Updates from: 06/09/2021 03:14:24
Service Microsoft Docs article Related commit history on GitHub Change details
v1.0 Channel Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/channel-get-members.md
Content-type: application/json
Content-length: 201 {
-"@odata.context": "https://graph.microsoft.com/beta/$metadata#teams('ece6f0a1-7ca4-498b-be79-edf6c8fc4d82')/channels('19%3A56eb04e133944cf69e603c5dac2d292e%40thread.skype')/members/microsoft.graph.aadUserConversationMember/$entity",
-"@odata.type": "#microsoft.graph.aadUserConversationMember",
-"id": "ZWUwZjVhZTItOGJjNi00YWU1LTg0NjYtN2RhZWViYmZhMDYyIyM3Mzc2MWYwNi0yYWM5LTQ2OWMtOWYxMC0yNzlhOGNjMjY3Zjk=",
-"roles": ["owner"],
-"displayName": "John Doe",
-"userId": "8b081ef6-4792-4def-b2c9-c363a1bf41d5",
-"email": null
+ "@odata.context":"https://graph.microsoft.com/beta/$metadata#teams('ece6f0a1-7ca4-498b-be79-edf6c8fc4d82')/channels('19%3A56eb04e133944cf69e603c5dac2d292e%40thread.skype')/members/microsoft.graph.aadUserConversationMember/$entity",
+ "@odata.type":"#microsoft.graph.aadUserConversationMember",
+ "id":"ZWUwZjVhZTItOGJjNi00YWU1LTg0NjYtN2RhZWViYmZhMDYyIyM3Mzc2MWYwNi0yYWM5LTQ2OWMtOWYxMC0yNzlhOGNjMjY3Zjk=",
+ "roles":[
+ "owner"
+ ],
+ "displayName":"John Doe",
+ "userId":"8b081ef6-4792-4def-b2c9-c363a1bf41d5",
+ "email":null
}- ``` ## See also
v1.0 Directoryrole Delete Member https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-delete-member.md
Namespace: microsoft.graph
Remove a member from a directoryRole.
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /directoryRoles/{id}/members/{id}/$ref
+DELETE /directoryRoles/{role-objectId}/members/{id}/$ref
+DELETE /directoryRoles/roleTemplateId={role-templateId}/members/{id}/$ref
``` ## Request headers
Do not supply a request body for this method.
If successful, this method returns `204 No Content` response code. It does not return anything in the response body.
-## Example
+## Examples
+
+### Example 1: Remove directory role member using role objectId
-##### Request
+#### Request
-Here is an example of the request.
+In this example, replace `f8e85ed8-f66f-4058-b170-3efae8b9c6e5` with the **id** value of the directory role and `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of the user or directory object that you wish to unassign from the directory role.
# [HTTP](#tab/http) <!-- {
Here is an example of the request.
}--> ```http
-DELETE https://graph.microsoft.com/beta/directoryRoles/{id}/members/{id}/$ref
+DELETE https://graph.microsoft.com/beta/directoryRoles/f8e85ed8-f66f-4058-b170-3efae8b9c6e5/members/bb165b45-151c-4cf6-9911-cd7188912848/$ref
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/delete-directoryobject-from-directoryrole-csharp-snippets.md)]
DELETE https://graph.microsoft.com/beta/directoryRoles/{id}/members/{id}/$ref
-##### Response
+#### Response
+<!-- {
+ "blockType": "response",
+ "truncated": true
+} -->
+
+```http
+HTTP/1.1 204 No Content
+```
+
+### Example 2: Remove directory role member using role templateId
+
+#### Request
+
+Here is an example of the request. Replace `9f06204d-73c1-4d4c-880a-6edb90606fd8` with the value of your roleTemplateId and `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of your user of directory object.
+
+<!-- {
+ "blockType": "request",
+ "name": "delete_directoryobject_from_directoryrole_templateId"
+}-->
+
+```http
+DELETE https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=9f06204d-73c1-4d4c-880a-6edb90606fd8/members/bb165b45-151c-4cf6-9911-cd7188912848/$ref
+```
+
-Here is an example of the response.
+#### Response
<!-- { "blockType": "response", "truncated": true
v1.0 Directoryrole Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-get.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Retrieve the properties of a directoryRole object.+
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-GET /directoryRoles/{id}
+GET /directoryRoles/{role-objectId}
+GET /directoryRoles/roleTemplateId={role-templateId}
``` ## Optional query parameters
-This method does **not** support the [OData Query Parameters](/graph/query-parameters) to help customize the response (e.g. $filter is not supported here).
+This method does **not** support any [OData Query Parameters](/graph/query-parameters) to help customize the response (for example, `$filter` is not supported here).
## Request headers | Name | Type | Description|
Do not supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and [directoryRole](../resources/directoryrole.md) object in the response body.
-## Example
-##### Request
+## Examples
+
+### Example 1: Get the definition of a directory role using role objectId
+#### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"name": "get_directoryrole" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/directoryRoles/{id}
+GET https://graph.microsoft.com/beta/directoryRoles/fe8f10bf-c9c2-47eb-95cb-c26cc85f1830
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-directoryrole-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/directoryRoles/{id}
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.directoryRole"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryRoles/$entity",
+ "id": "fe8f10bf-c9c2-47eb-95cb-c26cc85f1830",
+ "deletedDateTime": null,
+ "description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
+ "displayName": "Directory Readers",
+ "roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
+}
+```
++
+### Example 2: Get the definition of a directory role using role templateId
+#### Request
+Here is an example of the request.
++
+<!-- {
+ "blockType": "request",
+ "name": "get_directoryrole_templateId"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/directoryRoles/roleTemplateId=88d8e3e3-8f55-4a1e-953a-9b9898b8876b
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Here is an example of the response. Note: The response object shown here might b
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 142
{
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryRoles/$entity",
+ "id": "fe8f10bf-c9c2-47eb-95cb-c26cc85f1830",
+ "deletedDateTime": null,
+ "description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
+ "displayName": "Directory Readers",
+ "roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
} ```
v1.0 Directoryrole List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-list-members.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Retrieve a list of the users that are assigned to the directory role. Only users can be assigned to a directory role.+
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-GET /directoryRoles/{id}/members
+GET /directoryRoles/{role-objectId}/members
+GET /directoryRoles/roleTemplateId={role-templateId}/members
``` ## Optional query parameters This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
Do not supply a request body for this method.
## Response If successful, this method returns a `200 OK` response code and collection of [directoryObject](../resources/directoryobject.md) objects in the response body.
-## Example
-##### Request
+## Examples
+
+### Example 1: Get the members of a directory role using role objectId
+
+#### Request
Here is an example of the request. # [HTTP](#tab/http)
Here is an example of the request.
"name": "get_directoryrole_members" }--> ```msgraph-interactive
-GET https://graph.microsoft.com/beta/directoryRoles/{id}/members
+GET https://graph.microsoft.com/beta/directoryRoles/23f3b4b4-8a29-4420-8052-e4950273bbda/members
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/get-directoryrole-members-csharp-snippets.md)]
GET https://graph.microsoft.com/beta/directoryRoles/{id}/members
-##### Response
-Here is an example of the response. Note: The response object shown here might be shortened for readability.
+#### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+ "blockType": "response",
+ "truncated": true,
+ "@odata.type": "microsoft.graph.directoryObject",
+ "isCollection": true
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "value": [
+ {
+ "businessPhones":["000-000-0000"],
+ "displayName":"Adele Vance",
+ "givenName":"Adele",
+ "jobTitle":null,
+ "mail":"AdeleV@contoso.com",
+ "officeLocation":null,
+ "preferredLanguage":"en-US",
+ "surname":"Vance",
+ "userPrincipalName":"AdeleV@contoso.com"
+ }
+ ]
+}
+```
+
+### Example 2: Get the members of a directory role using role templateId
+
+#### Request
+Here is an example of the request.
+
+<!-- {
+ "blockType": "request",
+ "name": "get_directoryrole_members_templateId"
+}-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/directoryRoles/roleTemplateId=4a5d8f65-41da-4de4-8968-e035b65339cf/members
+```
+
+#### Response
+>**Note:** The response object shown here might be shortened for readability.
<!-- { "blockType": "response", "truncated": true,
Here is an example of the response. Note: The response object shown here might b
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 55
{ "value": [ {
- "id": "id-value"
+ "businessPhones":["000-000-0000"],
+ "displayName":"Adele Vance",
+ "givenName":"Adele",
+ "jobTitle":null,
+ "mail":"AdeleV@contoso.com",
+ "officeLocation":null,
+ "preferredLanguage":"en-US",
+ "surname":"Vance",
+ "userPrincipalName":"AdeleV@contoso.com"
} ] }
v1.0 Directoryrole List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-list.md
Here is an example of the response. Note: The response object shown here might b
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 187
{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryRoles",
"value": [ {
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value",
- "id": "id-value"
+ "id": "9ed3a0c4-53e1-498c-ab4d-2473476fde14",
+ "deletedDateTime": null,
+ "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
+ "displayName": "Global Administrator",
+ "roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
+ },
+ {
+ "id": "f8e85ed8-f66f-4058-b170-3efae8b9c6e5",
+ "deletedDateTime": null,
+ "description": "Device Administrators",
+ "displayName": "Azure AD Joined Device Local Administrator",
+ "roleTemplateId": "9f06204d-73c1-4d4c-880a-6edb90606fd8"
+ },
+ {
+ "id": "fe8f10bf-c9c2-47eb-95cb-c26cc85f1830",
+ "deletedDateTime": null,
+ "description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
+ "displayName": "Directory Readers",
+ "roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
} ] }
v1.0 Directoryrole Post Directoryroles https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-post-directoryroles.md
Here is an example of the request.
```http POST https://graph.microsoft.com/beta/directoryRoles Content-type: application/json
-Content-length: 153
{
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value"
+ "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
} ``` # [C#](#tab/csharp)
Here is an example of the response. Note: The response object shown here might b
```http HTTP/1.1 200 OK Content-type: application/json
-Content-length: 175
{
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryRoles/$entity",
+ "id": "76f84d30-2759-4c66-915d-65c6e4083fa0",
+ "deletedDateTime": null,
+ "description": "Can manage all aspects of users and groups, including resetting passwords for limited admins.",
+ "displayName": "User Administrator",
+ "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
} ```
v1.0 Directoryrole Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/beta/api/directoryrole-post-members.md
Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] Create a new directory role member.+
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+ ## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /directoryRoles/{id}/members/$ref
+POST /directoryRoles/{role-objectId}/members/$ref
+POST /directoryRoles/roleTemplateId={role-templateId}/members/$ref
``` ## Request headers | Name | Type | Description|
Content-length: 30
#### Response
-The following example shows the response.
<!-- { "blockType": "response"
Content-length: 30
#### Response
-The following example shows the response.
<!-- { "blockType": "response"
The following example shows the response.
HTTP/1.1 204 No content ```
+### Example 3: Add a new member to a directory role using role templateId
+#### Request
+In this request, replace `88d8e3e3-8f55-4a1e-953a-9b9898b8876b` with the value of the **roleTemplateId** for the directory role you wish to assign to the user or directory object. Replace `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of your user or directory object.
+
+<!-- {
+ "blockType": "request",
+ "name": "create_directoryobject_from_directoryrole_2_templateId"
+}-->
+```http
+POST https://graph.microsoft.com/beta/directoryRoles/roleTemplateId=88d8e3e3-8f55-4a1e-953a-9b9898b8876b/members/$ref
+Content-type: application/json
+Content-length: 30
+
+{
+ "@odata.id": "https://graph.microsoft.com/beta/directoryObjects/bb165b45-151c-4cf6-9911-cd7188912848"
+}
+```
+
+#### Response
+
+<!-- {
+ "blockType": "response"
+} -->
+```http
+HTTP/1.1 204 No content
+```
++ <!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79 2015-10-25 14:57:30 UTC --> <!--
v1.0 Channel Get Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/channel-get-members.md
Content-type: application/json
Content-length: 201 {
-"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#teams('ece6f0a1-7ca4-498b-be79-edf6c8fc4d82')/channels('19%3A56eb04e133944cf69e603c5dac2d292e%40thread.skype')/members/microsoft.graph.aadUserConversationMember/$entity",
-"@odata.type": "#microsoft.graph.aadUserConversationMember",
-"id": "ZWUwZjVhZTItOGJjNi00YWU1LTg0NjYtN2RhZWViYmZhMDYyIyM3Mzc2MWYwNi0yYWM5LTQ2OWMtOWYxMC0yNzlhOGNjMjY3Zjk=",
-"roles": ["owner"],
-"displayName": "John Doe",
-"userId": "8b081ef6-4792-4def-b2c9-c363a1bf41d5",
-"email": null
+ "@odata.context":"https://graph.microsoft.com/v1.0/$metadata#teams('ece6f0a1-7ca4-498b-be79-edf6c8fc4d82')/channels('19%3A56eb04e133944cf69e603c5dac2d292e%40thread.skype')/members/microsoft.graph.aadUserConversationMember/$entity",
+ "@odata.type":"#microsoft.graph.aadUserConversationMember",
+ "id":"ZWUwZjVhZTItOGJjNi00YWU1LTg0NjYtN2RhZWViYmZhMDYyIyM3Mzc2MWYwNi0yYWM5LTQ2OWMtOWYxMC0yNzlhOGNjMjY3Zjk=",
+ "roles":[
+ "owner"
+ ],
+ "displayName":"John Doe",
+ "userId":"8b081ef6-4792-4def-b2c9-c363a1bf41d5",
+ "email":null
}- ``` ## See also
v1.0 Directoryrole Delete Member https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-delete-member.md
Namespace: microsoft.graph
Remove a member from a [directoryRole](../resources/directoryrole.md).
-> [!Note]
-> You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
## Permissions
One of the following permissions is required to call this API. To learn more, in
<!-- { "blockType": "ignored" } --> ```http
-DELETE /directoryRoles/{id}/members/{id}/$ref
+DELETE /directoryRoles/{role-objectId}/members/{id}/$ref
+DELETE /directoryRoles/roleTemplateId={role-templateId}/members/{id}/$ref
``` ## Request headers
If successful, this method returns `204 No Content` response code. It does not r
### Example 1: Remove directory role member using role objectId
-##### Request
+#### Request
-Here is an example of the request.
+In this example, replace `f8e85ed8-f66f-4058-b170-3efae8b9c6e5` with the **id** value of the directory role and `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of the user or directory object that you wish to unassign from the directory role.
# [HTTP](#tab/http) <!-- {
Here is an example of the request.
}--> ```http
-DELETE https://graph.microsoft.com/v1.0/directoryRoles/{role-objectId}/members/{user-id}/$ref
+DELETE https://graph.microsoft.com/v1.0/directoryRoles/f8e85ed8-f66f-4058-b170-3efae8b9c6e5/members/bb165b45-151c-4cf6-9911-cd7188912848/$ref
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/delete-directoryobject-from-directoryrole-objectid-csharp-snippets.md)]
DELETE https://graph.microsoft.com/v1.0/directoryRoles/{role-objectId}/members/{
-##### Response
+#### Response
Here is an example of the response. <!-- {
HTTP/1.1 204 No Content
### Example 2: Remove directory role member using role templateId
-##### Request
+#### Request
-Here is an example of the request.
+Here is an example of the request. Replace `9f06204d-73c1-4d4c-880a-6edb90606fd8` with the value of your roleTemplateId and `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of your user of directory object.
# [HTTP](#tab/http) <!-- {
Here is an example of the request.
}--> ```http
-DELETE https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId={role-templateId}/members/{user-id}/$ref
+DELETE https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=9f06204d-73c1-4d4c-880a-6edb90606fd8/members/bb165b45-151c-4cf6-9911-cd7188912848/$ref
``` # [C#](#tab/csharp) [!INCLUDE [sample-code](../includes/snippets/csharp/delete-directoryobject-from-directoryrole-templateid-csharp-snippets.md)]
DELETE https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId={role-temp
-##### Response
+#### Response
Here is an example of the response. <!-- {
v1.0 Directoryrole Get https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-get.md
Namespace: microsoft.graph
Retrieve the properties of a [directoryRole](../resources/directoryrole.md) object. The role must be activated in tenant for a successful response.
-> [!Note]
-> You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-GET /directoryRoles/{id}
+GET /directoryRoles/{role-objectId}
+GET /directoryRoles/roleTemplateId={role-templateId}
``` ## Optional query parameters
-This method does **not** support the [OData Query Parameters](/graph/query-parameters) to help customize the response (e.g. $filter is not supported here).
+This method does **not** support any [OData Query Parameters](/graph/query-parameters) to help customize the response (for example, `$filter` is not supported here).
## Request headers | Name | Type | Description|
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and [directoryRole](../resources/directoryrole.md) object in the response body. ## Examples
-### Example 1: Get the definition of a directory role using objectId
-##### Request
+### Example 1: Get the definition of a directory role using role objectId
+#### Request
# [HTTP](#tab/http)
Content-type: application/json
} ```
-### Example 2: Get the definition of a directory role using templateId
-##### Request
+### Example 2: Get the definition of a directory role using role templateId
+#### Request
# [HTTP](#tab/http)
GET https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=4a5d8f65-41da
-##### Response
+#### Response
>**Note:** The response object shown here might be shortened for readability. <!-- {
v1.0 Directoryrole List Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-list-members.md
Namespace: microsoft.graph
Retrieve the list of principals that are assigned to the directory role.
-> [!Note]
-> You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-GET /directoryRoles/{id}/members
+GET /directoryRoles/{role-objectId}/members
+GET /directoryRoles/roleTemplateId={role-templateId}/members
``` ## Optional query parameters This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.
Do not supply a request body for this method.
If successful, this method returns a `200 OK` response code and collection of [directoryObject](../resources/directoryobject.md) objects in the response body. ## Examples
-### Example 1: Get the members of a directory role using objectId
+### Example 1: Get the members of a directory role using role objectId
-##### Request
+#### Request
# [HTTP](#tab/http)
GET https://graph.microsoft.com/v1.0/directoryRoles/23f3b4b4-8a29-4420-8052-e495
-##### Response
+#### Response
> **Note:** The response object shown here might be shortened for readability. <!-- { "blockType": "response",
Content-type: application/json
"value": [ { "businessPhones":["000-000-0000"],
- "displayName":"First Last",
- "givenName":"First",
+ "displayName":"Adele Vance",
+ "givenName":"Adele",
"jobTitle":null,
- "mail":"first@example.com",
+ "mail":"AdeleV@contoso.com",
"officeLocation":null, "preferredLanguage":"en-US",
- "surname":"Last",
- "userPrincipalName":"first@example.com"
+ "surname":"Vance",
+ "userPrincipalName":"AdeleV@contoso.com"
} ] } ```
-### Example 2: Get the members of a directory role using templateId
+### Example 2: Get the members of a directory role using role templateId
##### Request
Content-type: application/json
"value": [ { "businessPhones":["000-000-0000"],
- "displayName":"First Last",
- "givenName":"First",
+ "displayName":"Adele Vance",
+ "givenName":"Adele",
"jobTitle":null,
- "mail":"first@example.com",
+ "mail":"AdeleV@contoso.com",
"officeLocation":null, "preferredLanguage":"en-US",
- "surname":"Last",
- "userPrincipalName":"first@example.com"
+ "surname":"Vance",
+ "userPrincipalName":"AdeleV@contoso.com"
} ] }
v1.0 Directoryrole List https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-list.md
HTTP/1.1 200 OK
Content-type: application/json {
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryRoles",
"value": [ {
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value",
- "id": "id-value"
+ "id": "9ed3a0c4-53e1-498c-ab4d-2473476fde14",
+ "deletedDateTime": null,
+ "description": "Can manage all aspects of Azure AD and Microsoft services that use Azure AD identities.",
+ "displayName": "Global Administrator",
+ "roleTemplateId": "62e90394-69f5-4237-9190-012177145e10"
+ },
+ {
+ "id": "f8e85ed8-f66f-4058-b170-3efae8b9c6e5",
+ "deletedDateTime": null,
+ "description": "Device Administrators",
+ "displayName": "Azure AD Joined Device Local Administrator",
+ "roleTemplateId": "9f06204d-73c1-4d4c-880a-6edb90606fd8"
+ },
+ {
+ "id": "fe8f10bf-c9c2-47eb-95cb-c26cc85f1830",
+ "deletedDateTime": null,
+ "description": "Can read basic directory information. Commonly used to grant directory read access to applications and guests.",
+ "displayName": "Directory Readers",
+ "roleTemplateId": "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
} ] }
v1.0 Directoryrole Post Directoryroles https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-post-directoryroles.md
POST https://graph.microsoft.com/v1.0/directoryRoles
Content-type: application/json {
- "roleTemplateId": "roleTemplateId-value"
+ "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
} ``` # [C#](#tab/csharp)
HTTP/1.1 201 Created
Content-type: application/json {
- "description": "description-value",
- "displayName": "displayName-value",
- "roleTemplateId": "roleTemplateId-value",
- "id": "id-value"
+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryRoles/$entity",
+ "id": "76f84d30-2759-4c66-915d-65c6e4083fa0",
+ "deletedDateTime": null,
+ "description": "Can manage all aspects of users and groups, including resetting passwords for limited admins.",
+ "displayName": "User Administrator",
+ "roleTemplateId": "fe930be7-5e62-47db-91af-98c3a49a38b1"
} ```
v1.0 Directoryrole Post Members https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/api/directoryrole-post-members.md
doc_type: apiPageType
Namespace: microsoft.graph
-Use this API to create a new directory role member.
+Create a new directory role member.
-> [!Note]
-> You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
+You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).
## Permissions One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
One of the following permissions is required to call this API. To learn more, in
## HTTP request <!-- { "blockType": "ignored" } --> ```http
-POST /directoryRoles/{id}/members/$ref
+POST /directoryRoles/{role-objectId}/members/$ref
+POST /directoryRoles/roleTemplateId={role-templateId}/members/$ref
```+ ## Request headers | Name | Type | Description| |:|:--|:-|
If successful, this method returns `204 No Content` response code.
### Example 1: Add a new member to a directory role using role objectId
+In this request, replace `fe8f10bf-c9c2-47eb-95cb-c26cc85f1830` with the **id** value for the directory role you wish to assign to the user or directory object. Replace `15c1a2d5-9101-44b2-83ab-885db8a647ca` with the **id** value of your user or directory object.
+ ##### Request
If successful, this method returns `204 No Content` response code.
"name": "create_directoryobject_from_directoryrole_objectId" }--> ```http
-POST https://graph.microsoft.com/v1.0/directoryRoles/{role-objectId}/members/$ref
+POST https://graph.microsoft.com/v1.0/directoryRoles/fe8f10bf-c9c2-47eb-95cb-c26cc85f1830/members/$ref
Content-type: application/json {
- "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{user-id}"
+ "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/15c1a2d5-9101-44b2-83ab-885db8a647ca"
} ``` # [JavaScript](#tab/javascript)
Content-type: text/plain
### Example 2: Add a new member to a directory role using role templateId
+In this request, replace `88d8e3e3-8f55-4a1e-953a-9b9898b8876b` with the value of the **roleTemplateId** for the directory role you wish to assign to the user or directory object. Replace `bb165b45-151c-4cf6-9911-cd7188912848` with the **id** value of your user or directory object.
+ ##### Request
Content-type: text/plain
"name": "create_directoryobject_from_directoryrole_templateId" }--> ```http
-POST https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId={role-templateId}/members/$ref
+POST https://graph.microsoft.com/v1.0/directoryRoles/roleTemplateId=88d8e3e3-8f55-4a1e-953a-9b9898b8876b/members/$ref
Content-type: application/json {
- "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/{user-id}"
+ "@odata.id": "https://graph.microsoft.com/v1.0/directoryObjects/bb165b45-151c-4cf6-9911-cd7188912848"
} ``` # [JavaScript](#tab/javascript)
v1.0 Identityprotectionroot https://github.com/microsoftgraph/microsoft-graph-docs/commits/master/api-reference/v1.0/resources/identityprotectionroot.md
GET a user's risk history | [GET https://graph.microsoft.com/v1.0/identityProtec
CONFIRM a user as compromised | [POST https://graph.microsoft.com/v1.0/identityProtection/riskyUsers/confirmCompromised](https://developer.microsoft.com/graph/graph-explorer?request=/identityProtection/riskyUsers/confirmCompromised&version=v1.0) DISMISS a risky user | [POST https://graph.microsoft.com/v1.0/identityProtection/riskyUsers/dismiss](https://developer.microsoft.com/graph/graph-explorer?request=/identityProtection/riskyUsers/dismiss&version=v1.0)
+For specific guidance and additional information, see [Identify and remediate risks using Microsoft Graph APIs](/graph/tutorial-riskdetection-api).
+ ## What licenses do I need? Azure AD Identity Protection is a premium feature. You need an Azure AD Premium P1 or P2 license to access the riskDetection API (note: P1 licenses receive limited risk information). The riskyUsers API is only available to Azure AD Premium P2 licenses only.