
+description: "Get the instances of active role assignments for the calling principal."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedRoleAssignmentScheduleInstance.md) objects and their properties associated with a particular principal object.
+Get the instances of active role assignments for the calling principal.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUse
``` ## Function parameters
-The following table shows the parameters that can be used with this method.
+In the request URL, provide the following query parameters with values.
+The following table shows the parameters that are required with this function.
|Parameter|Type|Description| |:|:|:|
-|on|roleAssignmentScheduleInstanceFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+|on|roleAssignmentScheduleInstanceFilterByCurrentUserOptions|The possible values are `principal`, `unknownFutureValue`.|
## Optional query parameters
-This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers
v1.0 Unifiedroleassignmentscheduleinstance Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentscheduleinstance-get.md
Title: "Get unifiedRoleAssignmentScheduleInstance"
-description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleInstance object."
+description: "Get the instance of an active role assignment."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Read the properties and relationships of an [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) object.
+Get the instance of an active role assignment.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentScheduleInstances/{unifiedRoleAssign
``` ## Optional query parameters
-This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedroleassignmentschedulerequest Cancel https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentschedulerequest-cancel.md
Title: "unifiedRoleAssignmentScheduleRequest: cancel"
-description: "Cancel a unifiedRoleAssignmentScheduleRequest."
+description: "Immediately cancel a unifiedRoleAssignmentScheduleRequest object whose status is Granted."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Immediately cancel a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object that is in a `Granted` status, and have the system automatically delete the canceled request after 30 days. After calling this action, the **status** of the canceled unifiedRoleAssignmentScheduleRequest changes to `Canceled`.
+Immediately cancel a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object that is in a `Granted` status, and have the system automatically delete the canceled request after 30 days. After calling this action, the **status** of the canceled **unifiedRoleAssignmentScheduleRequest** changes to `Canceled`.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|:|:| |Delegated (work or school account)|RoleAssignmentSchedule.ReadWrite.Directory, RoleManagement.ReadWrite.Directory| |Delegated (personal Microsoft account)|Not supported|
-|Application|Not supported|
+|Application|RoleAssignmentSchedule.ReadWrite.Directory, RoleManagement.ReadWrite.Directory|
## HTTP request
Do not supply a request body for this method.
## Response
-If successful, this action returns a `204 No Content` response code. Attempting to cancel a request that is not in a cancelable state, for example, a unifiedRoleAssignmentScheduleRequest object whose **status** is `Provisioned` or `Failed`, returns a `400 Bad Request` error code.
+If successful, this action returns a `204 No Content` response code. Attempting to cancel a request that is not in a cancelable state, for example, a **unifiedRoleAssignmentScheduleRequest** object whose **status** is `Provisioned` or `Failed`, returns a `400 Bad Request` error code.
## Examples
v1.0 Unifiedroleassignmentschedulerequest Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md
Title: "unifiedRoleAssignmentScheduleRequest: filterByCurrentUser"
-description: "Get a list of the unifiedRoleAssignmentScheduleRequest objects and their properties filtered by a particular user principal"
+description: "In PIM, retrieve the requests for active role assignments for a particular principal. The principal can be the creator or approver of the unifiedRoleAssignmentScheduleRequest object, or they can be the target of the assignment."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+In PIM, retrieve the requests for active role assignments for a particular principal. The principal can be the creator or approver of the **unifiedRoleAssignmentScheduleRequest** object, or they can be the target of the assignment.
+
+> [!NOTE]
+> This API doesn't return active role assignments through group memberships.
-Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties associated with a particular principal object.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentScheduleRequests/filterByCurrentUser
``` ## Function parameters
-The following table shows the query parameters that can be used with this method.
+In the request URL, provide the following query parameters with values.
+The following table shows the parameters that are required with this function.
|Parameter|Type|Description| |:|:|:|
-|on|RoleAssignmentScheduleRequestFilterByCurrentUserOptions|Filter to query objects for which the current user is the principal. Allowed value is `principal`. Required.|
+|on|roleAssignmentScheduleRequestFilterByCurrentUserOptions| The possible values are `principal`, `createdBy`, `approver`, `unknownFutureValue`. Only `principal` and `approver` are currently supported.|
## Optional query parameters
-This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+This method supports the `$select`, `$filter`, and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedroleassignmentschedulerequest Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedroleassignmentschedulerequest-get.md
Title: "Get unifiedRoleAssignmentScheduleRequest"
-description: "Read the properties and relationships of an unifiedRoleAssignmentScheduleRequest object."
+description: "In PIM, read the details of a request for an active and persistent role assignment made through the unifiedRoleAssignmentScheduleRequest object."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Read the properties and relationships of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
+In PIM, read the details of a request for an active and persistent role assignment made through the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /roleManagement/directory/roleAssignmentScheduleRequests/{unifiedRoleAssignm
``` ## Optional query parameters
-This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedrolemanagementpolicy Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrolemanagementpolicy-get.md
Title: "Get unifiedRoleManagementPolicy"
-description: "Read the properties and relationships of an unifiedRoleManagementPolicy object."
+description: "Retrieve the details of a role management policy."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Read the properties and relationships of an [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) object. To read a policy that applies to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/get).
+Retrieve the details of a role management policy. To read a policy that applies to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/get).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. You can also specify the wildcard value `*` to expand all supported relationships, that is, `?$expand=*`. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
v1.0 Unifiedrolemanagementpolicy List Rules https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrolemanagementpolicy-list-rules.md
Title: "List rules"
-description: "Get the unifiedRoleManagementPolicyRule resources from the rules navigation property."
+ Title: "List rules (for a role management policy)"
+description: "Get the rules defined for a role management policy."
ms.localizationpriority: medium ms.prod: "governance" doc_type: apiPageType
-# List rules
+# List rules (for a role management policy)
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Get the unifiedRoleManagementPolicyRule resources from the rules navigation property. To retrieve rules for a policy that applies to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/list-for-scope).
+Get the rules defined for a role management policy. The rules are a collection of following types that are derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object:
++ [unifiedRoleManagementPolicyApprovalRule](../resources/unifiedrolemanagementpolicyapprovalrule.md)++ [unifiedRoleManagementPolicyAuthenticationContextRule](../resources/unifiedrolemanagementpolicyauthenticationcontextrule.md)++ [unifiedRoleManagementPolicyEnablementRule](../resources/unifiedrolemanagementpolicyenablementrule.md)++ [unifiedRoleManagementPolicyExpirationRule](../resources/unifiedrolemanagementpolicyexpirationrule.md)++ [unifiedRoleManagementPolicyNotificationRule](../resources/unifiedrolemanagementpolicynotificationrule.md)+
+To retrieve rules for a policy that applies to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies/list-for-scope).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules
``` ## Optional query parameters
-This method supports all of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$filter` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and a collection of
} --> ``` http
-GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba/rules
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/DirectoryRole_cab01047-8ad9-4792-8e42-569340767f1b_70c808b5-0d35-4863-a0ba-07888e99d448/rules
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/list-unifiedrolemanagementpolicyrule-csharp-snippets.md)]
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": [
- {
- "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
- "target": {
- "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
- }
- }
- ]
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/roleManagementPolicies('DirectoryRole_cab01047-8ad9-4792-8e42-569340767f1b_70c808b5-0d35-4863-a0ba-07888e99d448')/rules",
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
+ "id": "Enablement_Admin_Eligibility",
+ "enabledRules": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "Expiration_Admin_Eligibility",
+ "isExpirationRequired": false,
+ "maximumDuration": "P365D",
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Admin_Admin_Eligibility",
+ "notificationType": "Email",
+ "recipientType": "Admin",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Requestor_Admin_Eligibility",
+ "notificationType": "Email",
+ "recipientType": "Requestor",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Approver_Admin_Eligibility",
+ "notificationType": "Email",
+ "recipientType": "Approver",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
+ "id": "Enablement_Admin_Assignment",
+ "enabledRules": [
+ "Justification"
+ ],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "Expiration_Admin_Assignment",
+ "isExpirationRequired": false,
+ "maximumDuration": "P180D",
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Admin_Admin_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Admin",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Requestor_Admin_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Requestor",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Approver_Admin_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Approver",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule",
+ "id": "Approval_EndUser_Assignment",
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ },
+ "setting": {
+ "isApprovalRequired": false,
+ "isApprovalRequiredForExtension": false,
+ "isRequestorJustificationRequired": true,
+ "approvalMode": "SingleStage",
+ "approvalStages": [
+ {
+ "approvalStageTimeOutInDays": 1,
+ "isApproverJustificationRequired": true,
+ "escalationTimeInMinutes": 0,
+ "isEscalationEnabled": false,
+ "primaryApprovers": [],
+ "escalationApprovers": []
+ }
+ ]
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyAuthenticationContextRule",
+ "id": "AuthenticationContext_EndUser_Assignment",
+ "isEnabled": false,
+ "claimValue": null,
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyEnablementRule",
+ "id": "Enablement_EndUser_Assignment",
+ "enabledRules": [],
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "Expiration_EndUser_Assignment",
+ "isExpirationRequired": true,
+ "maximumDuration": "PT1H45M",
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Admin_EndUser_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Admin",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Requestor_EndUser_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Requestor",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyNotificationRule",
+ "id": "Notification_Approver_EndUser_Assignment",
+ "notificationType": "Email",
+ "recipientType": "Approver",
+ "notificationLevel": "All",
+ "isDefaultRecipientsEnabled": true,
+ "notificationRecipients": [],
+ "target": {
+ "caller": "EndUser",
+ "operations": [
+ "All"
+ ],
+ "level": "Assignment",
+ "inheritableSettings": [],
+ "enforcedSettings": []
+ }
+ }
+ ]
} ```
v1.0 Unifiedrolemanagementpolicyrule Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrolemanagementpolicyrule-get.md
Title: "Get unifiedRoleManagementPolicyRule"
-description: "Read the properties and relationships of an unifiedRoleManagementPolicyRule object."
+description: "Retrieve a rule defined for a role management policy."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: apiPageType
# Get unifiedRoleManagementPolicyRule Namespace: microsoft.graph
-Read the properties and relationships of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.
+Retrieve a rule defined for a role management policy. The rule can be one of the following types that are derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object:
++ [unifiedRoleManagementPolicyApprovalRule](../resources/unifiedrolemanagementpolicyapprovalrule.md)++ [unifiedRoleManagementPolicyAuthenticationContextRule](../resources/unifiedrolemanagementpolicyauthenticationcontextrule.md)++ [unifiedRoleManagementPolicyEnablementRule](../resources/unifiedrolemanagementpolicyenablementrule.md)++ [unifiedRoleManagementPolicyExpirationRule](../resources/unifiedrolemanagementpolicyexpirationrule.md)++ [unifiedRoleManagementPolicyNotificationRule](../resources/unifiedrolemanagementpolicynotificationrule.md) ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
--> ``` http GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
-GET /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/effectiveRules/{unifiedRoleManagementPolicyRuleId}
``` ## Optional query parameters
-This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+This method supports the `$select` and `$expand` OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
## Request headers |Name|Description|
If successful, this method returns a `200 OK` response code and an [unifiedRoleM
} --> ``` http
-GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{unifiedRoleManagementPolicyRuleId}
+GET https://graph.microsoft.com/beta/policies/roleManagementPolicies/DirectoryRole_cab01047-8ad9-4792-8e42-569340767f1b_70c808b5-0d35-4863-a0ba-07888e99d448/rules/Expiration_Admin_Eligibility
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-unifiedrolemanagementpolicyrule-csharp-snippets.md)]
HTTP/1.1 200 OK
Content-Type: application/json {
- "value": {
- "id": "ba9cc2d6-c2d6-ba9c-d6c2-9cbad6c29cba",
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/roleManagementPolicies('DirectoryRole_cab01047-8ad9-4792-8e42-569340767f1b_70c808b5-0d35-4863-a0ba-07888e99d448')/rules/$entity",
+ "@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyExpirationRule",
+ "id": "Expiration_Admin_Eligibility",
+ "isExpirationRequired": false,
+ "maximumDuration": "P365D",
"target": {
- "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget"
+ "caller": "Admin",
+ "operations": [
+ "All"
+ ],
+ "level": "Eligibility",
+ "inheritableSettings": [],
+ "enforcedSettings": []
}
- }
} ```
v1.0 Unifiedrolemanagementpolicyrule Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/unifiedrolemanagementpolicyrule-update.md
PATCH /policies/roleManagementPolicies/{unifiedRoleManagementPolicyId}/rules/{un
## Request body [!INCLUDE [table-intro](../../includes/update-property-table-intro.md)] + |Property|Type|Description| |:|:|:|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. Optional.|
--
+|claimValue|String|The value of the authentication context claim. <br/><br/>Can be updated for the **unifiedRoleManagementPolicyAuthenticationContextRule** rule type.|
+|enabledRules|String collection|The collection of rules that are enabled for this policy rule. For example, `MultiFactorAuthentication`, `Ticketing`, and `Justification`.<br/><br/>Can be updated for the **unifiedRoleManagementPolicyEnablementRule** rule type.|
+|isDefaultRecipientsEnabled|Boolean|Indicates whether a default recipient will receive the notification email.<br/><br/>Can be updated for the **unifiedRoleManagementPolicyNotificationRule** rule type.|
+|isEnabled|Boolean| Whether this rule is enabled. <br/><br/>Can be updated for the **unifiedRoleManagementPolicyAuthenticationContextRule** rule type.|
+|isExpirationRequired|Boolean|Indicates whether expiration is required or if it's a permanently active assignment or eligibility. <br/><br/>Can be updated for the **unifiedRoleManagementPolicyExpirationRule** rule type.|
+|maximumDuration|Duration| The maximum duration allowed for eligibility or assignment which is not permanent. Required when **isExpirationRequired** is `true`. <br/><br/>Can be updated for the **unifiedRoleManagementPolicyExpirationRule** rule type. |
+|notificationLevel|String|The level of notification. The possible values are `None`, `Critical`, `All`.<br/><br/>Can be updated for the **unifiedRoleManagementPolicyNotificationRule** rule type.|
+|notificationRecipients|String collection|The list of recipients of the email notifications.<br/><br/>Can be updated for the **unifiedRoleManagementPolicyNotificationRule** rule type.|
+|notificationType|String|The type of notification. Only `Email` is supported.<br/><br/>Can be updated for the **unifiedRoleManagementPolicyNotificationRule** rule type.|
+|recipientType|String|The type of recipient of the notification. The possible values are `Requestor`, `Approver`, `Admin`.<br/>Can be updated for the **unifiedRoleManagementPolicyNotificationRule** rule type.|
+|setting|[approvalSettings](../resources/approvalsettings.md)|The settings for approval of the role assignment. <br/><br/>Can be updated for the **unifiedRoleManagementPolicyApprovalRule** rule type.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. <br/><br/> Can be updated for all rule types.|
+
+>**Note:** The `@odata.type` property with a value of the specific rule type must be included in the body. For example, `"@odata.type": "#microsoft.graph.unifiedRoleManagementPolicyApprovalRule"`.
## Response
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/administrativeunit.md
This topic provides descriptions of the declared properties and navigation prope
|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user, group, and device) members.| |[Get a member](../api/administrativeunit-get-members.md) |[directoryObject](directoryobject.md)| Get a specific member.| |[Remove a member](../api/administrativeunit-delete-members.md) |[directoryObject](directoryobject.md)| Remove a member.|
-|[Add scoped-role member](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Add a scoped-role member.|
-|[List scoped-role members](../api/administrativeunit-list-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md) collection| Get the list of scoped-role administrators.|
-|[Get a scoped-role member](../api/administrativeunit-get-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Get a specific scoped-role member.|
-|[Remove a scoped-role member](../api/administrativeunit-delete-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Remove a scoped-role member.|
+|[Add a scopedRoleMember](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Assign an Azure AD role with administrative unit scope.|
+|[List scopedRoleMembers](../api/administrativeunit-list-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md) collection| List Azure AD role assignments with administrative unit scope.|
+|[Get a scopedRoleMember](../api/administrativeunit-get-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Get an Azure AD role assignment with administrative unit scope.|
+|[Remove a scopedRoleMember](../api/administrativeunit-delete-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Remove an Azure AD role assignment with administrative unit scope.|
|**Open extensions**| | | |[Create open extension](../api/opentypeextension-post-opentypeextension.md) |[openTypeExtension](opentypeextension.md)| Create an open extension and add custom properties to a new or existing resource.| |[Get open extension](../api/opentypeextension-get.md) |[openTypeExtension](opentypeextension.md) collection| Get an open extension identified by the extension name.|
v1.0 Approvalsettings https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approvalsettings.md
Title: "approvalSettings complex type"
-description: "Used for the requestApprovalSettings property of an access package assignment policy. Provides additional settings to select who must approve each request."
+description: "The settings for approval as defined in a role management policy rule."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Used for the `requestApprovalSettings` property of an [access package assignment policy](accesspackageassignmentpolicy.md). Provides additional settings to select who must approve each request.
+The settings for approval as defined in a role management policy rule.
## Properties
-| Property | Type | Description |
-| : | : | :- |
-| isApprovalRequired | Boolean | If false, then approval is not required for requests in this policy. |
-| isApprovalRequiredForExtension | Boolean| If false, then approval is not required for a user who already has an assignment to extend their assignment. |
-| isRequestorJustificationRequired | Boolean | Indicates whether the requestor is required to supply a justification in their request. |
-| approvalMode| String | One of `NoApproval`, `SingleStage` or `Serial`. The `NoApproval` is used when `isApprovalRequired` is false. |
-| approvalStages | [approvalStage](approvalstage.md) collection| If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required. |
+|Property|Type|Description|
+|:|:|:|
+|approvalMode|String|One of `SingleStage`, `Serial`, `Parallel`, `NoApproval` (default). `NoApproval` is used when `isApprovalRequired` is `false`.|
+|approvalStages|[approvalStage](../resources/approvalstage.md) collection|If approval is required, the one or two elements of this collection define each of the stages of approval. An empty array if no approval is required.|
+|isApprovalRequired|Boolean|Indicates whether approval is required for requests in this policy.|
+|isApprovalRequiredForExtension|Boolean|Indicates whether approval is required for a user to extend their assignment.|
+|isRequestorJustificationRequired|Boolean|Indicates whether the requestor is required to supply a justification in their request.|
-## JSON representation
-
-The following is a JSON representation of the request approval settings property.
+## Relationships
+None.
+## JSON representation
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
"@odata.type": "microsoft.graph.approvalSettings"
-}-->
-
-```json
+}
+-->
+``` json
{
- "isApprovalRequired": true,
- "isApprovalRequiredForExtension": false,
- "isRequestorJustificationRequired": true,
- "approvalMode": "Serial",
- "approvalStages": [{"@odata.type": "microsoft.graph.approvalStage"}]
+ "@odata.type": "#microsoft.graph.approvalSettings",
+ "isApprovalRequired": "Boolean",
+ "isApprovalRequiredForExtension": "Boolean",
+ "isRequestorJustificationRequired": "Boolean",
+ "approvalMode": "String",
+ "approvalStages": [
+ {
+ "@odata.type": "microsoft.graph.approvalStage"
+ }
+ ]
} ```
v1.0 Approvalstage https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/approvalstage.md
Title: "approvalStage complex type"
-description: "Used for the approvalStages property of approval settings in the requestApprovalSettings property of an access package assignment policy. Specifies the primary, fallback, and escalation approvers of each stage."
+description: "In entitlement management, used for the approvalStages property of approval settings in the requestApprovalSettings property of an access package assignment policy. Specifies the primary, fallback, and escalation approvers of each stage. In PIM, defines the settings of the approval stages in a unifiedRoleManagementPolicyApprovalRule object."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Used for the **approvalStages** property of approval settings in the **requestApprovalSettings** property of an [access package assignment policy](accesspackageassignmentpolicy.md). Specifies the primary, fallback, and escalation approvers of each stage.
+In entitlement management, used for the **approvalStages** property of approval settings in the **requestApprovalSettings** property of an [access package assignment policy](accesspackageassignmentpolicy.md). Specifies the primary, fallback, and escalation approvers of each stage.
+
+In PIM, defines the settings of the approval stages in a [unifiedRoleManagementPolicyApprovalRule](unifiedrolemanagementpolicyapprovalrule.md) object. Specifies the primary and escalation approvers of each stage and whether approvals and escalations are required.
## Properties
v1.0 Attendeebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/attendeebase.md
Title: "attendeeBase resource type"
description: "The type of attendee." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Averagecomparativescore https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/averagecomparativescore.md
Title: " averageComparativeScore resource type"
description: "This resource contains various different scores based by different scopes (for example, average by industry vertical, average by company seat size, and so on) and control category (Identity, Data, Device, Apps, Infrastructure)." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Baseitemversion https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/baseItemVersion.md
Last updated 09/17/2017
Title: BaseItemVersion ms.localizationpriority: medium doc_type: resourcePageType # BaseItemVersion resource type
v1.0 Certificationcontrol https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/certificationControl.md
Title: " certificationControl resource type"
description: "This resource contains compliance certification data associated with secure score control." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Controlscore https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/controlscore.md
Title: " controlScore resource type"
description: "This resource contains a tenant score and description for an individual control." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Customtimezone https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/customtimezone.md
Title: "customTimeZone resource type"
description: "Represents a time zone where the transition from standard to daylight saving time, or vice versa is not standard." ms.localizationpriority: medium doc_type: resourcePageType
Represents a time zone where the transition from standard to daylight saving tim
## Properties
-| Property | Type |Description|
+| Property | Type |Description|
|:|:--|:-| | bias | Edm.Int32 | The time offset of the time zone from Coordinated Universal Time (UTC). This value is in minutes. Time zones that are ahead of UTC have a positive offset; time zones that are behind UTC have a negative offset.| | daylightOffset | [daylightTimeZoneOffset](daylighttimezoneoffset.md) | Specifies when the time zone switches from standard time to daylight saving time. |
v1.0 Datetimecolumn https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/datetimecolumn.md
Last updated 09/11/2017
Title: DateTimeColumn ms.localizationpriority: medium doc_type: resourcePageType # DateTimeColumn resource type
v1.0 Daylighttimezoneoffset https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/daylighttimezoneoffset.md
Title: "daylightTimeZoneOffset resource type"
description: "Specifies when a time zone switches from standard time to daylight saving time." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Deleted https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/deleted.md
Last updated 09/10/2017
Title: Deleted ms.localizationpriority: medium doc_type: resourcePageType # Deleted facet
v1.0 Devicehealth https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/devicehealth.md
Title: deviceHealth resource type
description: Represents a device's health, including any errors. ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Educationassignment https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/educationassignment.md
The **assignment** APIs are exposed in the class namespace.
|[Delete](../api/educationassignment-delete.md) | None |Delete an **educationAssignment** object. | |[Publish](../api/educationassignment-publish.md)|[educationAssignment](educationassignment.md)|Change the state of an **educationAssignment** object from draft to published.| |[Set up assignment resources folder](../api/educationassignment-setupresourcesfolder.md)| string| Create a SharePoint folder (under pre-defined location) to upload files as assignment resources.|
+|[Set up assignment feedback resources folder](../api/educationassignment-setupfeedbackresourcesfolder.md)|[educationAssignment](../resources/educationassignment.md)|Create a SharePoint folder to upload feedback files for a given [educationSubmission](../resources/educationsubmission.md).|
|[List resources](../api/educationassignment-list-resources.md) |[educationAssignmentResource](educationassignmentresource.md) collection| Get an **educationAssignmentResource** object collection.| |[List submissions](../api/educationassignment-list-submissions.md) |[educationSubmission](educationsubmission.md) collection| Get an **educationSubmission** object collection.| |[List categories](../api/educationassignment-list-categories.md) |[educationCategory](educationcategory.md) collection| Get an **educationCategory** object collection.|
The **assignment** APIs are exposed in the class namespace.
|createdDateTime|DateTimeOffset|Moment when the **assignment** was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| |displayName|String|Name of the **assignment**.| |dueDateTime|DateTimeOffset|Date when the students **assignment** is due. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`|
+|feedbackResourcesFolderUrl|String|Folder URL where all the feedback file resources for this **assignment** are stored.|
|grading|[educationAssignmentGradeType](educationassignmentgradetype.md)|How the **assignment** will be graded. | |instructions|[itemBody](itembody.md)| Instructions for the **assignment**. This along with the display name tell the student what to do. | |lastModifiedBy|[identitySet](identityset.md)| Who last modified the **assignment**. |
v1.0 Educationfeedbackresourceoutcome https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/educationfeedbackresourceoutcome.md
+
+ Title: "educationFeedbackResourceOutcome resource type"
+description: "Represents feedback on an educationOutcome object in the form of a document."
+ms.localizationpriority: medium
+++
+# educationFeedbackResourceOutcome resource type
+
+Namespace: microsoft.graph
++
+Represents feedback on an [educationOutcome](educationoutcome.md) object in the form of a document.
+
+## Methods
+
+| Method | Return Type | Description |
+|:-|:|:|
+| [Create educationFeedbackResourceOutcome](../api/educationfeedbackresourceoutcome-post-outcomes.md) | [educationOutcome](educationoutcome.md) | Create a new [feedback resource](../resources/educationfeedbackresourceoutcome.md) for a submission. |
+| [Delete educationFeedbackResourceOutcome](../api/educationfeedbackresourceoutcome-delete.md) | None | Delete a [feedback resource](../resources/educationfeedbackresourceoutcome.md) from a submission. |
+
+## Properties
+
+| Property | Type | Description |
+|:-|:|:|
+|feedbackResource|[educationResource](educationresource.md)|The actual feedback resource.|
+|id|String|Unique identifier for the **educationFeedbackResourceOutcome**.|
+|resourceStatus|educationFeedbackResourceOutcomeStatus|The status of the feedback resource. The possible values are: `notPublished`, `pendingPublish`, `published`, `failedPublish`, and `unknownFutureValue`.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following is a JSON representation of the resource.
+
+<!-- {
+ "blockType": "resource",
+ "optionalProperties": [
+
+ ],
+ "@odata.type": "microsoft.graph.educationFeedbackResourceOutcome",
+ "keyProperty": "id"
+}-->
+
+```json
+{
+ "feedbackResource": {"@odata.type": "microsoft.graph.educationResource"},
+ "id": "String (identifier)",
+ "resourceStatus": {"@odata.type": "microsoft.graph.educationFeedbackResourceOutcomeStatus"}
+}
+```
+
+<!-- uuid: 16cd6b66-4b1a-43a1-adaf-3a886856ed98
+2022-05-05 14:57:30 UTC -->
+<!-- {
+ "type": "#page.annotation",
+ "description": "educationFeedbackResourceOutcome resource",
+ "keywords": "",
+ "section": "documentation",
+ "tocPath": ""
+}-->
v1.0 Educationoutcome https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/educationoutcome.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-The result of grading an assignment. This is a base class; the derived types are [educationFeedbackOutcome](educationfeedbackoutcome.md), [educationPointsOutcome](educationpointsoutcome.md), and [educationRubricOutcome](educationrubricoutcome.md).
+The result of grading an assignment. This is a base class; the derived types are [educationFeedbackOutcome](educationfeedbackoutcome.md), [educationPointsOutcome](educationpointsoutcome.md), [educationRubricOutcome](educationrubricoutcome.md), and [educationFeedbackResourceOutcome](educationfeedbackresourceoutcome.md).
## Methods
The result of grading an assignment. This is a base class; the derived types are
|:|:--|:-| |id|String|Read-only.| |lastModifiedBy|[identitySet](identityset.md)|The individual who updated the resource.|
-|lastModifiedDateTime|DateTimeOffset|Moment in time when the resource was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is `2021-01-01T00:00:00Z`.|
+|lastModifiedDateTime|DateTimeOffset|Moment in time when the resource was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2021 is `2021-01-01T00:00:00Z`.|
## Relationships
-None
+None.
## JSON representation
v1.0 Enums https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/enums.md
Namespace: microsoft.graph
|unknownFutureValue| |reassigned|
+### educationFeedbackResourceOutcomeStatus values
+|Member|
+|:|
+|notPublished|
+|pendingPublish|
+|published|
+|failedPublish|
+|unknownFutureValue|
+ ### externalEmailOtpState values |Member|
v1.0 Fieldvalueset https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/fieldvalueset.md
Last updated 09/11/2017
Title: FieldValueSet ms.localizationpriority: medium doc_type: resourcePageType # FieldValueSet resource
v1.0 File https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/file.md
Last updated 09/10/2017
Title: File ms.localizationpriority: medium doc_type: resourcePageType # File resource type
v1.0 Filterdatetime https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/filterdatetime.md
Title: "FilterDatetime resource type"
description: "Represents how to filter a date when filtering on values." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Folder https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/folder.md
Last updated 09/10/2017
Title: Folder ms.localizationpriority: medium doc_type: resourcePageType # Folder resource type
v1.0 Folderview https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/folderview.md
Last updated 09/10/2017
Title: FolderView ms.localizationpriority: medium doc_type: resourcePageType # FolderView resource type
v1.0 Followupflag https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/followupflag.md
Title: "followupFlag resource type"
description: "Allows setting a flag for the user to follow up on an item later. Supported items include message and contact." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Formatprotection https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/formatprotection.md
Title: "FormatProtection resource type"
description: "Represents the format protection of a range object." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Freebusyerror https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/freebusyerror.md
Title: "freeBusyError resource type"
description: "Represents error information from attempting to get the availability of a user, distribution list, or resource." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Genericerror https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/genericerror.md
Title: "genericError resource type"
description: "A general-purpose error." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Hostsecuritystate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/hostsecuritystate.md
Title: "hostSecurityState resource type"
description: " > **Important:** APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Image https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/image.md
Last updated 09/10/2017
Title: Image ms.localizationpriority: medium doc_type: resourcePageType # Image resource type
v1.0 Json https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/json.md
Title: "Json resource type"
description: "Represents data returned in JSON format" ms.localizationpriority: medium doc_type: resourcePageType
Namespace: microsoft.graph
Represents data returned in JSON format ## Properties
-|Property|Type|Description|
-|:|:|:|
+None.
## Relationships
-None
+None.
+ ## JSON Representation Here is a JSON representation of the resource. <!--{
v1.0 Personwebsite https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/personwebsite.md
Title: "personWebsite resource type"
-description: "personWebsite resource type"
+description: "Represents detailed information about websites associated with a user in various services."
ms.localizationpriority: medium ms.prod: "people"
Inherits from [itemFacet](itemfacet.md).
|displayName |String | Contains a friendly name for the website. | |webUrl |String | Contains a link to the website itself. |
-## Properties
-|Property|Type|Description|
-|:|:|:|
-|allowedAudiences|String|The audiences that are able to see the values contained within the entity. Inherited from [itemFacet](../resources/itemfacet.md). Possible values are: `me`, `family`, `contacts`, `groupMembers`, `organization`, `federatedOrganizations`, `everyone`, `unknownFutureValue`.|
-|categories|String collection|Contains categories a user has associated with the website (for example, personal, recipes).|
-|createdBy|[identitySet](../resources/identityset.md)|Provides the identifier of the user and/or application that created the entity. Inherited from [itemFacet](../resources/itemfacet.md).|
-|createdDateTime|DateTimeOffset|Provides the dateTimeOffset for when the entity was created. Inherited from [itemFacet](../resources/itemfacet.md).|
-|description|String|Contains a description of the website.|
-|displayName|String|Contains a friendly name for the website.|
-|id|String|Identifier used for individually addressing the entity. Inherited from [entity](../resources/entity.md)|
-|inference|[inferenceData](../resources/inferencedata.md)|Contains inference detail if the entity is inferred by the creating or modifying application. Inherited from [itemFacet](../resources/itemfacet.md).|
-|lastModifiedBy|[identitySet](../resources/identityset.md)|Provides the identifier of the user and/or application that last modified the entity. Inherited from [itemFacet](../resources/itemfacet.md).|
-|lastModifiedDateTime|DateTimeOffset|Provides the dateTimeOffset for when the entity was created. Inherited from [itemFacet](../resources/itemfacet.md).|
-|source|[personDataSource](../resources/persondatasource.md)|Where the values originated if synced from another service. Inherited from [itemFacet](../resources/itemfacet.md).|
-|webUrl|String|Contains a link to the website itself.|
- ## Relationships None.
v1.0 Request https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/request.md
Title: "request resource type"
-description: "An abstract entity type to model the asynchronized request workflow to create, update, and delete an object."
+description: "Represents the details of a request in PIM or userConsentRequests."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-An abstract entity type to model the asynchronized request workflow to create, update, and delete an object.
+Represents the details of a request in [PIM](privilegedidentitymanagementv3-overview.md) or [user consent request](userconsentrequest.md) APIs.
-Inherits from [entity](entity.md).
+Inherits from [entity](../resources/entity.md).
## Properties |Property|Type|Description| |:|:|:|
-|approvalId|String|The identifier of the approval of the request.|
-|completedDateTime|DateTimeOffset|The request completion date time.|
-|createdBy|[identitySet](identityset.md)|The user who created this request.|
+|approvalId|String| The identifier of the approval of the request. |
+|completedDateTime|DateTimeOffset| The request completion date time. |
+|createdBy|[identitySet](../resources/identityset.md)|The principal that created the request.|
|createdDateTime|DateTimeOffset|The request creation date time.| |customData|String|Free text field to define any custom data for the request. Not used.|
-|status|String|The status of the request. Not nullable. The possible values are: `Canceled`, `Denied`, `Failed`, `Granted`, `PendingAdminDecision`, `PendingApproval`, `PendingProvisioning`, `PendingScheduleCreation`, `Provisioned`, `Revoked`, and `ScheduleCreated`. Not nullable.|
-|id|String|Identifier of the request. Read-only. Not nullable. Inherited from [entity](entity.md).|
+|id|String|The unique identifier for the request object. Inherited from [entity](../resources/entity.md).|
+|status|String| The status of the request. Not nullable. The possible values are: `Canceled`, `Denied`, `Failed`, `Granted`, `PendingAdminDecision`, `PendingApproval`, `PendingProvisioning`, `PendingScheduleCreation`, `Provisioned`, `Revoked`, and `ScheduleCreated`. Not nullable. |
## Relationships
-|Relationship|Type|Description|
-|:|:|:|
-|approval|[approval](../resources/approval.md)|Represents the approval object that the request is linked to.|
+None.
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
{ "@odata.type": "#microsoft.graph.request", "id": "String (identifier)",
- "approvalId": "String (identifier)",
+ "status": "String",
"completedDateTime": "String (timestamp)",
- "createdBy": {
- "@odata.type": "microsoft.graph.identitySet"
- },
"createdDateTime": "String (timestamp)",
+ "approvalId": "String",
"customData": "String",
- "status": "String",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ }
}
-```
-
+```
v1.0 Requestschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/requestschedule.md
Title: "requestSchedule resource type"
-description: "An request schedule can be included in an access package assignment request and is present in an access package assignment."
+description: "An request schedule can be included in an access package assignment request and is present in an access package assignment. In PIM, use this resource to define the schedule for when the principal will have an eligible or active role assignment."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
In [Azure AD entitlement management](entitlementmanagement-overview.md), an access package assignment request is created by a user who wants to obtain an access package assignment. This request can include a schedule for when the user would like to have an assignment. An access package assignment that results from such a request also has a schedule.
+In PIM, use this resource to define the schedule for when the principal will have an eligible or active role assignment.
+ ## Properties | Property | Type | Description | |:-|:|:|
-|startDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|expiration|[expirationPattern](expirationpattern.md)|When the access should expire.|
-|recurrence|[patternedRecurrence](patternedrecurrence.md)|For recurring access. Not used at present.|
+|startDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. In PIM, when the eligible or active assignment becomes active.|
+|expiration|[expirationPattern](expirationpattern.md)|In entitlement management, when the access should expire.|
+|recurrence|[patternedRecurrence](patternedrecurrence.md)|For recurring access, or eligible or active assignment. This property is currently unsupported in both PIM and entitlement management.|
## JSON representation The following is a JSON representation of the resource.- <!-- { "blockType": "resource",
- "optionalProperties": [
-
- ],
"@odata.type": "microsoft.graph.requestSchedule"
-}-->
-
-```json
+}
+-->
+``` json
{
- "startDateTime": "2020-08-11T23:06:53.307Z",
- "expiration": {
- "@odata.type": "microsoft.graph.expirationPattern"
- }
+ "@odata.type": "#microsoft.graph.requestSchedule",
+ "startDateTime": "String (timestamp)",
+ "expiration": {
+ "@odata.type": "microsoft.graph.expirationPattern"
+ },
+ "recurrence": {
+ "@odata.type": "microsoft.graph.patternedRecurrence"
+ }
} ```
v1.0 Securescorecontrolprofiles https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/securescorecontrolprofiles.md
Title: "secureScoreControlProfile resource type"
description: "Represents a tenant's secure score per control data. By default, it returns all controls for a tenant and can explicitly pull individual controls." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Securescorecontrolstateupdate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/securescorecontrolstateupdate.md
Title: " secureScoreControlStateUpdate resource type"
description: "This resource contains history of control states updated by user (control states include Default, Ignored, ThirdParty, Reviewed)." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Securescores https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/securescores.md
Title: "secureScore resource type"
description: "top=n, where n = the number of days of data that you want to retrieve. " ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/subscription.md
A subscription allows a client app to receive change notifications about changes
- An [alert][] from the Microsoft Graph Security API. - A [baseTask][] (deprecated) of a user in Microsoft To Do.* - A [callRecord][] produced after a call or meeting in Microsoft Teams.-- A [channel](./channel.md) in Microsoft Teams.*-- A [chat](./chat.md) in Microsoft Teams.*
+- A [channel](./channel.md) in Microsoft Teams.
+- A [chat](./chat.md) in Microsoft Teams.
- A [chatMessage][] sent via teams or channels in Microsoft Teams. - A [conversation][] in a Microsoft 365 group.-- A [conversationMember](./conversationmember.md) in a team, channel, or chat in Microsoft Teams.*
+- A [conversationMember](./conversationmember.md) in a team, channel, or chat in Microsoft Teams.
- Content in the hierarchy of a root folder [driveItem][] in OneDrive for Business, or of a root folder or subfolder [driveItem][] in a user's personal OneDrive. - A [group][] in Azure Active Directory. - A [list][] under a SharePoint [site][]. - A [message][], [event][], or [contact][] in Outlook. - An [online meeting][] in Microsoft Teams.* - The [presence][] of a user in Microsoft Teams.*-- A [team](./team.md) in Microsoft Teams.*
+- A [team](./team.md) in Microsoft Teams.
- A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](/graph/universal-print-webhook-notifications). - A [todoTask][] of a user in Microsoft To Do. - A [user][] in Azure Active Directory.
v1.0 Systemfacet https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/systemfacet.md
-description: <descripton>
Previously updated : 09/12/2017
+description: The **system** facet indicates that the object is managed by the system for its own operation.
Title: SystemFacet ms.localizationpriority: medium doc_type: resourcePageType
-# System facet
+# system facet
Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-The **System** facet indicates that the object is managed by the system for its own operation.
-Most apps should ignore items that have a System facet.
+The **system** facet indicates that the object is managed by the system for its own operation.
+Most apps should ignore items that have a system facet.
-**Note**: While this facet is empty today, in future API revisions the facet may be populated with additional properties.
+>**Note**: While this facet is empty today, in future API revisions the facet may be populated with additional properties.
## JSON representation
v1.0 Ticketinfo https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/ticketinfo.md
Title: "ticketInfo resource type"
-description: "The object that represents ticket information related to role assignment requests"
+description: "Represents ticket information related to role assignment and eligibility requests."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-The object that represents ticket information related to role assignment requests
+Represents ticket information related to role assignment and eligibility requests. Use this object to define ticket parameters for a role assignment or eligibility request is initiated by another request made in an external system.
## Properties |Property|Type|Description| |:|:|:|
-|ticketNumber|String|Ticket number meta data|
-|ticketSystem|String|Ticket system meta data|
+|ticketNumber|String|The ticket number.|
+|ticketSystem|String|The description of the ticket system.|
## Relationships None.
v1.0 Unifiedroleassignmentschedule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleassignmentschedule.md
Title: "unifiedRoleAssignmentSchedule resource type"
-description: "Represents a schedule for an active role assignment operations through Azure AD Privileged Identity Management."
+description: "Represents a schedule for an active role assignment in your tenant."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the schedule for an active role assignment through Azure AD Privileged Identity Management. A **unifiedRoleAssignmentSchedule** is created by a [unifiedRoleAssignmentScheduleRequest](unifiedroleassignmentschedulerequest.md) and is used to instantiate a [unifiedRoleAssignmentScheduleInstance](unifiedroleassignmentscheduleinstance.md). This resource supports list and get operations to retrieve the schedule for the purpose of viewing current and future assignments.
+Represents a schedule for an active role assignment in your tenant and is used to instantiate a [unifiedRoleAssignmentScheduleInstance](unifiedroleassignmentscheduleinstance.md). The active assignment may have been made through [PIM assignments and activation requests](../api/rbacapplication-post-roleassignmentschedulerequests.md), or directly through the [role assignments API](../resources/unifiedroleassignment.md).
Inherits from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). ## Methods |Method|Return type|Description| |:|:|:|
-|[List unifiedRoleAssignmentSchedules](../api/rbacapplication-list-roleassignmentschedules.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties.|
-|[Get unifiedRoleAssignmentSchedule](../api/unifiedroleassignmentschedule-get.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)|Read the properties and relationships of an [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) object.|
-|[filterByCurrentUser](../api/unifiedroleassignmentschedule-filterbycurrentuser.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Get a list of the [unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) objects and their properties granted to a particular user.|
+|[List unifiedRoleAssignmentSchedules](../api/rbacapplication-list-roleassignmentschedules.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Get the schedules for active role assignment operations.|
+|[Get unifiedRoleAssignmentSchedule](../api/unifiedroleassignmentschedule-get.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)|Retrieve the schedule for an active role assignment operation.|
+|[filterByCurrentUser](../api/unifiedroleassignmentschedule-filterbycurrentuser.md)|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md) collection|Retrieve the schedules for active role assignment operations for which the signed-in user is the principal.|
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.|
-|createdDateTime|DateTimeOffset|Time that the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|createdUsing|String|ID of the roleAssignmentScheduleRequest that created this schedule. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|id|String|The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
-|modifiedDateTime|DateTimeOffset|Last time the schedule was updated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|principalId|String| Objectid of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). <br> Supports `$filter` (`eq`).|
-|roleDefinitionId|String|ID of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). <br> Supports `$filter` (`eq`).|
-|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
-|status|String|Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).<br> Supports `$filter` (`eq`).|
+|appScopeId|String|Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Supports `$filter` (`eq`, `ne`, and on `null` values). Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|assignmentType|String|Type of the assignment which can either be `Assigned` or `Activated`. Supports `$filter` (`eq`, `ne`).|
+|createdDateTime|DateTimeOffset|When the schedule was created. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|createdUsing|String|Identifier of the **unifiedRoleAssignmentScheduleRequest** object through which this schedule was created. Nullable. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). Supports `$filter` (`eq`, `ne`, and on `null` values).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Supports `$filter` (`eq`, `ne`, and on `null` values). Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|id|String|The unique identifier for the **unifiedRoleAssignmentScheduleRequest** object. Supports `$filter` (`eq`). Inherited from [entity](../resources/entity.md).|
+|memberType|String|How the assignments is inherited. It can either be `Inherited`, `Direct`, or `Group`. It can further imply whether the **unifiedRoleAssignmentSchedule** can be managed by the caller. Supports `$filter` (`eq`, `ne`).|
+|modifiedDateTime|DateTimeOffset|When the schedule was last modified. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md).|
+|principalId|String|Identifier of the principal that has been granted the role assignment. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). Supports `$filter` (`eq`, `ne`).|
+|roleDefinitionId|String|Identifier of the [unifiedRoleDefinition](unifiedroledefinition.md) object that is being assigned to the principal. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). Supports `$filter` (`eq`, `ne`).|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The period of the role assignment. It can represent a single occurrence or multiple recurrences.|
+|status|String|The status of the **unifiedRoleAssignmentScheduleRequest** object. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md). The possible values are: `Canceled`, `Denied`, `Failed`, `Granted`, `PendingAdminDecision`, `PendingApproval`, `PendingProvisioning`, `PendingScheduleCreation`, `Provisioned`, `Revoked`, and `ScheduleCreated`. Not nullable. Supports `$filter` (`eq`, `ne`).|
## Relationships |Relationship|Type|Description| |:|:|:|
-|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the roleAssignmentSchedule is activated by a roleEligibilitySchedule, this is the link to that schedule.|
-|activeInstance|[unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|Will be deprecated. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
-|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleBase](../resources/unifiedroleschedulebase.md)|
+|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the request is from an eligible administrator to activate a role, this parameter will show the related eligible assignment for that activation. Otherwise, it is `null`. Supports `$expand`.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app-specific scope when the assignment is scoped to an app. Nullable. Supports `$expand`.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment. Read-only. Supports `$expand`.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that's getting a role assignment through the request. Supports `$expand`.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Detailed information for the roleDefinition object that is referenced through the **roleDefinitionId** property. Supports `$expand`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Unifiedroleassignmentscheduleinstance https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleassignmentscheduleinstance.md
Title: "unifiedRoleAssignmentScheduleInstance resource type"
-description: "Represents a schedule instance for an active role assignment operations through Azure AD Privileged Identity Management."
+description: "Represents the instance for an active role assignment in your tenant."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the instance for an active role assignment through Azure AD Privileged Identity Management. A **unifiedRoleAssignmentScheduleInstance** is created by [unifiedRoleAssignmentSchedule](unifiedroleassignmentschedule.md) and and represents an actual role assignment created through Privileged Identity Management. This resource supports the List and Get operations for the purpose of viewing current and future assignments.
+Represents the instance for an active role assignment in your tenant. The active assignment may have been made through [PIM assignments and activation requests](../api/rbacapplication-post-roleassignmentschedulerequests.md), or directly through the [role assignments API](../resources/unifiedroleassignment.md).
Inherits from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md). ## Methods |Method|Return type|Description| |:|:|:|
-|[List unifiedRoleAssignmentScheduleInstances](../api/rbacapplication-list-roleassignmentscheduleinstances.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) objects and their properties.|
-|[Get unifiedRoleAssignmentScheduleInstance](../api/unifiedroleassignmentscheduleinstance-get.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md)|Read the properties and relationships of an [unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) object.|
-|[filterByCurrentUser](../api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get a list of the [unifiedRoleAssignmentScheduleInstance](../resources/unifiedRoleAssignmentScheduleInstance.md) objects and their properties granted to a particular user.|
+|[List unifiedRoleAssignmentScheduleInstances](../api/rbacapplication-list-roleassignmentscheduleinstances.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get the instances of active role assignments.|
+|[Get unifiedRoleAssignmentScheduleInstance](../api/unifiedroleassignmentscheduleinstance-get.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md)|Get the instance of an active role assignment.|
+|[filterByCurrentUser](../api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleInstance](../resources/unifiedroleassignmentscheduleinstance.md) collection|Get the instances of active role assignments for the calling principal.|
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
-|assignmentType|String|Type of the assignment. It can either be `Assigned` or `Activated`.|
-|createdDateTime|DateTimeOffset|Time that the schedule was created.|
-|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|endDateTime|DateTimeOffset|Time that the roleAssignmentInstance will expire|
-|id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|memberType|String|Membership type of the assignment. It can either be `Inherited`, `Direct`, or `Group`.|
-|principalId|String|Identifier of the principal to which the assignment is being granted to. Can be a group or a user. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|roleAssignmentOriginId|String|ID of the roleAssignment in the directory|
-|roleAssignmentScheduleId|String|ID of the parent roleAssignmentSchedule for this instance|
-|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md). <br> Supports `$filter` (`eq`).|
-|startDateTime|DateTimeOffset|Time that the roleAssignmentInstance will start|
+|appScopeId|String|Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Supports `$filter` (`eq`, `ne`, and on `null` values). Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
+|assignmentType|String|Type of the assignment which can either be `Assigned` or `Activated`. Supports `$filter` (`eq`, `ne`).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Supports `$filter` (`eq`, `ne`, and on `null` values). Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md).|
+|endDateTime|DateTimeOffset| The end date of the schedule instance.|
+|id|String|The unique identifier for the **unifiedRoleAssignmentScheduleInstance** object. Inherited from [entity](../resources/entity.md).|
+|memberType|String|How the assignments is inherited. It can either be `Inherited`, `Direct`, or `Group`. It can further imply whether the **unifiedRoleAssignmentSchedule** can be managed by the caller. Supports `$filter` (`eq`, `ne`).|
+|principalId|String|Identifier of the principal that has been granted the role assignment. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md). Supports `$filter` (`eq`, `ne`). |
+|roleAssignmentOriginId|String|The identifier of the role assignment in Azure AD.|
+|roleAssignmentScheduleId|String|The identifier of the **unifiedRoleAssignmentSchedule** object from which this instance was created.|
+|roleDefinitionId|String|The identifier of the [unifiedRoleDefinition](unifiedroledefinition.md) object that is being assigned to the principal. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md). Supports `$filter` (`eq`, `ne`).|
+|startDateTime|DateTimeOffset|When this instance starts.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|activatedUsing|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md)|If the roleAssignmentScheduleInstance is activated by a roleEligibilityScheduleRequest, this is the link to the related schedule instance.|
-|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
-|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. Inherited from [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md)|
+|activatedUsing|[unifiedRoleEligibilityScheduleInstance](../resources/unifiedroleeligibilityscheduleinstance.md)|If the request is from an eligible administrator to activate a role, this parameter will show the related eligible assignment for that activation. Otherwise, it is `null`. Supports `$expand`.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app-specific scope when the assignment is scoped to an app. Nullable. Supports `$expand`.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment. Read-only. Supports `$expand`.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that's getting a role assignment through the request. Supports `$expand`.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Detailed information for the roleDefinition object that is referenced through the **roleDefinitionId** property. Supports `$expand`.|
## JSON representation The following is a JSON representation of the resource.
v1.0 Unifiedroleassignmentschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleassignmentschedulerequest.md
Title: "unifiedRoleAssignmentScheduleRequest resource type"
-description: "Represents the request for active role assignment operations through Azure AD Privileged Identity Management."
+description: "In PIM, represents a request for an active role assignment to a principal. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Represents the request for active role assignment operations through Azure Active Directory (Azure AD) Privileged Identity Management.
+I PIM, represents a request for an active role assignment to a principal. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment. Inherits from [request](../resources/request.md).
-**unifiedRoleAssignmentScheduleRequest** is a ticket-modeled entity used to manage the lifecycle of active role assignments in the directory. It represents the intention or decision of the users and administrators, and also provides the flexibility to enable implementation of recurrent scheduling, approval gates, and so on, as compared to directly exposing `POST`, `PUT`, and `DELETE` operations on `unifiedRoleAssignmentSchedule` and `unifiedRoleAssignmentInstance`.
-
-Administrators can use `unifiedRoleAssignmentScheduleRequest` to create active role assignments with or without start and end time. While an admin can use it to create a request to activate an eligible role assignment represented by [unifiedRoleEligibilityScheduleRequest](unifiedroleeligibilityschedulerequest.md).
-
-Inherits from [request](request.md).
+For more information about PIM scenarios you can define through the **unifiedRoleAssignmentScheduleRequest** resource type, see [Overview of role management through the privileged identity management (PIM) API](privilegedidentitymanagementv3-overview.md).
## Methods |Method|Return type|Description| |:|:|:|
-|[List unifiedRoleAssignmentScheduleRequests](../api/rbacapplication-list-roleassignmentschedulerequests.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection|Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties.|
-|[Create unifiedRoleAssignmentScheduleRequest](../api/rbacapplication-post-roleassignmentschedulerequests.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Create a new [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
-|[Get unifiedRoleAssignmentScheduleRequest](../api/unifiedroleassignmentschedulerequest-get.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Read the properties and relationships of an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
-|[filterByCurrentUser](../api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection|Get a list of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) objects and their properties that are related to a particular user.|
-|[cancel](../api/unifiedroleassignmentschedulerequest-cancel.md)|None|Cancels a [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) immediately and marks it for deletion in 30 days|
+|[List unifiedRoleAssignmentScheduleRequests](../api/rbacapplication-list-roleassignmentschedulerequests.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection| Retrieve the requests for active role assignments made through the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
+|[Create unifiedRoleAssignmentScheduleRequest](../api/rbacapplication-post-roleassignmentschedulerequests.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Create a request for an active and persistent role assignment or activate, deactivate, extend, or renew an eligible role assignment.|
+|[Get unifiedRoleAssignmentScheduleRequest](../api/unifiedroleassignmentschedulerequest-get.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md)|Retrieve a request for an active role assignment made through the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object.|
+|[cancel](../api/unifiedroleassignmentschedulerequest-cancel.md)|None| Cancel a request for an active role assignment. |
+|[filterByCurrentUser](../api/unifiedroleassignmentschedulerequest-filterbycurrentuser.md)|[unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) collection| Retrieve the requests for active role assignments for a particular principal.|
## Properties |Property|Type|Description| |:|:|:|
-|action|String|Represents the type of the operation on the role assignment. The possible values are: <ul><li>`AdminAssign`: For administrators to assign roles to users or groups.</li><li>`AdminRemove`: For administrators to remove users or groups from roles.</li><li> `AdminUpdate`: For administrators to change existing role assignments.</li><li>`AdminExtend`: For administrators to extend expiring assignments.</li><li>`AdminRenew`: For administrators to renew expired assignments.</li><li>`SelfActivate`: For users to activate their assignments.</li><li>`SelfDeactivate`: For users to deactivate their active assignments.</li><li>`SelfExtend`: For users to request to extend their expiring assignments.</li><li>`SelfRenew`: For users to request to renew their expired assignments.</li></ul>|
-|approvalId|String|The identifier of the approval of the request. Inherited from [request](request.md).|
-|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
-|completedDateTime|DateTimeOffset|The request completion date time. Inherited from [request](request.md).|
-|createdBy|[identitySet](identityset.md)|The user who created this request. Inherited from [request](request.md).|
-|createdDateTime|DateTimeOffset|The request creation date time. Inherited from [request](request.md).|
-|customData|String|Free text field to define any custom data for the request. Not used. Inherited from [request](request.md).|
-|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
-|id|String|The unique identifier for the unifiedRoleAssignmentScheduleRequest. Key, not nullable, Read-only.|
-|isValidationOnly|Boolean|A boolean that determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
-|justification|String|A message provided by users and administrators when create the request about why it is needed.|
-|principalId|String| Identifier of the principal to which the assignment is being granted to.|
-|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only.|
-|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The schedule object of the role assignment request.|
-|status|String|The schedule object of the role assignment request. Inherited from [request](request.md).|
-|targetScheduleId|String|Identifier of the schedule object attached to the assignment.|
-|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|The ticketInfo object attached to the role assignment request which includes details of the ticket number and ticket system.|
+|action|String|Represents the type of the operation on the role assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`, `selfExtend`, `selfRenew`, `unknownFutureValue`. <br/><ul><li>`adminAssign`: For administrators to assign roles to principals.</li><li>`adminRemove`: For administrators to remove principals from roles.</li><li> `adminUpdate`: For administrators to change existing role assignments.</li><li>`adminExtend`: For administrators to extend expiring assignments.</li><li>`adminRenew`: For administrators to renew expired assignments.</li><li>`selfActivate`: For principals to activate their assignments.</li><li>`selfDeactivate`: For principals to deactivate their active assignments.</li><li>`selfExtend`: For principals to request to extend their expiring assignments.</li><li>`selfRenew`: For principals to request to renew their expired assignments.</li></ul>|
+|approvalId|String|The identifier of the approval of the request. Inherited from [request](../resources/request.md).|
+|appScopeId|String|Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Supports `$filter` (`eq`, `ne`, and on `null` values).|
+|completedDateTime|DateTimeOffset|The request completion date time. Inherited from [request](../resources/request.md).|
+|createdBy|[identitySet](../resources/identityset.md)|The principal that created this request. Inherited from [request](../resources/request.md). Read-only. Supports `$filter` (`eq`, `ne`, and on `null` values).|
+|createdDateTime|DateTimeOffset|The request creation date time. Inherited from [request](../resources/request.md). Read-only.|
+|customData|String|Free text field to define any custom data for the request. Not used. Inherited from [request](../resources/request.md).|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Supports `$filter` (`eq`, `ne`, and on `null` values).|
+|id|String|The unique identifier for the **unifiedRoleAssignmentScheduleRequest** object. Key, not nullable, Read-only. Inherited from [entity](../resources/entity.md). Supports `$filter` (`eq`, `ne`).|
+|isValidationOnly|Boolean|Determines whether the call is a validation or an actual call. Only set this property if you want to check whether an activation is subject to additional rules like MFA before actually submitting the request.|
+|justification|String|A message provided by users and administrators when create they create the **unifiedRoleAssignmentScheduleRequest** object.|
+|principalId|String|Identifier of the principal that has been granted the assignment. Supports `$filter` (`eq`, `ne`).|
+|roleDefinitionId|String|Identifier of the [unifiedRoleDefinition](unifiedroledefinition.md) object that is being assigned to the principal. Supports `$filter` (`eq`, `ne`).|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The period of the role assignment. Recurring schedules are currently unsupported.|
+|status|String|The status of the role assignment request. Inherited from [request](../resources/request.md). Read-only. Supports `$filter` (`eq`, `ne`).|
+|targetScheduleId|String|Identifier of the schedule object that's linked to the assignment request. Supports `$filter` (`eq`, `ne`).|
+|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|Ticket details linked to the role assignment request including details of the ticket number and ticket system.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the request is from an eligible administrator to activate a role, this parameter will show the related eligible assignment for that activation.|
-|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity.|
-|directoryScope|[directoryObject](../resources/directoryobject.md)|Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. |
-|principal|[directoryObject](../resources/directoryobject.md)|Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
-|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded.|
-|targetSchedule|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)| Property indicating the schedule for an eligible role assignment. |
+|activatedUsing|[unifiedRoleEligibilitySchedule](../resources/unifiedroleeligibilityschedule.md)|If the request is from an eligible administrator to activate a role, this parameter will show the related eligible assignment for that activation. Otherwise, it's `null`. Supports `$expand`.|
+|appScope|[appScope](../resources/appscope.md)| Read-only property with details of the app-specific scope when the assignment is scoped to an app. Nullable. Supports `$expand`.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment. Read-only. Supports `$expand`.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that's getting a role assignment through the request. Supports `$expand`.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)| Detailed information for the [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object that is referenced through the **roleDefinitionId** property. Supports `$expand`.|
+|targetSchedule|[unifiedRoleAssignmentSchedule](../resources/unifiedroleassignmentschedule.md)|The schedule for an eligible role assignment that is referenced through the **targetScheduleId** property. Supports `$expand`.|
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
{ "@odata.type": "#microsoft.graph.unifiedRoleAssignmentScheduleRequest", "id": "String (identifier)",
+ "status": "String",
+ "completedDateTime": "String (timestamp)",
+ "createdDateTime": "String (timestamp)",
+ "approvalId": "String",
+ "customData": "String",
+ "createdBy": {
+ "@odata.type": "microsoft.graph.identitySet"
+ },
"action": "String", "principalId": "String", "roleDefinitionId": "String",
v1.0 Unifiedrolemanagementpolicy https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicy.md
Title: "unifiedRoleManagementPolicy resource type"
-description: "A unifiedRoleManagementPolicy specifies the various policies associated with a scope and role definition. It is derived from microsoft.graph.policyBase."
+description: "Specifies the various policies associated with scopes and roles."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicy specifies the various policies associated with a Azure AD scope and role definition. It is derived from [entity](entity.md). For policies that apply to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies).
+Specifies the various policies associated with scopes and roles. For policies that apply to Azure RBAC, use the [Azure REST PIM API for role management policies](/rest/api/authorization/role-management-policies).
+
+Currently, all policies and associated rules are read-only.
+
+Inherits from [entity](../resources/entity.md).
## Methods |Method|Return type|Description| |:|:|:|
-|[List unifiedRoleManagementPolicies](../api/policyroot-list-rolemanagementpolicies.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection|Get a list of the [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) objects and their properties.|
-|[Get unifiedRoleManagementPolicy](../api/unifiedrolemanagementpolicy-get.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md)|Read the properties and relationships of an [unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) object given the scope.|
-|[List rules](../api/unifiedrolemanagementpolicy-list-rules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the unifiedRoleManagementPolicyRule resources from the rules navigation property.|
-|[Get rules](../api/unifiedrolemanagementpolicyrule-get.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the rules for a unifiedRoleManagementPolicyRule object.|
-|[Update rules](../api/unifiedrolemanagementpolicyrule-update.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Update the rules for a unifiedRoleManagementPolicyRule object.|
-<!--unsurface effectiveRules because it hasn't been implemented
-|[List effectiveRules](../api/unifiedrolemanagementpolicy-list-effectiverules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the unifiedRoleManagementPolicyRule resources from the effectiveRules navigation property.|
>
+|[List unifiedRoleManagementPolicies](../api/policyroot-list-rolemanagementpolicies.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md) collection|Get role management policies and their details.|
+|[Get unifiedRoleManagementPolicy](../api/unifiedrolemanagementpolicy-get.md)|[unifiedRoleManagementPolicy](../resources/unifiedrolemanagementpolicy.md)|Retrieve the details of a role management policy.|
+|[List rules](../api/unifiedrolemanagementpolicy-list-rules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get the rules defined for a role management policy.|
+|[Get unifiedRoleManagementPolicyRule](../api/unifiedrolemanagementpolicyrule-get.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|Retrieve a rule defined for a role management policy.|
+ ## Properties+ |Property|Type|Description| |:|:|:| |description|String|Description for the policy.| |displayName|String|Display name for the policy.| |id|String|Unique identifier for the policy.|
-|isOrganizationDefault|Boolean|This can only be set to true for a single tenant wide policy which will apply to all scopes and roles. Set the scopeId to "/" and scopeType to Directory.|
+|isOrganizationDefault|Boolean|This can only be set to `true` for a single tenant-wide policy which will apply to all scopes and roles. Set the scopeId to `/` and scopeType to `Directory`. Supports `$filter` (`eq`, `ne`).|
|lastModifiedBy|[identity](../resources/identity.md)|The identity who last modified the role setting.| |lastModifiedDateTime|DateTimeOffset|The time when the role setting was last modified.|
-|scopeId|String|The id of the scope where the policy is created. Can be `/` for the tenant or a group ID. Required.|
+|scopeId|String|The identifier of the scope where the policy is created. Can be `/` for the tenant or a group ID. Required.|
|scopeType|String|The type of the scope where the policy is created. One of `Directory`, `DirectoryRole`. Required.| ## Relationships |Relationship|Type|Description| |:|:|:|
-|effectiveRules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|**Not implemented.** The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval.|
-|rules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|The collection of rules like approval rules and expiration rules.|
+|effectiveRules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection| The list of effective rules like approval rules and expiration rules evaluated based on inherited referenced rules. For example, if there is a tenant-wide policy to enforce enabling an approval rule, the effective rule will be to enable approval even if the policy has a rule to disable approval. Supports `$expand`.|
+|rules|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|The collection of rules like approval rules and expiration rules. Supports `$expand`.|
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleManagementPolicy",
+ "baseType": "microsoft.graph.entity",
"openType": false } -->
The following is a JSON representation of the resource.
} } ```-
v1.0 Unifiedrolemanagementpolicyapprovalrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyapprovalrule.md
Title: "unifiedRoleManagementPolicyApprovalRule resource type"
-description: "A unifiedRoleManagementPolicyApprovalRule specifies the approval rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+description: "A type derived from the unifiedRoleManagementPolicyRule resource type that defines rules for approving a role assignment."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyApprovalRule specifies the approval rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
-
-Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+A type derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) resource type that defines rules for approving a role assignment.
## Properties |Property|Type|Description| |:|:|:|
-|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
-|setting|[approvalSettings](../resources/approvalsettings.md)|The approval setting for the rule.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md).|
+|setting|[approvalSettings](../resources/approvalsettings.md)|The settings for approval of the role assignment.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by the approval rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). Supports `$filter` (`eq`, `ne`).|
## Relationships None.
v1.0 Unifiedrolemanagementpolicyauthenticationcontextrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyauthenticationcontextrule.md
Title: "unifiedRoleManagementPolicyAuthenticationContextRule resource type"
-description: "A unifiedRoleManagementPolicyAuthenticationContextRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+description: "A type derived from the unifiedRoleManagementPolicyRule resource type that defines the authentication context rule for the conditional access policy associated with a role management policy."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyAuthenticationContextRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
-
-Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+A type derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) resource type that defines the authentication context rule for the conditional access policy associated with a role management policy.
## Properties |Property|Type|Description| |:|:|:|
-|claimValue|String|Value of the authentication context claim.|
-|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
-|isEnabled|Boolean|Indicates if the setting is enabled.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|claimValue|String|The value of the authentication context claim.|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md).|
+|isEnabled|Boolean| Whether this rule is enabled.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). Supports `$filter` (`eq`, `ne`).|
## Relationships None.
v1.0 Unifiedrolemanagementpolicyenablementrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyenablementrule.md
Title: "unifiedRoleManagementPolicyEnablementRule resource type"
-description: "A unifiedRoleManagementPolicyEnablementRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+description: "A type derived from the unifiedRoleManagementPolicyRule resource type that defines the rules to enable the assignment, for example, enable MFA, justification on assignments or ticketing information."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyEnablementRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+A type derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) resource type that defines the rules to enable the assignment, for example, enable MFA, justification on assignments or ticketing information.
-Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
+## Methods
+
+None.
## Properties |Property|Type|Description| |:|:|:|
-|enabledRules|String collection|The rules which are enabled. Allowed values are MultifactorAuthentication, Justification, Ticketing.|
-|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|enabledRules|String collection|The collection of rules that are enabled for this policy rule. For example, `MultiFactorAuthentication`, `Ticketing`, and `Justification`.|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md).|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by the enablement rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). Supports `$filter` (`eq`, `ne`).|
+ ## Relationships None.
v1.0 Unifiedrolemanagementpolicyexpirationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyexpirationrule.md
Title: "unifiedRoleManagementPolicyExpirationRule resource type"
-description: "A unifiedRoleManagementPolicyExpirationRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+description: "A type derived from the unifiedRoleManagementPolicyRule resource type that defines the maximum duration a role can be assigned to a principal (either through direct assignment or through activation of eligibility)."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyExpirationRule specifies the enablement rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+A type derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) resource type that defines the maximum duration a role can be assigned to a principal (either through direct assignment or through activation of eligibili
+
+## Methods
+
+None.
-Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md).
## Properties |Property|Type|Description| |:|:|:|
-|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
-|isExpirationRequired|Boolean|Indicates if expiration is required for eligibility or assignment.|
-|maximumDuration|Duration|The maximum duration allowed for eligiblity or assignment which is not permanent.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md).|
+|isExpirationRequired|Boolean|Indicates whether expiration is required or if it's a permanently active assignment or eligibility. |
+|maximumDuration|Duration| The maximum duration allowed for eligibility or assignment which is not permanent. Required when **isExpirationRequired** is `true`. |
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by the expiration rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). Supports `$filter` (`eq`, `ne`).|
## Relationships None.
v1.0 Unifiedrolemanagementpolicynotificationrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicynotificationrule.md
Title: "unifiedRoleManagementPolicyNotificationRule resource type"
-description: "A unifiedRoleManagementPolicyNotificationRule specifies the notification rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule."
+description: "A type derived from the unifiedRoleManagementPolicyRule resource type that defines the email notification rules for role assignments, activations, and approvals."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyNotificationRule specifies the notification rule associated with a role management policy. It is derived from microsoft.graph.unifiedRoleManagementPolicyRule.
+A type derived from the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) resource type that defines the email notification rules for role assignments, activations, and approvals.
Inherits from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). ## Properties |Property|Type|Description| |:|:|:|
-|id|String|Unique identifier for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
-|notificationLevel|String|The level of notification. One of None, Critical, All.|
-|notificationRecipients|String collection|The list of notification recepients like email.|
-|notificationType|String|The type of notification. One of Email.|
-|recipientType|String|The type of recipient. One of Requestor, Approver, Admin.|
-|isDefaultRecipientsEnabled|Boolean|Whether default recipient is receiving the email or not.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the rule. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md).|
+|isDefaultRecipientsEnabled|Boolean|Indicates whether a default recipient will receive the notification email.|
+|notificationLevel|String|The level of notification. The possible values are `None`, `Critical`, `All`.|
+|notificationRecipients|String collection|The list of recipients of the email notifications.|
+|notificationType|String|The type of notification. Only `Email` is supported.|
+|recipientType|String|The type of recipient of the notification. The possible values are `Requestor`, `Approver`, `Admin`.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|Defines details of the scope that's targeted by the notification rule. The details can include the principal type, the role assignment type, and actions affecting a role. Inherited from [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md). Supports `$filter` (`eq`, `ne`).|
## Relationships None.
The following is a JSON representation of the resource.
"notificationType": "String", "recipientType": "String", "notificationLevel": "String",
- "isDefaultRecipientsEnabled": true,
+ "isDefaultRecipientsEnabled": "Boolean",
"notificationRecipients": [ "String" ] }
-```
-
+```
v1.0 Unifiedrolemanagementpolicyrule https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyrule.md
Title: "unifiedRoleManagementPolicyRule resource type"
-description: "A unifiedRoleManagementPolicyRule specifies the rule associated with a role management policy. It is abstract."
+description: "An abstract type that defines the rules associated with role management policies."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyRule specifies the rule associated with a role management policy. It is abstract.
+An abstract type that defines the rules associated with role management policies. This abstract type is inherited by the following resources that define the various types of rules and their settings associated with role management policies.
++ [unifiedRoleManagementPolicyApprovalRule](unifiedrolemanagementpolicyapprovalrule.md)++ [unifiedRoleManagementPolicyAuthenticationContextRule](unifiedrolemanagementpolicyauthenticationcontextrule.md)++ [unifiedRoleManagementPolicyEnablementRule](unifiedrolemanagementpolicyenablementrule.md)++ [unifiedRoleManagementPolicyExpirationRule](unifiedrolemanagementpolicyexpirationrule.md)++ [unifiedRoleManagementPolicyNotificationRule](unifiedrolemanagementpolicynotificationrule.md)++
+Inherits from [entity](../resources/entity.md).
## Methods
-|Method|Return type|Description|
-|:|:|:|
-|[List unifiedRoleManagementPolicyRules](../api/unifiedrolemanagementpolicy-list-rules.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) collection|Get a list of the [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) objects and their properties.|
-|[Get unifiedRoleManagementPolicyRule](../api/unifiedrolemanagementpolicyrule-get.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|Read the properties and relationships of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.|
-|[Update unifiedRoleManagementPolicyRule](../api/unifiedrolemanagementpolicyrule-update.md)|[unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md)|Update the properties of an [unifiedRoleManagementPolicyRule](../resources/unifiedrolemanagementpolicyrule.md) object.|
+
+None.
## Properties |Property|Type|Description| |:|:|:|
-|id|String|Unique identifier for the rule.|
-|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)|The target for the policy rule.|
+|id|String|Identifier for the rule. Inherited from [entity](../resources/entity.md). Read-only.|
+|target|[unifiedRoleManagementPolicyRuleTarget](../resources/unifiedrolemanagementpolicyruletarget.md)| **Not implemented.** Defines details of scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role. Supports `$filter` (`eq`, `ne`).|
## Relationships None.
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRule",
+ "baseType": "microsoft.graph.entity",
"openType": false } -->
The following is a JSON representation of the resource.
"@odata.type": "microsoft.graph.unifiedRoleManagementPolicyRuleTarget" } }
-```
-
+```
v1.0 Unifiedrolemanagementpolicyruletarget https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolemanagementpolicyruletarget.md
Title: "unifiedRoleManagementPolicyRuleTarget resource type"
-description: "A unifiedRoleManagementPolicyRuleTarget specifies the target associated with the role management policy."
+description: "Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-A unifiedRoleManagementPolicyRuleTarget specifies the target associated with the role management policy.
-
+Defines details of the scope that's targeted by role management policy rule. The details can include the principal type, the role assignment type, and actions affecting a role.
## Properties+ |Property|Type|Description| |:|:|:|
-|caller|String|The caller for the policy rule target. Allowed values are: `None`, `Admin`, `EndUser`.|
-|enforcedSettings|String collection|The list of settings which are enforced and cannot be overridden by child scopes. Use `All` for all settings.|
-|inheritableSettings|String collection|The list of settings which can be inherited by child scopes. Use `All` for all settings.|
-|level|String|The level for the policy rule target. Allowed values are: `Eligibility`, `Assignment`. |
-|operations|String collection|The operations for policy rule target. Allowed values are: `All`, `Activate`, `Deactivate`, `Assign`, `Update`, `Remove`, `Extend`, `Renew`.|
+|caller|String|The type of caller that's the target of the policy rule. Allowed values are: `None`, `Admin`, `EndUser`.|
+|enforcedSettings|String collection|The list of role settings that are enforced and cannot be overridden by child scopes. Use `All` for all settings.|
+|inheritableSettings|String collection|The list of role settings that can be inherited by child scopes. Use `All` for all settings.|
+|level|String|The role assignment type that's the target of policy rule. Allowed values are: `Eligibility`, `Assignment`. |
+|operations|String collection|The role management operations that are the target of the policy rule. Allowed values are: `All`, `Activate`, `Deactivate`, `Assign`, `Update`, `Remove`, `Extend`, `Renew`.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|targetObjects|[directoryObject](../resources/directoryobject.md) collection|The collection of users, groups and servicePrincipals which are in scope of the policy. If not specified, all objects are in scope of the policy.|
+|targetObjects|[directoryObject](../resources/directoryobject.md) collection| The collection of users, groups, and service principals that are in scope of the policy. If not specified, all objects are in scope of the policy.|
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"String" ] }
-```
-
+```
v1.0 Unifiedroleschedulebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedroleschedulebase.md
Title: "unifiedRoleScheduleBase resource type"
-description: "Base property of unified role schedules that combines unified role assignment schedules and unified role eligibility schedules"
+description: "A template that exposes properties and relationships used in unifiedRoleAssignmentSchedule and unifiedRoleEligibilitySchedule resource types."
ms.localizationpriority: medium ms.prod: "governance"
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Base property of unified role schedules that combines unified role assignment schedules and unified role eligibility schedules
+A template that exposes properties and relationships used in [unifiedRoleAssignmentSchedule](unifiedroleassignmentschedule.md) and [unifiedRoleEligibilitySchedule](unifiedroleeligibilityschedule.md) resource types.
-## Properties
-| Property | Type | Description |
-| : | :- | : |
-| appScopeId | String | Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units or all users. |
-| createdDateTime | DateTimeOffset | Time that the schedule was created. |
-| createdUsing | String | Identifier of the roleAssignmentScheduleRequest that created this schedule. |
-| directoryScopeId | String | Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
-| id | String | The unique identifier for the unifiedRoleAssignmentSchedule. Key, not nullable, Read-only. |
-| modifiedDateTime | DateTimeOffset | Last time the schedule was updated. |
-| principalId | String | Identifier of the principal to which the assignment is being granted to. Supports `$filter` (`eq`). |
-| roleDefinitionId | String | Identifier of the unifiedRoleDefinition the assignment is for. Read only. Supports `$filter` (`eq`). |
-| status | String | Status for the `roleAssignmentSchedule`. It can include state related messages like `Provisioned`, `Revoked`, `Pending Provisioning`, and `Pending Approval`. Supports `$filter` (`eq`). |
+Inherits from [entity](../resources/entity.md).
-## Relationships
+## Properties
+|Property|Type|Description|
+|:|:|:|
+|appScopeId|String|Identifier of the app-specific scope when the assignment or eligibility is scoped to an app. The scope of an assignment or eligibility determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
+|createdDateTime|DateTimeOffset|When the schedule was created.|
+|createdUsing|String|Identifier of the object through which this schedule was created.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment or eligibility. The scope of an assignment or eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
+|id|String|The unique identifier for the schedule object. Inherited from [entity](../resources/entity.md).|
+|modifiedDateTime|DateTimeOffset|When the schedule was last modified.|
+|principalId|String|Identifier of the principal that has been granted the role assignment or eligibility.|
+|roleDefinitionId|String|Identifier of the [unifiedRoleDefinition](unifiedroledefinition.md) object that is being assigned to the principal or that a principal is eligible for.|
+|status|String|The status of the role assignment or eligibility request.|
-| Relationship | Type | Description |
-| :- | : | : |
-| activeInstance (Deprecated) | [unifiedRoleScheduleInstanceBase](../resources/unifiedrolescheduleinstancebase.md) | Deprecated. |
-| appScope | [appScope](../resources/appscope.md) | Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. |
-| directoryScope | [directoryObject](../resources/directoryobject.md) | Property referencing the directory object that is the scope of the assignment. Provided so that callers can get the directory object using `$expand` at the same time as getting the role assignment. Read-only. |
-| principal | [directoryObject](../resources/directoryobject.md) | Property referencing the principal that is getting a role assignment through the request. Provided so that callers can get the principal using `$expand` at the same time as getting the role assignment. Read-only. |
-| roleDefinition | [unifiedRoleDefinition](../resources/unifiedroledefinition.md) | Property indicating the roleDefinition the assignment is for. Provided so that callers can get the role definition using `$expand` at the same time as getting the role assignment. roleDefinition.Id will be auto expanded. |
+## Relationships
+|Relationship|Type|Description|
+|:|:|:|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app-specific scope when the role eligibility or assignment is scoped to an app. Nullable.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the role eligibility or assignment. Read-only.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that's getting a role assignment or that's eligible for a role through the request.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Detailed information for the roleDefinition object that is referenced through the **roleDefinitionId** property.|
## JSON representation- The following is a JSON representation of the resource.- <!-- { "blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleScheduleBase",
+ "baseType": "microsoft.graph.entity",
"openType": false } -->-
-```json
+``` json
{ "@odata.type": "#microsoft.graph.unifiedRoleScheduleBase", "id": "String (identifier)",
The following is a JSON representation of the resource.
"modifiedDateTime": "String (timestamp)", "status": "String" }
-```
+```
v1.0 Unifiedrolescheduleinstancebase https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/unifiedrolescheduleinstancebase.md
Title: "unifiedRoleScheduleInstanceBase resource type"
-description: "Base property of unified role schedule instance that combines unified role assignment schedule instance and unified role eligibility schedule instance"
+description: "A template that exposes properties and relationships used in unifiedRoleAssignmentScheduleInstance and unifiedRoleEligibilityScheduleInstance resource types."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-Base property of unified role schedule instance that combines unified role assignment schedule instances and unified role eligibility schedule instances.
+A template that exposes properties and relationships used in [unifiedRoleAssignmentScheduleInstance](unifiedroleassignmentscheduleinstance.md) and [unifiedRoleEligibilityScheduleInstance](unifiedroleeligibilityscheduleinstance.md) resource types.
++
+Inherits from [entity](../resources/entity.md).
## Properties |Property|Type|Description| |:|:|:|
-|appScopeId|String|Identifier of the app-specific scope when the assignment scope is app-specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. |
-|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. |
-|id|String|The unique identifier for the unifiedRoleAssignmentScheduleInstance. Key, not nullable, Read-only.|
-|principalId|String|Identifier of the principal to which the assignment is being granted to. Can be a group or a user. |
-|roleDefinitionId|String|Identifier of the unifiedRoleDefinition the assignment is for. Read only. <br> Supports `$filter` (`eq`).|
+|appScopeId|String|Identifier of the app-specific scope when the assignment or role eligibility is scoped to an app. The scope of an assignment or role eligibility determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units.|
+|directoryScopeId|String|Identifier of the directory object representing the scope of the assignment or role eligibility. The scope of an assignment or role eligibility determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only.|
+|id|String|The unique identifier for the schedule object. Inherited from [entity](../resources/entity.md).|
+|principalId|String|Identifier of the principal that has been granted the role assignment or that's eligible for a role.|
+|roleDefinitionId|String|Identifier of the [unifiedRoleDefinition](unifiedroledefinition.md) object that is being assigned to the principal or that the principal is eligible for.|
## Relationships |Relationship|Type|Description| |:|:|:|
-|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app specific scope when the assignment scope is app specific. Containment entity. |
-|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment. Enables the retrieval of the directory object using `$expand` at the same time as getting the role assignment. Read-only.|
-|principal|[directoryObject](../resources/directoryobject.md)|The principal that is getting a role assignment through the request. Enables the retrieval of the principal using `$expand` at the same time as getting the role assignment. Read-only.|
-|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|The roleDefinition for the assignment. Enables the retrieval of the role definition using `$expand` at the same time as getting the role assignment. The roleDefinition.Id is automatically expanded.|
+|appScope|[appScope](../resources/appscope.md)|Read-only property with details of the app-specific scope when the assignment or role eligibility is scoped to an app. Nullable.|
+|directoryScope|[directoryObject](../resources/directoryobject.md)|The directory object that is the scope of the assignment or role eligibility. Read-only.|
+|principal|[directoryObject](../resources/directoryobject.md)|The principal that's getting a role assignment or role eligibility through the request.|
+|roleDefinition|[unifiedRoleDefinition](../resources/unifiedroledefinition.md)|Detailed information for the roleDefinition object that is referenced through the **roleDefinitionId** property.|
## JSON representation The following is a JSON representation of the resource.
The following is a JSON representation of the resource.
"blockType": "resource", "keyProperty": "id", "@odata.type": "microsoft.graph.unifiedRoleScheduleInstanceBase",
+ "baseType": "microsoft.graph.entity",
"openType": false } -->
The following is a JSON representation of the resource.
"directoryScopeId": "String", "appScopeId": "String" }
-```
+```
v1.0 Administrativeunit Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-delete-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To remove a member from an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Delete Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-delete-scopedrolemembers.md
Title: "Remove a scopedRoleMember"
-description: "Remove a scoped-role member from an adminstrative unit."
+description: "Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
doc_type: apiPageType
Namespace: microsoft.graph
-Remove a scoped-role member from an adminstrative unit.
+Remove an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | RoleManagement.ReadWrite.Directory |
+To remove a role assignment from an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-delete.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To delete an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Get Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-get-scopedrolemembers.md
Title: "Get a scopedRoleMember"
-description: "Retrieve a specific scopedRoleMembership resource."
+description: "Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
doc_type: apiPageType
Namespace: microsoft.graph
-Retrieve a specific [scopedRoleMembership](../resources/scopedrolemembership.md) resource.
+Get an Azure Active Directory (Azure AD) role assignment with administrative unit scope.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Administrativeunit List Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-list-scopedrolemembers.md
Title: "List scopedRoleMembers"
-description: "Retrieve a list of scopedRoleMembership resources."
+description: "List Azure Active Directory (Azure AD) role assignments with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
doc_type: apiPageType
Namespace: microsoft.graph
-Retrieve a list of [scopedRoleMembership](../resources/scopedrolemembership.md) resources.
+List Azure Active Directory (Azure AD) role assignments with administrative unit scope.
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Administrativeunit Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-post-members.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To add a member to an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Post Scopedrolemembers https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-post-scopedrolemembers.md
Title: "Add a scopedRoleMember"
-description: "Add a new scopedRoleMembership. NOTE: Only the *User account administrator* and *Helpdesk administrator* roles are currently supported for scoped-role memberships."
+description: "Assign an Azure Active Directory (Azure AD) role with administrative unit scope."
ms.localizationpriority: medium ms.prod: "directory-management"
doc_type: apiPageType
Namespace: microsoft.graph
-Add a new [scopedRoleMembership](../resources/scopedrolemembership.md). NOTE: Only the *User account administrator* and *Helpdesk administrator* roles are currently supported for scoped-role memberships.
+Assign an Azure Active Directory (Azure AD) role with administrative unit scope. For a list of roles that can be assigned with administrative unit scope, see [Assign Azure AD roles with administrative unit scope](/azure/active-directory/roles/admin-units-assign-roles).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | RoleManagement.ReadWrite.Directory |
+To assign Azure AD roles with an administrative unit scope, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Administrativeunit Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/administrativeunit-update.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To update an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Directory Post Administrativeunits https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/directory-post-administrativeunits.md
One of the following permissions is required to call this API. To learn more, in
|Delegated (personal Microsoft account) | Not supported. | |Application | AdministrativeUnit.ReadWrite.All |
+To create an administrative unit, the calling principal must be assigned one of the following [Azure AD roles](/azure/active-directory/roles/permissions-reference):
+
+* Privileged Role Administrator
+* Global Administrator
+ ## HTTP request <!-- { "blockType": "ignored" } --> ```http
v1.0 Group Delete Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/group-delete-members.md
One of the following permissions is required to call this API. To learn more, in
DELETE /groups/{id}/members/{id}/$ref ```
+> [!IMPORTANT]
+> If `/$ref` is not appended to the request, the user will be deleted from Azure Active Directory (Azure AD) if the appropriate permissions are used; otherwise, a `403 Forbidden` error is returned.
+ ## Request headers | Name | Description |
v1.0 Rbacapplication List Roleassignmentschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/rbacapplication-list-roleassignmentschedulerequests.md
Title: "List roleAssignmentScheduleRequests"
-description: "In PIM, retrieve the requests for active role assignments to principals made through the unifiedRoleAssignmentScheduleRequest object."
+description: "Retrieve the requests for active role assignments to principals made through the PIM unifiedRoleAssignmentScheduleRequest object or the role assignments API."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: apiPageType
# List roleAssignmentScheduleRequests Namespace: microsoft.graph
-In PIM, retrieve the requests for active role assignments to principals. The active assignments include those made through [assignments and activation requests](rbacapplication-post-roleassignmentschedulerequests.md), and directly through the [role assignments API](../resources/unifiedroleassignment.md). The role assignments can be permanently active with or without an expiry date, or temporarily active after user activation of eligible assignments.
+Retrieve the requests for active role assignments to principals. The active assignments include those made through [assignments and activation requests](rbacapplication-post-roleassignmentschedulerequests.md), and directly through the [role assignments API](../resources/unifiedroleassignment.md). The role assignments can be permanently active with or without an expiry date, or temporarily active after user activation of eligible assignments.
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
v1.0 Rbacapplication Post Roleassignmentschedulerequests https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/rbacapplication-post-roleassignmentschedulerequests.md
POST /roleManagement/directory/roleAssignmentScheduleRequests
|Content-Type|application/json. Required.| ## Request body+ In the request body, supply a JSON representation of the [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object. You can specify the following properties when creating an **unifiedRoleAssignmentScheduleRequest**.
You can specify the following properties when creating an **unifiedRoleAssignmen
|roleDefinitionId|String|Identifier of the [unifiedRoleDefinition](../resources/unifiedroledefinition.md) object that is being assigned. Required.| |directoryScopeId|String|Identifier of the directory object representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. Use `/` for tenant-wide scope. Use **appScopeId** to limit the scope to an application only. Either **directoryScopeId** or **appScopeId** is required.| |appScopeId|String|Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Either **directoryScopeId** or **appScopeId** is required.|
-|justification|String|A message provided by users and administrators when create they create the **unifiedRoleAssignmentScheduleRequest** object. Optional. Whether this property is required or optional is also dependent on the [settings for the Azure AD role](../api/unifiedrolemanagementpolicy-list-rules.md).|
-|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The period of the role assignment request. Required. The period of assignment is dependent on the [settings of the Azure AD role](../api/unifiedrolemanagementpolicy-list-rules.md).|
+|justification|String|A message provided by users and administrators when create they create the **unifiedRoleAssignmentScheduleRequest** object. Optional.|
+|scheduleInfo|[requestSchedule](../resources/requestschedule.md)|The period of the role assignment request. Recurring schedules are currently unsupported. Required.|
|ticketInfo|[ticketInfo](../resources/ticketinfo.md)|Ticket details linked to the role assignment request including details of the ticket number and ticket system. Optional.| - ## Response If successful, this method returns a `201 Created` response code and an [unifiedRoleAssignmentScheduleRequest](../resources/unifiedroleassignmentschedulerequest.md) object in the response body.
v1.0 Signin Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/signin-get.md
In addition to the delegated permissions, the signed-in user needs to belong to
+ Security Operator + Security Reader + ## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Signin List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/signin-list.md
In addition to the delegated permissions, the signed-in user needs to belong to
+ Security Operator + Security Reader + ## HTTP request <!-- { "blockType": "ignored" } -->
v1.0 Subscription Delete https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-delete.md
Depending on the resource and the permission type (delegated or application) req
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application | |:--|:--|:--|:--| |[callRecord](../resources/callrecords-callrecord.md) | Not supported. | Not supported. | CallRecords.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
|[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All | Not supported. | ChannelMessage.Read.Group*, ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/teams/getAllMessages -- all channel messages in organization) | Not supported. | Not supported. | ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/{id}/messages) | Not supported. | Not supported. | Chat.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/getAllMessages -- all chat messages in organization) | Not supported. | Not supported. | Chat.Read.All | |[contact](../resources/contact.md) | Contacts.Read | Contacts.Read | Contacts.Read |
+|[conversationMember](../resources/conversationmember.md) (/chats/getAllMembers) | Not supported | Not supported | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/chats/{id}/members) | ChatMember.Read, ChatMember.ReadWrite, Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatMember.Read.Chat*, Chat.Manage.Chat*, ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/members) | TeamMember.Read.All | Not supported | TeamMember.Read.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/channels/getAllMembers) | Not supported | Not supported | ChannelMember.Read.All |
|[driveItem](../resources/driveitem.md) (user's personal OneDrive) | Not supported. | Files.ReadWrite | Not supported. | |[driveItem](../resources/driveitem.md) (OneDrive for Business) | Files.ReadWrite.All | Not supported. | Files.ReadWrite.All | |[event](../resources/event.md) | Calendars.Read | Calendars.Read | Calendars.Read |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported. | Not supported. | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported. | Not supported. | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported. | SecurityEvents.ReadWrite.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-get.md
Depending on the resource and the permission type (delegated or application) req
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application | |:--|:--|:--|:--| |[callRecord](../resources/callrecords-callrecord.md) | Not supported | Not supported | CallRecords.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
|[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/teams/getAllMessages -- all channel messages in organization) | Not supported | Not supported | ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/{id}/messages) | Not supported | Not supported | Chat.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/getAllMessages -- all chat messages in organization) | Not supported | Not supported | Chat.Read.All | |[contact](../resources/contact.md) | Contacts.Read | Contacts.Read | Contacts.Read |
+|[conversationMember](../resources/conversationmember.md) (/chats/getAllMembers) | Not supported | Not supported | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/chats/{id}/members) | ChatMember.Read, ChatMember.ReadWrite, Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatMember.Read.Chat*, Chat.Manage.Chat*, ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/members) | TeamMember.Read.All | Not supported | TeamMember.Read.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/channels/getAllMembers) | Not supported | Not supported | ChannelMember.Read.All |
|[driveItem](../resources/driveitem.md) (user's personal OneDrive) | Not supported | Files.ReadWrite | Not supported | |[driveItem](../resources/driveitem.md) (OneDrive for Business) | Files.ReadWrite.All | Not supported | Files.ReadWrite.All | |[event](../resources/event.md) | Calendars.Read | Calendars.Read | Calendars.Read |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription List https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-list.md
This API supports the following permission scopes; to learn more, including how
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application | |:--|:--|:--|:--| |[callRecord](../resources/callrecords-callrecord.md) (/communications/callRecords) | Not supported | Not supported | CallRecords.Read.All |
-|[channels](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
-|[channels](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All, Subscription.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All, Subscription.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite, Subscription.Read.All | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All | |[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All, Group.Read.All, Group.ReadWrite.All, Subscription.Read.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/teams/getAllMessages -- all channel messages in organization) | Not supported | Not supported | ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/{id}/messages) | Chat.Read, Chat.ReadWrite, Subscription.Read.All | Not supported | Chat.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/getAllMessages -- all chat messages in organization) | Not supported | Not supported | Chat.Read.All |
-|[chatMessage](../resources/chatmessage.md) (/users/{id}/chats/getAllMessages -- chat messages for all chats a particular user is part of) | Chat.Read, Chat.ReadWrite, Subscription.Read.All | Not supported | Chat.Read.All, Chat.ReadWrite.All |
|[contact](../resources/contact.md) | Contacts.Read, Subscription.Read.All | Contacts.Read, Subscription.Read.All | Contacts.Read | |[conversationMember](../resources/conversationmember.md) (/teams/{id}/channels/getAllMembers) | Not supported | Not supported | ChannelMember.Read.All | |[conversationMember](../resources/conversationmember.md) (/chats/getAllMembers) | Not supported | Not supported | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
This API supports the following permission scopes; to learn more, including how
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All, Subscription.Read.All | Not supported | SecurityEvents.ReadWrite.All |
-|[teams](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
-|[teams](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All, Subscription.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All, Subscription.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite, Subscription.Read.All | Tasks.ReadWrite, Subscription.Read.All | Not supported | |[user](../resources/user.md) | User.Read.All, Subscription.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Post Subscriptions https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-post-subscriptions.md
Depending on the resource and the permission type (delegated or application) req
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application | |:--|:--|:--|:--| |[callRecord](../resources/callrecords-callrecord.md) (/communications/callRecords) | Not supported | Not supported | CallRecords.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
|[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/teams/getAllMessages -- all channel messages in organization) | Not supported | Not supported | ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/{id}/messages) | Not supported | Not supported | Chat.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/getAllMessages -- all chat messages in organization) | Not supported | Not supported | Chat.Read.All | |[contact](../resources/contact.md) | Contacts.Read | Contacts.Read | Contacts.Read |
+|[conversationMember](../resources/conversationmember.md) (/chats/getAllMembers) | Not supported | Not supported | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/chats/{id}/members) | ChatMember.Read, ChatMember.ReadWrite, Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatMember.Read.Chat*, Chat.Manage.Chat*, ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/members) | TeamMember.Read.All | Not supported | TeamMember.Read.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/channels/getAllMembers) | Not supported | Not supported | ChannelMember.Read.All |
|[driveItem](../resources/driveitem.md) (user's personal OneDrive) | Not supported | Files.ReadWrite | Not supported | |[driveItem](../resources/driveitem.md) (OneDrive for Business) | Files.ReadWrite.All | Not supported | Files.ReadWrite.All | |[event](../resources/event.md) | Calendars.Read | Calendars.Read | Calendars.Read |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Subscription Update https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/subscription-update.md
Depending on the resource and the permission type (delegated or application) req
| Supported resource | Delegated (work or school account) | Delegated (personal Microsoft account) | Application | |:--|:--|:--|:--| |[callRecord](../resources/callrecords-callrecord.md) | Not supported | Not supported | CallRecords.Read.All |
+|[channel](../resources/channel.md) (/teams/getAllChannels ΓÇô all channels in an organization) | Not supported | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[channel](../resources/channel.md) (/teams/{id}/channels) | Channel.ReadBasic.All, ChannelSettings.Read.All | Not supported | Channel.ReadBasic.All, ChannelSettings.Read.All |
+|[chat](../resources/chat.md) (/chats ΓÇô all chats in an organization) | Not supported | Not supported | Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[chat](../resources/chat.md) (/chats/{id}) | Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatSettings.Read.Chat*, ChatSettings.ReadWrite.Chat*, Chat.Manage.Chat*, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
|[chatMessage](../resources/chatmessage.md) (/teams/{id}/channels/{id}/messages) | ChannelMessage.Read.All | Not supported | ChannelMessage.Read.Group*, ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/teams/getAllMessages -- all channel messages in organization) | Not supported | Not supported | ChannelMessage.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/{id}/messages) | Not supported | Not supported | Chat.Read.All | |[chatMessage](../resources/chatmessage.md) (/chats/getAllMessages -- all chat messages in organization) | Not supported | Not supported | Chat.Read.All | |[contact](../resources/contact.md) | Contacts.Read | Contacts.Read | Contacts.Read |
+|[conversationMember](../resources/conversationmember.md) (/chats/getAllMembers) | Not supported | Not supported | ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/chats/{id}/members) | ChatMember.Read, ChatMember.ReadWrite, Chat.ReadBasic, Chat.Read, Chat.ReadWrite | Not supported | ChatMember.Read.Chat*, Chat.Manage.Chat*, ChatMember.Read.All, ChatMember.ReadWrite.All, Chat.ReadBasic.All, Chat.Read.All, Chat.ReadWrite.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/members) | TeamMember.Read.All | Not supported | TeamMember.Read.All |
+|[conversationMember](../resources/conversationmember.md) (/teams/{id}/channels/getAllMembers) | Not supported | Not supported | ChannelMember.Read.All |
|[driveItem](../resources/driveitem.md) (user's personal OneDrive) | Not supported | Files.ReadWrite | Not supported | |[driveItem](../resources/driveitem.md) (OneDrive for Business) | Files.ReadWrite.All | Not supported | Files.ReadWrite.All | |[event](../resources/event.md) | Calendars.Read | Calendars.Read | Calendars.Read |
Depending on the resource and the permission type (delegated or application) req
|[printer](../resources/printer.md) | Not supported | Not supported | Printer.Read.All, Printer.ReadWrite.All | |[printTaskDefinition](../resources/printtaskdefinition.md) | Not supported | Not supported | PrintTaskDefinition.ReadWrite.All | |[security alert](../resources/alert.md) | SecurityEvents.ReadWrite.All | Not supported | SecurityEvents.ReadWrite.All |
+|[team](../resources/team.md) (/teams ΓÇô all teams in an organization) | Not supported | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
+|[team](../resources/team.md) (/teams/{id}) | Team.ReadBasic.All, TeamSettings.Read.All | Not supported | Team.ReadBasic.All, TeamSettings.Read.All |
|[todoTask](../resources/todotask.md) | Tasks.ReadWrite | Tasks.ReadWrite | Not supported | |[user](../resources/user.md) | User.Read.All | User.Read.All | User.Read.All |
v1.0 Unifiedroleassignmentschedule Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/unifiedroleassignmentschedule-filterbycurrentuser.md
GET /roleManagement/directory/roleAssignmentSchedules/filterByCurrentUser(on='pa
## Function parameters In the request URL, provide the following query parameters with values.
-The following table shows the parameters that can be used with this function.
+The following table shows the parameters that are required with this function.
|Parameter|Type|Description| |:|:|:|
v1.0 Unifiedroleassignmentscheduleinstance Filterbycurrentuser https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/unifiedroleassignmentscheduleinstance-filterbycurrentuser.md
GET /roleManagement/directory/roleAssignmentScheduleInstances/filterByCurrentUse
## Function parameters In the request URL, provide the following query parameters with values.
-The following table shows the parameters that can be used with this function.
+The following table shows the parameters that are required with this function.
|Parameter|Type|Description| |:|:|:|
v1.0 Workbookcomment Post Replies https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/workbookcomment-post-replies.md
Title: "Create workbookCommentReply"
description: "Use this API to create a new workbookCommentReply." ms.localizationpriority: medium doc_type: "apiPageType"
v1.0 Administrativeunit https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/administrativeunit.md
This topic provides descriptions of the declared properties and navigation prope
|[List members](../api/administrativeunit-list-members.md) |[directoryObject](directoryobject.md) collection| Get the list of (user, group, or device) members.| |[Get a member](../api/administrativeunit-get-members.md) |[directoryObject](directoryobject.md)| Get a specific member.| |[Remove a member](../api/administrativeunit-delete-members.md) |[directoryObject](directoryobject.md)| Remove a member.|
-|[Add scoped-role member](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Add a scoped-role member.|
-|[List scoped-role members](../api/administrativeunit-list-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md) collection| Get the list of scoped-role administrators.|
-|[Get a scoped-role member](../api/administrativeunit-get-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Get a specific scoped-role member.|
-|[Remove a scoped-role member](../api/administrativeunit-delete-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Remove a scoped-role member.|
+|[Add a scopedRoleMember](../api/administrativeunit-post-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Assign an Azure AD role with administrative unit scope.|
+|[List scopedRoleMembers](../api/administrativeunit-list-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md) collection| List Azure AD role assignments with administrative unit scope.|
+|[Get a scopedRoleMember](../api/administrativeunit-get-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Get an Azure AD role assignment with administrative unit scope.|
+|[Remove a scopedRoleMember](../api/administrativeunit-delete-scopedrolemembers.md) |[scopedRoleMembership](scopedrolemembership.md)| Remove an Azure AD role assignment with administrative unit scope.|
## Properties
v1.0 Averagecomparativescore https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/averagecomparativescore.md
Title: "averageComparativeScore resource type"
description: "Contains various different scores based on different scopes." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Certificationcontrol https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/certificationcontrol.md
Title: "certificationControl resource type"
description: "This resource contains compliance certification data associated with secure score control." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Controlscore https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/controlscore.md
Title: "controlScore resource type"
description: "This resource contains a tenant score and description for an individual control." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Hostsecuritystate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/hostsecuritystate.md
Title: "hostSecurityState resource type"
description: "Contains stateful information about the host (including devices, computers, and so on)." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Malwarestate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/malwarestate.md
Title: "malwareState resource type"
description: "Contains stateful information about the malware entity." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Physicaladdress https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/physicaladdress.md
Title: "physicalAddress resource type"
description: "Represents the street address of a resource such as a contact or event." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Process https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/process.md
Title: "process resource type"
description: "Contains stateful information about the process related to the alert." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Registrykeystate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/registrykeystate.md
Title: "registryKeyState resource type"
description: "Contains information about registry key changes related to the alert, and the process that changed the registry keys." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Securescore https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/securescore.md
Title: "secureScore resource type"
description: "Represents a tenant's secure score per day of scoring data, at the tenant and control level." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Securescorecontrolprofile https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/securescorecontrolprofile.md
Title: "secureScoreControlProfile resource type"
description: "Represents a tenant's secure score per control data. By default, it returns all controls for a tenant and can explicitly pull individual controls." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Securescorecontrolstateupdate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/securescorecontrolstateupdate.md
Title: "secureScoreControlStateUpdate resource type"
description: "This resource contains the history of the control states updated by user (control states include Default, Ignored, ThirdParty, Reviewed)." ms.localizationpriority: medium doc_type: resourcePageType # secureScoreControlStateUpdate resource type
v1.0 Subscription https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/subscription.md
A subscription allows a client app to receive change notifications about changes
- An [alert][] from the Microsoft Graph Security API. - A [callRecord][] produced after a call or meeting in Microsoft Teams.
+- A [channel](./channel.md) in Microsoft Teams.
+- A [chat](./chat.md) in Microsoft Teams.
- A [chatMessage][] sent via teams or channels in Microsoft Teams. - A [conversation][] in a Microsoft 365 group.
+- A [conversationMember](./conversationmember.md) in a team or channel in Microsoft Teams.
- Content in the hierarchy of a root folder [driveItem][] in OneDrive for Business, or of a root folder or subfolder [driveItem][] in a user's personal OneDrive. - A [group][] in Azure Active Directory. - A [list][] under a SharePoint [site][]. - A [message][], [event][], or [contact][] in Outlook. - A [printer][] (when a print job for the printer gets to JobFetchable state - ready to be fetched for printing) and a [printTaskDefinition][] in Universal Print. For more information, see [Subscribe to change notifications from cloud printing APIs](/graph/universal-print-webhook-notifications).
+- A [team](./team.md) in Microsoft Teams.
- A [todoTask][] of a user in Microsoft To Do.* - A [user][] in Azure Active Directory.
For the possible resource path values for each supported resource, see [Use the
|:--|:-| | Security **alert** | 43200 minutes (under 30 days) | | Teams **callRecord** | 4230 minutes (under 3 days) |
+| Teams **channel** | 60 minutes (1 hour) |
+| Teams **chat** | 60 minutes (1 hour) |
| Teams **chatMessage** | 60 minutes (1 hour) |
+| Teams **conversationMember** | 60 minutes (1 hour) |
+| Teams **team** | 60 minutes (1 hour) |
| Group **conversation** | 4230 minutes (under 3 days) | | OneDrive **driveItem** | 42300 minutes (under 30 days) | | SharePoint **list** | 42300 minutes (under 30 days) |
v1.0 Systemfacet https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/systemFacet.md
Previously updated : 09/12/2017 Title: SystemFacet
+ Title: systemFacet
ms.localizationpriority: medium
-description: "The System facet indicates that the object is managed by the system for its own operation."
+description: "The system facet indicates that the object is managed by the system for its own operation."
doc_type: resourcePageType
-# System facet
+# system facet
Namespace: microsoft.graph
-The **System** facet indicates that the object is managed by the system for its own operation.
+The **system** facet indicates that the object is managed by the system for its own operation.
Most apps should ignore items that have a System facet.
-**Note**: While this facet is empty today, in future API revisions the facet may be populated with additional properties.
+>**Note**: While this facet is empty today, in future API revisions the facet may be populated with additional properties.
## JSON representation
v1.0 Unifiedroleassignmentschedulerequest https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/unifiedroleassignmentschedulerequest.md
Title: "unifiedRoleAssignmentScheduleRequest resource type"
-description: "Represents a request for an active role assignment to a principal through PIM. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment."
+description: "In PIM, represents a request for an active role assignment to a principal. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment."
ms.localizationpriority: medium ms.prod: "governance"
doc_type: resourcePageType
Namespace: microsoft.graph
-Represents a request for an active role assignment to a principal through PIM. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment. Inherits from [request](../resources/request.md).
+In PIM, represents a request for an active role assignment to a principal. The role assignment can be permanently active with or without an expiry date, or temporarily active after activation of an eligible assignment. Inherits from [request](../resources/request.md).
For more information about PIM scenarios you can define through the **unifiedRoleAssignmentScheduleRequest** resource type, see [Overview of role management through the privileged identity management (PIM) API](privilegedidentitymanagementv3-overview.md).
For more information about PIM scenarios you can define through the **unifiedRol
## Properties |Property|Type|Description| |:|:|:|
-|action|unifiedRoleScheduleRequestActions|Represents the type of the operation on the role assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`, `selfExtend`, `selfRenew`, `unknownFutureValue`. <br/><ul><li>`adminAssign`: For administrators to assign roles to principals.</li><li>`adminRemove`: For administrators to remove principals from roles.</li><li> `adminUpdate`: For administrators to change existing role assignments.</li><li>`adminExtend`: For administrators to extend expiring assignments.</li><li>`adminRenew`: For administrators to renew expired assignments.</li><li>`selfActivate`: For principals to activate their assignments.</li><li>`selfDeactivate`: For principals to deactivate their active assignments.</li><li>`selfExtend`: For principals to request to extend their expiring assignments.</li><li>`selfRenew`: For principals to request to renew their expired assignments.</li></ul>|
+|action|String|Represents the type of the operation on the role assignment request. The possible values are: `adminAssign`, `adminUpdate`, `adminRemove`, `selfActivate`, `selfDeactivate`, `adminExtend`, `adminRenew`, `selfExtend`, `selfRenew`, `unknownFutureValue`. <br/><ul><li>`adminAssign`: For administrators to assign roles to principals.</li><li>`adminRemove`: For administrators to remove principals from roles.</li><li> `adminUpdate`: For administrators to change existing role assignments.</li><li>`adminExtend`: For administrators to extend expiring assignments.</li><li>`adminRenew`: For administrators to renew expired assignments.</li><li>`selfActivate`: For principals to activate their assignments.</li><li>`selfDeactivate`: For principals to deactivate their active assignments.</li><li>`selfExtend`: For principals to request to extend their expiring assignments.</li><li>`selfRenew`: For principals to request to renew their expired assignments.</li></ul>|
|approvalId|String|The identifier of the approval of the request. Inherited from [request](../resources/request.md).| |appScopeId|String|Identifier of the app-specific scope when the assignment is scoped to an app. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by this application only. Use `/` for tenant-wide app scopes. Use **directoryScopeId** to limit the scope to particular directory objects, for example, administrative units. Supports `$filter` (`eq`, `ne`, and on `null` values).| |completedDateTime|DateTimeOffset|The request completion date time. Inherited from [request](../resources/request.md).|
v1.0 Video https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/video.md
Previously updated : 09/10/2017 Title: Video
+ Title: video resource type
ms.localizationpriority: medium
-description: "The Video resource groups video-related data items into a single structure."
+description: "The video resource groups video-related data items into a single structure."
doc_type: resourcePageType
-# Video resource type
+# video resource type
Namespace: microsoft.graph
-The **Video** resource groups video-related data items into a single structure.
+The **video** resource groups video-related data items into a single structure.
-If a [**DriveItem**](driveitem.md) has a non-null **video** facet, the item represents a video file.
-The properties of the **Video** resource are populated by extracting metadata from the file.
+If a [**driveItem**](driveitem.md) has a non-null **video** facet, the item represents a video file.
+The properties of the **video** resource are populated by extracting metadata from the file.
## JSON representation
-Here is a JSON representation of the resource
+The following is a JSON representation of the resource.
<!-- { "blockType": "resource",
Here is a JSON representation of the resource
## Remarks
-For more information about the facets on a DriveItem, see [DriveItem](driveitem.md).
+For more information about the facets on a driveItem, see [driveItem](driveitem.md).
<!-- { "type": "#page.annotation",
v1.0 Vulnerabilitystate https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/vulnerabilitystate.md
Title: "vulnerabilityState resource type"
description: "Contains stateful information about the vulnerability." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Webhooks https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/webhooks.md
Using the Microsoft Graph API, an app can subscribe to changes on the following
|:-|:|:--| | Cloud printing [printer][] | Changes when a print job is ready to be downloaded (JobFetchable event):<br>`/print/printers/{id}/jobs` | No | | Cloud printing [printTaskDefinition][] | Changes when there is a valid job in the queue (JobStarted event) :<br>`/print/printtaskdefinition/{id}/tasks` | No |
-| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | No |
-| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | No |
-| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | No |
-| [user][] | Changes to all users:<br>`/users` <br>Changes to a specific user:<br>`/users/{id}`| No |
-| [group][] | Changes to all groups:<br>`/groups` <br>Changes to a specific group:<br>`/groups/{id}`<br>Changes to owners of a specific group:<br>`/groups/{id}/owners`<br>Changes to members of a specific group:<br>`/groups/{id}/members` | No |
-| Microsoft 365 group [conversation][] | Changes to a group's conversations:<br>`groups/{id}/conversations` | No |
| [driveItem][] on OneDrive (personal) | Changes to content within the hierarchy of _any folder_:<br>`/users/{id}/drive/root` | No | | [driveItem][] on OneDrive for Business | Changes to content within the hierarchy of the _root folder_:<br>`/drives/{id}/root`<br> `/users/{id}/drive/root` | No |
+| [group][] | Changes to all groups:<br>`/groups` <br>Changes to a specific group:<br>`/groups/{id}`<br>Changes to owners of a specific group:<br>`/groups/{id}/owners`<br>Changes to members of a specific group:<br>`/groups/{id}/members` | No |
| [list][] under a SharePoint [site][] | Changes to content within the _list_: <br>`/sites/{id}/lists/{id}` | No |
+| Microsoft 365 group [conversation][] | Changes to a group's conversations:<br>`groups/{id}/conversations` | No |
+| Outlook [message][] | Changes to all messages in a user's mailbox: <br>`/users/{id}/messages`<br>Changes to messages in a user's Inbox:<br>`/users/{id}/mailFolders('inbox')/messages` | No |
+| Outlook [event][] | Changes to all events in a user's mailbox:<br>`/users/{id}/events` | No |
+| Outlook personal [contact][] | Changes to all personal contacts in a user's mailbox:<br>`/users/{id}/contacts` | No |
| Security [alert][] | Changes to a specific alert:<br>`/security/alerts/{id}` <br>Changes to filtered alerts:<br> `/security/alerts/?$filter`| No | | Teams [callRecord][] | Changes to _all_ call records: `/communications/callRecords` | No |
+| Teams [chat][] | Changes to any chat in the tenant:<br>`/chats` <br>Changes to a specific chat:<br>`/chats/{id}` | Yes |
| Teams [chatMessage][] | Changes to chat messages in all channels in all teams:<br>`/teams/getAllMessages` <br>Changes to chat messages in a specific channel:<br>`/teams/{id}/channels/{id}/messages`<br>Changes to chat messages in all chats:<br>`/chats/getAllMessages` <br>Changes to chat messages in a specific chat:<br>`/chats/{id}/messages` | Yes |
+| Teams [channel][] | Changes to channels in all teams:<br>`/teams/getAllChannels` <br>Changes to channel in a specific team:<br>`/teams/{id}/channels` | Yes |
+| Teams [conversationMember][] | Changes to membership in a specific team:<br>`/teams/{id}/members` <br> Changes to membership in all channels under a specific team:<br>`teams/{id}/channels/getAllMembers` <br> Changes to membership in a specific chat:<br>`/chats/{id}/members` <br> Changes to membership in all chats:<br>`/teams/getAllMembers` | Yes |
+| Teams [team][] | Changes to any team in the tenant:<br>`/teams` <br>Changes to a specific team:<br>`/teams/{id}` | Yes |
| [To Do task][] | Changes to all task in a specific task list:<br>`/me/todo/lists/{todoTaskListId}/tasks`<br>Changes to all tasks:<br>`/me/todo/lists/alltasks` | No |
+| [user][] | Changes to all users:<br>`/users` <br>Changes to a specific user:<br>`/users/{id}`| No |
> **Note**: Any resource path that begins with `/users/{id}` can also accept `/me` to reference the signed-in user.
In general, subscription operations require read permission to the resource. For
| Permission type | Supported resource types | | :- | : |
-| Delegated - work or school account | [alert][], [contact][], [conversation][], [driveItem][], [list][], [event][], [group][], [message][], [todoTask][], [user][]|
-| Delegated - personal Microsoft account | [contact][], [driveItem][], [list][], [event][], [message][], [todoTask][] |
-| Application | [alert][], [contact][], [list][], [driveItem][], [event][], [group][], [message][], [user][], [callRecord][], [chatMessage][], [printer][], [printTaskDefinition][]|
+| Delegated - work or school account | [alert][], [channel][], [contact][], [conversation][], [conversationMember][], [driveItem][], [event][], [group][], [list][], [message][], [team][], [todoTask][], [user][]|
+| Delegated - personal Microsoft account | [contact][], [driveItem][], [event][], [list][], [message][], [todoTask][] |
+| Application | [alert][], [callRecord][], [channel][], [chatMessage][], [contact][], [conversationMember][], [driveItem][], [event][], [group][], [list][], [message][], [printer][], [printTaskDefinition][], [team][], [user][]|
## See also
In general, subscription operations require read permission to the resource. For
- [Update subscription](../api/subscription-update.md) - [Delete subscription](../api/subscription-delete.md)
+[chat]: ./chat.md
[chatMessage]: ./chatmessage.md [contact]: ./contact.md [conversation]: ./conversation.md
+[conversationMember]: ./conversationmember.md
+[channel]: ./channel.md
[driveItem]: ./driveitem.md [list]: ./list.md [site]: ./site.md
In general, subscription operations require read permission to the resource. For
[alert]: ./alert.md [printer]: ./printer.md [printTaskDefinition]: ./printtaskdefinition.md
+[team]: ./team.md
[To Do task]: ./todotask.md [todoTask]: ./todotask.md
v1.0 Website https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/website.md
Title: "website resource type"
description: "Represents a website." ms.localizationpriority: medium doc_type: resourcePageType
v1.0 Toc.Yml https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/toc.yml a/api-reference/v1.0/toc.yml
items:
href: api/administrativeunit-get-members.md - name: Remove a member href: api/administrativeunit-delete-members.md
- - name: Add a scoped-role administrator
+ - name: Assign a role with scope
href: api/administrativeunit-post-scopedrolemembers.md
- - name: List scoped-role administrators
+ - name: List role assignments with scope
href: api/administrativeunit-list-scopedrolemembers.md
- - name: Get a scoped-role administrator
+ - name: Get a role assignment with scope
href: api/administrativeunit-get-scopedrolemembers.md
- - name: Remove a scoped-role administrator
+ - name: Remove a role assignment with scope
href: api/administrativeunit-delete-scopedrolemembers.md - name: BitLocker recovery key href: resources/bitlockerrecoverykey.md