+ Title: "Get adminReportSettings"

+description: "Get the tenant-level settings for Microsoft 365 reports."

+ms.localizationpriority: medium

+# Get adminReportSettings

+Namespace: microsoft.graph

+Get the tenant-level settings for Microsoft 365 reports.

+> **Note:** For details about different report views and names, see [Microsoft 365 Reports in the admin center - Microsoft 365 Apps usage](/microsoft-365/admin/activity-reports/microsoft365-apps-usage).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+|:|:|

+| Delegated (work or school account) | ReportSettings.Read.All, ReportSettings.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | ReportSettings.Read.All, ReportSettings.ReadWrite.All |

+> **Note:** For delegated permissions to allow apps to get report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+GET /admin/reportSettings

+```

+## Request headers

+| Name | Description |

+| : | : |

+| Authorization | Bearer {token}. Required. |

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [adminReportSettings](../resources/adminreportsettings.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_adminreportsettings"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/admin/reportSettings

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.adminReportSettings"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.adminReportSettings",

+ "displayConcealedNames": true

+ }

+}

+```

+ Title: "Update adminReportSettings"

+description: "Update tenant-level settings for Microsoft 365 reports."

+ms.localizationpriority: medium

+# Update adminReportSettings

+Namespace: microsoft.graph

+Update tenant-level settings for Microsoft 365 reports.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+| Permission type | Permissions (from least to most privileged) |

+|-||

+| Delegated (work or school account) | ReportSettings.ReadWrite.All |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | ReportSettings.ReadWrite.All |

+> **Note:** For delegated permissions to allow apps to update report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+PATCH /admin/reportSettings

+```

+## Request headers

+| Name | Description |

+| : | :--|

+| Authorization | Bearer {token}. Required. |

+| Content-Type | application/json. Required.|

+## Request body

+| Property | Type | Description |

+| -- | -- | - |

+| displayConcealedNames | Boolean | If set to `true`, all reports will conceal user information such as usernames, groups, and sites. If `false`, all reports will show identifiable information. This property represents a setting in the Microsoft 365 admin center. Required. |

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+The following is an example of a request that updates a tenant-level setting for Microsoft 365 reports.

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "update_adminreportsettings"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/admin/reportSettings

+Content-Type: application/json

+Content-length: 37

+{

+ "displayConcealedNames": true

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response"

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete learningProvider"

+description: "Delete a learningProvider object."

+ms.localizationpriority: medium

+# Delete learningProvider

+Namespace: microsoft.graph

+Delete a [learningProvider](../resources/learningprovider.md) resource and remove its registration in Viva Learning for the tenant.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningProvider.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /employeeExperience/learningProviders/{learningProviderId}/$ref

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "delete_learningprovider"

+}

+-->

+``` http

+DELETE /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70/$ref

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "List learningProviders"

+description: "Get a list of the learningProvider objects and their properties."

+ms.localizationpriority: medium

+# List learningProviders

+Namespace: microsoft.graph

+Get a list of the [learningProvider](../resources/learningprovider.md) resources registered in Viva Learning for a tenant.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningProvider.Read|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [learningProvider](../resources/learningprovider.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "list_learningprovider"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningProvider",

+ "isCollection": true

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders",

+ "value": [

+ {

+ "id": "ba9790ef-21d5-4c17-808c-acda55230253",

+ "displayName": "Microsoft",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": true,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+ },

+ {

+ "id": "13727311-e7bb-470d-8b20-6a23d9030d70",

+ "displayName": "LinkedInHub",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": true,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+ }

+ ]

+}

+```

+ Title: "Create learningProvider"

+description: "Create a new learningProvider object."

+ms.localizationpriority: medium

+# Create learningProvider

+Namespace: microsoft.graph

+Create a new [learningProvider](../resources/learningprovider.md) object and register it with Viva Learning using the specified display name and logos for different themes.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningProvider.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /employeeExperience/learningProviders

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [learningProvider](../resources/learningprovider.md) object.

+You can specify the following properties when you create a **learningProvider**.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name that appears in Viva Learning. Required.|

+|isEnabled|Boolean|The state of the provider. Optional.|

+|loginWebUrl|String|Authentication URL to access the courses for the provider. Optional.|

+|longLogoWebUrlForDarkTheme|String|The long logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|longLogoWebUrlForLightTheme|String|The long logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForDarkTheme|String|The square logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForLightTheme|String|The square logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+## Response

+If successful, this method returns a `201 Created` response code and a [learningProvider](../resources/learningprovider.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_learningprovider_from_"

+}

+-->

+``` http

+POST /employeeExperience/learningProviders

+Content-Type: application/json

+{

+ "displayName": "Microsoft",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": true,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningProvider"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders/$entity",

+ "id": "ba9790ef-21d5-4c17-808c-acda55230253",

+ "displayName": "Microsoft",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": true,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+}

+```

+ Title: "Get learningContent"

+description: "Read the properties and relationships of a learningContent object."

+ms.localizationpriority: medium

+# Get learningContent

+Namespace: microsoft.graph

+Get the specified [learningContent](../resources/learningcontent.md) resource which represents the metadata of the specified provider's ingested content.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningContent.Read.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|LearningContent.Read.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/{learningProviderId}/learningContents/{externalId}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [learningContent](../resources/learningcontent.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_learningcontent"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70/learningContents(externalId='LP4471')

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningContent"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders('13727311-e7bb-470d-8b20-6a23d9030d70')/learningContents/$entity",

+ "externalId": "LP4471",

+ "title": "Manage classes, resources, assessment, and planning in Microsoft Teams with Beedle",

+ "description": "A module to guide users through the various teaching and learning enhancements that Beedle provides within Microsoft Teams, with many examples of everyday application.",

+ "contentWebUrl": "https://docs.microsoft.com/en-us/learn/modules/manage-classes-resources-assessment-planning-beedle/",

+ "sourceName": "MSLibrary",

+ "thumbnailWebUrl": "https://syndetics.com/index.aspx?isbn=9783319672175/LC.GIF",

+ "languageTag": "en-us",

+ "numberOfPages": 10,

+ "duration": "PT20M",

+ "format": "Book",

+ "createdDateTime": "2018-01-01T00:00:00",

+ "lastModifiedDateTime": "2021-04-01T04:26:06.1995367Z",

+ "contributor": "Scott Simpson",

+ "additionalTags": [

+ "Create private or public teams",

+ "Add members to teams"

+ ],

+ "skillTags": [

+ "Create teams",

+ "Teams channels",

+ "Teams members"

+ ],

+ "isActive": true,

+ "isPremium": false,

+ "isSearchable": true

+}

+```

+ Title: "Update learningContent"

+description: "Update the properties of a learningContent object."

+ms.localizationpriority: medium

+# Update learningContent

+Namespace: microsoft.graph

+Update the specified [learningContent](../resources/learningcontent.md) resource.

+Used by a [learning provider](../resources/learningprovider.md) to ingest or update the metadata for their content in Viva Learning. If the specified learning content doesn't yet exist for the specified provider, this operation creates the metadata for the new content. Otherwise, this operation replaces the metadata of the existing content.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningContent.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|LearningContent.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /employeeExperience/learningProviders/{registrationId}/learningContents(externalId='{externalId}')

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+|Property|Type|Description|

+|:|:|:|

+|additionalTags|String collection|Keywords, topics, and other tags associated with the learning content. Optional.|

+|contentWebUrl|String|The content web URL for the learning content. Required.|

+|contributor|String|The author, creator, or contributor of the learning content. Optional.|

+|createdDateTime|DateTimeOffset|The date when the learning content was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Optional.|

+|description|String|The description or summary for the learning content. Optional.|

+|duration|Duration|The duration of the learning content in seconds. Optional.|

+|externalId|String|Unique external content ID for the learning content. Required.|

+|format|String|The format of the learning content. For example, `Course`, `Video`, `Book`, `Book Summary`, `Audiobook Summary`. Optional.|

+|isActive|Boolean|Indicates whether the content is active or not. Inactive content will not show up in the UI. The default value is `true`. Optional.|

+|isPremium|Boolean|Indicates whether the learning content requires the user to sign-in on the learning provider platform or not. The default value is `false`. Optional.|

+|isSearchable|Boolean|Indicates whether the learning content is searchable or not. The default value is `true`. Optional.|

+|languageTag|String|The language of the learning content, for example, `en-us` or `fr-fr`. Required.|

+|lastModifiedDateTime|DateTimeOffset|The date when the learning content was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Optional.|

+|numberOfPages|Int32|The number of pages of the learning content, for example, 9. Optional.|

+|skillTags|String collection|The skills tags associated with the learning content. Optional.|

+|sourceName|String|The source name of the learning content, such as `LinkedIn Learning` or `Coursera`. Optional.|

+|thumbnailWebUrl|String|The URL of learning content thumbnail image. Optional.|

+|title|String|The title of the learning content. Required.|

+## Response

+If successful, this method returns a `202 Accepted` response code and an updated [learningContent](../resources/learningcontent.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "update_learningcontent"

+}

+-->

+``` http

+PATCH /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70/learningContents(externalId='LP4471')

+Content-Type: application/json

+{

+ "title": "Manage classes, resources, assessment, and planning in Microsoft Teams with Beedle",

+ "description": "A module to guide users through the various teaching and learning enhancements that Beedle provides within Microsoft Teams, with many examples of everyday application.",

+ "contentWebUrl": "https://docs.microsoft.com/en-us/learn/modules/manage-classes-resources-assessment-planning-beedle/",

+ "sourceName": "MsLearn",

+ "thumbnailWebUrl": "https://syndetics.com/index.aspx?isbn=9783319672175/LC.GIF",

+ "languageTag": "en-us",

+ "numberOfPages": 9,

+ "duration": "PT20M",

+ "format": "Book",

+ "createdDateTime": "2018-01-01T00:00:00",

+ "lastModifiedDateTime": "2021-04-01T04:26:06.1995367Z",

+ "contributor": "Scott Simpson",

+ "additionalTags": [

+ "Create private or public teams",

+ "Add members to teams"

+ ],

+ "skillTags": [

+ "Create teams",

+ "Teams channels",

+ "Teams members"

+ ],

+ "isActive": true,

+ "isPremium": false,

+ "isSearchable": true

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningContent"

+}

+-->

+``` http

+HTTP/1.1 202 Accepted

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders('13727311-e7bb-470d-8b20-6a23d9030d70')/learningContents/$entity",

+ "externalId": "LP4471",

+ "title": "Manage classes, resources, assessment, and planning in Microsoft Teams with Beedle",

+ "description": "A module to guide users through the various teaching and learning enhancements that Beedle provides within Microsoft Teams, with many examples of everyday application.",

+ "contentWebUrl": "https://docs.microsoft.com/en-us/learn/modules/manage-classes-resources-assessment-planning-beedle/",

+ "sourceName": "MsLearn",

+ "thumbnailWebUrl": "https://syndetics.com/index.aspx?isbn=9783319672175/LC.GIF",

+ "languageTag": "en-us",

+ "numberOfPages": 9,

+ "duration": "PT20M",

+ "format": "Book",

+ "createdDateTime": "2018-01-01T00:00:00",

+ "lastModifiedDateTime": "2021-04-01T04:26:06.1995367Z",

+ "contributor": "Scott Simpson",

+ "additionalTags": [

+ "Create private or public teams",

+ "Add members to teams"

+ ],

+ "skillTags": [

+ "Create teams",

+ "Teams channels",

+ "Teams members"

+ ],

+ "isActive": true,

+ "isPremium": false,

+ "isSearchable": true

+}

+```

+ Title: "Delete learningContent"

+description: "Delete a learningContent object."

+ms.localizationpriority: medium

+# Delete learningContent

+Namespace: microsoft.graph

+Delete the specified [learningContent](../resources/learningcontent.md) resource which represents the metadata of the specified provider's ingested content.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningContent.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|LearningContent.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /employeeExperience/learningProviders/{learningProviderId}/learningContents/{externalId='{externalId}'}/$ref

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "delete_learningcontent"

+}

+-->

+``` http

+DELETE /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70/learningContents(externalId='27rg2ifb28gf28')/$ref

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get learningProvider"

+description: "Read the properties and relationships of a learningProvider object."

+ms.localizationpriority: medium

+# Get learningProvider

+Namespace: microsoft.graph

+Read the properties and relationships of a [learningProvider](../resources/learningprovider.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningProvider.Read|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/{id}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [learningProvider](../resources/learningprovider.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_learningprovider"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningProvider"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders/$entity",

+ "id": "13727311-e7bb-470d-8b20-6a23d9030d70",

+ "displayName": "LinkedInHub",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": true,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+}

+```

+ Title: "List learningContents"

+description: "Get a list of the learningContent objects and their properties."

+ms.localizationpriority: medium

+# List learningContents

+Namespace: microsoft.graph

+Get a list of the [learningContent](../resources/learningcontent.md) resources and their properties.

+This list represents the metadata of the specified provider's content in Viva Learning.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningContent.Read.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|LearningContent.Read.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/{learningProviderId}/learningContents

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [learningContent](../resources/learningcontent.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "list_learningcontent"

+}

+-->

+``` http

+GET /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70/learningContents

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.learningContent",

+ "isCollection": true

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#learningProviders('13727311-e7bb-470d-8b20-6a23d9030d70')/learningContents",

+ "value": [

+ {

+ "externalId": "LP4771",

+ "title": "Manage classes, resources, assessment, and planning in Microsoft Teams with Beedle",

+ "description": "A module to guide users through the various teaching and learning enhancements that Beedle provides within Microsoft Teams, with many examples of everyday application.",

+ "contentWebUrl": "https://docs.microsoft.com/en-us/learn/modules/manage-classes-resources-assessment-planning-beedle/",

+ "sourceName": "MSLibrary",

+ "thumbnailWebUrl": "https://syndetics.com/index.aspx?isbn=9783319672175/LC.GIF",

+ "languageTag": "en-us",

+ "numberOfPages": 10,

+ "duration": "PDT1H",

+ "format": "Book",

+ "createdDateTime": "2018-01-01T00:00:00",

+ "lastModifiedDateTime": "2021-04-01T04:26:06.1995367Z",

+ "contributor": "Scott Simpson",

+ "additionalTags": [

+ "Create private or public teams",

+ "Add members to teams"

+ ],

+ "skillTags": [

+ "Create teams",

+ "Teams channels",

+ "Teams members"

+ ],

+ "isActive": true,

+ "isPremium": false,

+ "isSearchable": false

+ },

+ {

+ "externalId": "LP4772",

+ "title": "Manage classes, resources, assessment, and planning in Microsoft Teams with Beedle",

+ "description": "A module to guide users through the various teaching and learning enhancements that Beedle provides within Microsoft Teams, with many examples of everyday application.",

+ "contentWebUrl": "https://docs.microsoft.com/en-us/learn/modules/manage-classes-resources-assessment-planning-beedle/",

+ "sourceName": "MSLibrary",

+ "thumbnailWebUrl": "https://syndetics.com/index.aspx?isbn=9783319672175/LC.GIF",

+ "languageTag": "en-us",

+ "numberOfPages": 10,

+ "duration": "PDT1H",

+ "format": "Book",

+ "createdDateTime": "2018-01-01T00:00:00",

+ "lastModifiedDateTime": "2021-04-01T04:26:06.1995367Z",

+ "contributor": "Scott Simpson",

+ "additionalTags": [

+ "Create private or public teams",

+ "Add members to teams"

+ ],

+ "skillTags": [

+ "Create teams",

+ "Teams channels",

+ "Teams members"

+ ],

+ "isActive": true,

+ "isPremium": false,

+ "isSearchable": false

+ }

+ ]

+}

+```

+ Title: "Update learningProvider"

+description: "Update the properties of a learningProvider object."

+ms.localizationpriority: medium

+# Update learningProvider

+Namespace: microsoft.graph

+Update the properties of a [learningProvider](../resources/learningprovider.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|LearningProvider.ReadWrite|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|Not supported.|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /employeeExperience/learningProviders/{learningProviderId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name that appears in Viva Learning. Required.|

+|isEnabled|Boolean|The state of the provider. Optional.|

+|loginWebUrl|String|Authentication URL to access the courses for the provider. Optional.|

+|longLogoWebUrlForDarkTheme|String|The long logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|longLogoWebUrlForLightTheme|String|The long logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForDarkTheme|String|The square logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForLightTheme|String|The square logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+## Response

+If successful, this method returns a `204 No Content` response code in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "update_learningprovider"

+}

+-->

+``` http

+PATCH /employeeExperience/learningProviders/13727311-e7bb-470d-8b20-6a23d9030d70

+Content-Type: application/json

+{

+ "displayName": "Microsoft",

+ "squareLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForDarkTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "squareLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "longLogoWebUrlForLightTheme": "https://support.content.office.net/en-us/media/4c531d12-4c13-4782-a6e4-4b8f991801a3.png",

+ "isEnabled": false,

+ "loginWebUrl": "https://www.linkedin.com/learning-login/teams"

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete openTypeExtension"

+# Delete openTypeExtension

+DELETE /administrativeUnits/{administrativeUnitId}/extensions/{extensionId}

+DELETE /devices/{deviceId}/extensions/{extensionId}

+DELETE /users/{userId|userPrincipalName}/events/{eventId}/extensions/{extensionId}

+DELETE /groups/{groupId}/extensions/{extensionId}

+DELETE /groups/{groupId}/events/{eventId}/extensions/{extensionId}

+DELETE /groups/{groupId}/threads/{threadIid}/posts/{postId}/extensions/{extensionId}

+DELETE /users/{userIid|userPrincipalName}/messages/{messageId}/extensions/{extensionId}

+DELETE /organization/{organizationId}/extensions/{extensionId}

+DELETE /users/{userId|userPrincipalName}/contacts/{contactId}/extensions/{extensionId}

+DELETE /users/{userId|userPrincipalName}/extensions/{extensionId}

+DELETE /users/me/todo/lists/{listId}/extensions/{extensionId}

+DELETE /users/me/todo/lists/{listId}/tasks/{taskId}/extensions/{extensionId}

+DELETE /users/me/tasks/lists/{listId}/extensions/{extensionId}

+DELETE /users/me/tasks/lists/{listId}/tasks/{taskId}/extensions/{extensionId}

+ Title: "Get openTypeExtension"

+# Get openTypeExtension

+|Get a specific extension from a known resource instance.| [Administrative unit](../resources/administrativeunit.md) <br/> [baseTask](../resources/basetask.md) (deprecated) <br/> [baseTaskList](../resources/basetasklist.md) (deprecated) <br/> [device](../resources/device.md) <br/> [event](../resources/event.md) <br/> [group](../resources/group.md) <br/> [group event](../resources/event.md) <br/> [group post](../resources/post.md) <br/> [message](../resources/message.md) <br/> [organization](../resources/organization.md) <br/> [personal contact](../resources/contact.md) <br/> [user](../resources/user.md) <br/> [todoTask](../resources/todotask.md) <br/> [todoTaskList](../resources/todotasklist.md) | Open extension only.|

+GET /administrativeUnits/{administrativeUnitId}/extensions/{extensionId}

+GET /devices/{deviceId}/extensions/{extensionId}

+GET /users/{Id|userPrincipalName}/events/{eventId}/extensions/{extensionId}

+GET /groups/{groupId}/extensions/{extensionId}

+GET /groups/{groupId}/events/{eventId}/extensions/{extensionId}

+GET /groups/{groupId}/threads/{threadId}/posts/{postId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/messages/{messageId}/extensions/{extensionId}

+GET /organization/{organizationId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/contacts/{contactId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/todo/lists/{listId}/tasks/{todoTaskId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/todo/lists/{listId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/tasks/lists/{listId}/tasks/{baseTaskId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/tasks/lists/{listId}/extensions/{extensionId}

+GET /users/{userId|userPrincipalName}/events/{eventId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /groups/{groupId}/events/{eventId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /groups/{groupId}/threads/{threadId}/posts/{postId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/messages/{messageId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/contacts/{contactId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/todo/lists/{listId}/tasks/{taskId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/todo/lists/{listId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/tasks/lists/{listId}/tasks/{taskId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/tasks/lists/{listId}?$expand=extensions($filter=id eq '{extensionId}')

+GET /devices/{deviceId}?$expand=extensions($filter=id eq '{extensionId}')&$select=id,{property_1},{property_n}

+GET /groups/{groupId}?$expand=extensions($filter=id eq '{extensionId}')&$select=id,{property_1},{property_n}

+GET /organization/{organizationId}?$expand=extensions($filter=id eq '{extensionId}')&$select=id,{property_1},{property_n}

+GET /users/{userId|userPrincipalName}?$expand=extensions($filter=id eq '{extensionId}')&$select=id,{property_1},{property_n}

+GET /users/{userId|userPrincipalName}/events?$filter=Extensions/any(f:f/id eq '{extensionId}')&$expand=Extensions($filter=id eq '{extensionId}')

+GET /groups/{groupId}/events?$filter=Extensions/any(f:f/id eq '{extensionId}')&$expand=Extensions($filter=id eq '{extensionId}')

+GET /groups/{groupId}/threads/{threadId}/posts?$filter=Extensions/any(f:f/id eq '{extensionId}')&$expand=Extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/messages?$filter=Extensions/any(f:f/id eq '{extensionId}')&$expand=Extensions($filter=id eq '{extensionId}')

+GET /users/{userId|userPrincipalName}/contacts?$filter=Extensions/any(f:f/id eq '{extensionId}')&$expand=Extensions($filter=id eq '{extensionId}')

+ Title: "Create openTypeExtension"

+# Create openTypeExtension

+POST /users/{userId|userPrincipalName}/events

+POST /users/{userId|userPrincipalName}/messages

+POST /groups/{userId}/events

+POST /groups/{userId}/threads/{threadId}/posts/{postId}/reply

+POST /users/{userId|userPrincipalName}/contacts

+POST /users/{userId|userPrincipalName}/todo/lists/{listId}/tasks

+POST /users/{userId|userPrincipalName}/todo/lists

+POST /users/{userId|userPrincipalName}/tasks/lists/{listId}/tasks

+POST /users/{userId|userPrincipalName}/tasks/lists

+POST /administrativeunits/{administrativeUnitId}/extensions

+POST /devices/{deviceId}/extensions

+POST /users/{userId|userPrincipalName}/events/{eventId}/extensions

+POST /groups/{groupId}/extensions

+POST /groups/{groupId}/events/{eventId}/extensions

+POST /groups/{groupId}/threads/{threadId}/posts/{postId}/extensions

+POST /users/{userId|userPrincipalName}/messages/{messageId}/extensions

+POST /organization/{organizationId}/extensions

+POST /users/{userIdd|userPrincipalName}/contacts/{contactId}/extensions

+POST /users/{userId|userPrincipalName}/extensions

+POST /users/{userId|userPrincipalName}/todo/lists/{listId}/tasks/{taskId}/extensions

+POST /users/{userId|userPrincipalName}/todo/lists/{listId}/extensions

+POST /users/{userId|userPrincipalName}/tasks/lists/{listId}/tasks/{taskId}/extensions

+POST /users/{userId|userPrincipalName}/tasks/lists/{listId}/extensions

+| extensionName | Unique string |

+ Title: "Update openTypeExtension"

+# Update openTypeExtension

+PATCH /administrativeUnits/{administrativeUnitId}/extensions/{extensionId}

+PATCH /devices/{deviceId}/extensions/{extensionId}

+PATCH /users/{userId|userPrincipalName}/events/{eventId}/extensions/{extensionId}

+PATCH /groups/{groupId}/extensions/{extensionId}

+PATCH /groups/{groupId}/events/{eventId}/extensions/{extensionId}

+PATCH /groups/{groupId}/threads/{threadId}/posts/{postId}/extensions/{extensionId}

+PATCH /users/{userId|userPrincipalName}/messages/{messageId}/extensions/{extensionId}

+PATCH /organization/{organizationId}/extensions/{extensionId}

+PATCH /users/{userId|userPrincipalName}/contacts/{contactId}/extensions/{extensionId}

+PATCH /users/{userId|userPrincipalName}/extensions/{extensionId}

+PATCH /users/me/todo/lists/{listId}/tasks/{taskId}/extensions/{extensionId}

+PATCH /users/me/todo/lists/{listId}/extensions/{extensionId}

+PATCH /users/me/tasks/lists/{listId}/tasks/{taskId}/extensions/{extensionId}

+PATCH /users/me/tasks/lists/{listId}/extensions/{extensionId}

+| extensionName | Unique string |

+* The `$expand` and `$select` operators are supported for the `shares` navigation property, but not for `jobs`.

+> **Note:** Using $top=n query parameter will return **up to** `n` shares. Caller needs to use skip token to enumerate over the entire list.

+>**Note**: The response will not contain the **defaults** or **capabilities** properties.

+> For following scenarios, response will contain limited set of properties (id,displayName,manufacturer,model,location):

+> - Listing printer shares on behalf of user who is not [Printer Administrator](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#printer-administrator).

+> - Filtering printer shares based on `capabilities` or `location`.

+You can get additional properties via a [Get printerShare](printershare-get.md) request.

+> **Note:** A user can submit up to ~10000 print jobs in 10 days.

+> **Note:** A user can submit up to ~10000 print jobs in 10 days.

+### To retrieve the profile photo of a contact

+|Delegated (work or school account) | Contacts.Read, Contacts.ReadWrite |

+|Delegated (personal Microsoft account) | Contacts.Read, Contacts.ReadWrite |

+|Application | Contacts.Read, Contacts.ReadWrite |

+### To retrieve the profile photo of a team

+|Delegated (work or school account) | Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | TeamSettings.Read.Group*, TeamSettings.ReadWrite.Group*, Team.ReadBasic.All, TeamSettings.Read.All, TeamSettings.ReadWrite.All, Group.Read.All**, Group.ReadWrite.All**, Directory.Read.All**, Directory.ReadWrite.All** |

+### To retrieve the profile photo of a user

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | User.Read, User.ReadBasic.All, User.Read.All, User.ReadWrite, User.ReadWrite.All |

+|Delegated (personal Microsoft account) | User.Read, User.ReadWrite |

+|Application | User.Read.All, User.ReadWrite.All |

+GET /team/{id}/photo/$value

+GET /team/{id}/photo

+### Example 4: Get the photo metadata

+#### Request

+Here is an example of the request to get the metadata of the team photo.

+<!-- {

+ "blockType": "ignored",

+ "name": "get_team_photo_metadata"

+}-->

+```http

+GET https://graph.microsoft.com/beta/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo

+```

+#### Response

+Here is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#teams('172b0cce-e65d-44ce-9a49-91d9f2e8491e')/photo/$entity",

+ "@odata.id": "https://graph.microsoft.com/beta/teams('172b0cce-e65d-44ce-9a49-91d9f2e8491e')/photo",

+ "@odata.mediaContentType": "image/jpeg",

+ "@odata.mediaEtag": "\"BA09D118\"",

+ "id": "240X240",

+ "width": 240,

+ "height": 240

+}

+```

+### Example 5: Get the team photo's binary data

+Here is an example of the request to get the team photo's binary data.

+#### Request

+<!-- {

+ "blockType": "ignored",

+ "name": "get_team_photo"

+}-->

+```http

+GET https://graph.microsoft.com/beta/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo/$value

+```

+#### Response

+Contains the binary data of the requested photo. The HTTP response code is 200.

+description: "Update the photo for any user in the tenant including the signed-in user, or the specified group or contact or team."

+Update the photo for the specified contact, group, team, or user in a tenant. The size of the photo you can update to must be under 8MB.

+### To update the profile photo of a contact

+|Delegated (work or school account) | Contacts.ReadWrite |

+|Application | Contacts.ReadWrite |

+### To update the profile photo of a team

+| Permission type | Permissions (from least to most privileged) |

+|:|:--|

+| Delegated (work or school account) | TeamSettingsReadWriteAll, GroupReadWriteAll**, DirectoryReadWriteAll** |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | Not supported. |

+### To update the profile photo of the signed-in user

+|Delegated (work or school account) | User.ReadWrite, User.ReadWrite.All |

+|Application | User.ReadWrite.All |

+If successful, this method returns a `200 OK` response code or a `204 No Content` response code for updating the photo of a team.

+## Examples

+### Example 1: Update the profile photo of the user

+#### Request

+#### Response

+> **Note:** The response object shown here might be shortened for readability.

+### Example 2: Update the photo of a team

+#### Request

+The following is an example of a request to update a team photo.

+<!-- {

+ "blockType": "request",

+ "name": "update_team_photo"

+}-->

+```http

+PUT https://graph.microsoft.com/beta/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo/$value

+Content-type: image/jpeg

+Binary data for the image

+```

+#### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+ Title: "Get emailThreatSubmission"

+description: "Read the properties and relationships of an emailThreatSubmission object."

+ms.localizationpriority: medium

+# Get emailThreatSubmission

+Namespace: microsoft.graph.security

+Read the properties and relationships of an [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read, ThreatSubmission.ReadWrite, ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/emailThreats/{emailThreatsId}

+```

+## Optional query parameters

+Not suppported.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_emailthreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/emailThreats/{emailThreatsId}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/emailThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.emailUrlThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "email",

+ "emailSubject": "This is a spam",

+ "status": "succeeded",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "allowedByTenant",

+ "category": "notSpam",

+ "userMailboxSetting": "isFromDomainInDomainSafeList,isJunkMailRuleEnabled",

+ "detectedUrls": ["contoso.com"],

+ "detectedFiles": [

+ {

+ "fileName": "test.ps1",

+ "fileHash": "hash of test.ps1"

+ }

+ ]

+ },

+ "adminReview": null,

+ "internetMessageId": "some-internet-message-id@contoso.com",

+ "sender": "test@contoso.com",

+ "senderIP": "127.0.0.1",

+ "receivedDateTime": "2021-10-09T03:30:18.6890937Z",

+ "originalCategory": "notSpam",

+ "attackSimulationInfo": null,

+ "tenantAllowOrBlockListAction":

+ {

+ "action": "allow",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z",

+ "note": "temporal allow the url/attachment/sender in the email.",

+ "results": null

+ },

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "List emailThreatSubmissions"

+description: "Get a list of the emailThreatSubmission objects and their properties."

+ms.localizationpriority: medium

+# List emailThreatSubmissions

+Namespace: microsoft.graph.security

+Get a list of the [emailThreatSubmission](../resources/security-emailthreatsubmission.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read, ThreatSubmission.ReadWrite, ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/emailThreats

+```

+## Optional query parameters

+This method supports `$filter`, `$top`, `$skipToken` and `$count` to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [emailThreatSubmission](../resources/security-emailthreatsubmission.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_emailthreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/emailThreats

+```

+### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.security.emailThreatSubmission)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/emailThreats",

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.emailThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "email",

+ "emailSubject": "This is a spam",

+ "status": "succeeded",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "allowedByTenant",

+ "category": "notSpam",

+ "userMailboxSetting": "isFromDomainInDomainSafeList,isJunkMailRuleEnabled",

+ "detectedUrls": ["contoso.com"],

+ "detectedFiles": [

+ {

+ "fileName": "test.ps1",

+ "fileHash": "hash of test.ps1"

+ }

+ ]

+ },

+ "adminReview": null,

+ "internetMessageId": "some-internet-message-id@contoso.com",

+ "sender": "test@contoso.com",

+ "senderIP": "127.0.0.1",

+ "receivedDateTime": "2021-10-09T03:30:18.6890937Z",

+ "originalCategory": "notSpam",

+ "attackSimulationInfo": null,

+ "tenantAllowOrBlockListAction":

+ {

+ "action": "allow",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z",

+ "note": "temporal allow the url/attachment/sender in the email.",

+ "results": [

+ {

+ "identity": "tenant allow block list id",

+ "value": "contoso.com",

+ "entryType": "url",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z",

+ "status": "succeeded"

+ },

+ {

+ "identity": "tenant allow block list id",

+ "value": "test-contoso.com",

+ "entryType": "url",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z",

+ "status": "skipped"

+ },

+ ]

+ },

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+ }

+ ]

+}

+```

+ Title: "Create emailThreatSubmission"

+description: "Create a new emailThreatSubmission object."

+ms.localizationpriority: medium

+# Create emailThreatSubmission

+Namespace: microsoft.graph.security

+Create a new [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.ReadWrite, ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /security/threatSubmission/emailThreats

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of either an [emailContentThreatSubmission](../resources/security-emailcontentthreatsubmission.md) object or an [emailUrlThreatSubmission](../resources/security-emailurlthreatsubmission.md) object.

+The **emailContentThreatSubmission** and **emailUrlThreatSubmission** resources are both subtypes of the **emailThreatSubmission** entity. Choose what to include in the request body based on the following:

+* If you want to create a submission with the email content itself, include an **emailContentThreatSubmission** object.

+* If you want to create a submission with a URL that points to the email, include an **emailUrlThreatSubmission** object.

+After the **emailContentThreatSubmission** or **emailUrlThreatSubmision** objects are created, the threat submission service just stores some metadata about the email. The email content is not stored. As a result, an **emailThreatSubmission** entity is created.

+## Response

+If successful, this method returns a `201 Created` response code and an [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object in the response body.

+## Examples

+### Example 1: Email threat submission creation with messageUrl and emailUrlThreatSubmission type

+#### Request

+<!-- {

+ "blockType": "request",

+ "name": "create_emailthreatsubmission_from_emailthreats"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/security/threatSubmission/emailThreats

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.emailUrlThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "messageUrl": "https://graph.microsoft.com/beta/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt="

+}

+```

+#### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/emailThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.emailUrlThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "email",

+ "emailSubject": "This is a spam",

+ "status": "succeeded",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "allowedByTenant",

+ "category": "notSpam",

+ "userMailboxSetting": "isFromDomainInDomainSafeList,isJunkMailRuleEnabled",

+ "detectedUrls": ["contoso.com"],

+ "detectedFiles": [

+ {

+ "fileName": "test.ps1",

+ "fileHash": "hash of test.ps1"

+ }

+ ]

+ },

+ "adminReview": null,

+ "internetMessageId": "some-internet-message-id@contoso.com",

+ "sender": "test@contoso.com",

+ "senderIP": "127.0.0.1",

+ "receivedDateTime": "2021-10-09T03:30:18.6890937Z",

+ "originalCategory": "notSpam",

+ "attackSimulationInfo": null,

+ "tenantAllowOrBlockListAction": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+### Example 2: Email threat submission creation with tenantAllowOrBlockListAction provided

+#### Request

+```http

+POST https://graph.microsoft.com/beta/security/threatSubmission/emailThreats

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.emailUrlThreatSubmission",

+ "category": "notSpam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "messageUrl": "https://graph.microsoft.com/beta/users/c52ce8db-3e4b-4181-93c4-7d6b6bffaf60/messages/AAMkADU3MWUxOTU0LWNlOTEt=",

+ "tenantAllowOrBlockListAction":

+ {

+ "action": "allow",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z"

+ "note": "temporal allow the url/attachment/sender in the email."

+ }

+}

+```

+#### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/emailThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.emailUrlThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "email",

+ "emailSubject": "This is a spam",

+ "status": "succeeded",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "allowedByTenant",

+ "category": "notSpam",

+ "userMailboxSetting": "isFromDomainInDomainSafeList,isJunkMailRuleEnabled",

+ "detectedUrls": ["contoso.com"],

+ "detectedFiles": [

+ {

+ "fileName": "test.ps1",

+ "fileHash": "hash of test.ps1"

+ }

+ ]

+ },

+ "adminReview": null,

+ "internetMessageId": "some-internet-message-id@contoso.com",

+ "sender": "test@contoso.com",

+ "senderIP": "127.0.0.1",

+ "receivedDateTime": "2021-10-09T03:30:18.6890937Z",

+ "originalCategory": "notSpam",

+ "attackSimulationInfo": null,

+ "tenantAllowOrBlockListAction":

+ {

+ "action": "allow",

+ "expirationDateTime": "2021-10-30T03:30:18.6890937Z",

+ "note": "temporal allow the url/attachment/sender in the email.",

+ "results": null

+ },

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+### Example 3: Email threat submission creation with fileContent and emailContentThreatSubmission type

+#### Request

+```http

+POST https://graph.microsoft.com/beta/security/threatSubmission/emailThreats

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.emailContentThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "fileContent": "UmVjZWl2ZWQ6IGZyb20gTVcyUFIwME1CMDMxNC5uYW1wcmQwMC....."

+}

+```

+#### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/emailThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.emailContentThreatSubmission",

+ "category": "spam",

+ "recipientEmailAddress": "tifc@a830edad9050849EQTPWBJZXODQ.onmicrosoft.com",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "email",

+ "emailSubject": "This is a spam",

+ "status": "succeeded",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "allowedByTenant",

+ "category": "notSpam",

+ "userMailboxSetting": "isFromDomainInDomainSafeList,isJunkMailRuleEnabled",

+ "detectedUrls": ["contoso.com"],

+ "detectedFiles": [

+ {

+ "fileName": "test.ps1",

+ "fileHash": "hash of test.ps1"

+ }

+ ]

+ },

+ "adminReview": null,

+ "internetMessageId": "some-internet-message-id@contoso.com",

+ "sender": "test@contoso.com",

+ "senderIP": "127.0.0.1",

+ "receivedDateTime": "2021-10-09T03:30:18.6890937Z",

+ "originalCategory": "notSpam",

+ "attackSimulationInfo": null,

+ "tenantAllowOrBlockListAction": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "emailThreatSubmission: review"

+description: "Review a threat submission."

+ms.localizationpriority: medium

+# emailThreatSubmission: review

+Namespace: microsoft.graph.security

+Review a threat submission. Only [emailThreatSubmission](../resources/security-emailthreatsubmission.md) objects submitted by end users support the review action.

+Review actions for [urlThreatSubmission](../resources/security-urlthreatsubmission.md) and [fileThreatSubmission](../resources/security-filethreatsubmission.md) objects are not supported for end user.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /emailThreats/{emailThreatsId}/review

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the parameters.

+The following table shows the parameters that can be used with this action.

+|Parameter|Type|Description|

+|:|:|:|

+|category|String|The email is being reported as notSpam, junk, phishing, malware. Case insensitive.|

+## Response

+If successful, this action returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "emailthreatsubmissionthis.review"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/security/threatSubmission/emailThreats/49c5ef5b-1f65-444a-e6b9-08d772ea2059/review

+Content-type: application/json

+{

+ "category": "phishing"

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Delete emailThreatSubmissionPolicy"

+description: "Delete an emailThreatSubmissionPolicy object."

+ms.localizationpriority: medium

+# Delete emailThreatSubmissionPolicy

+Namespace: microsoft.graph.security

+Delete an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmissionPolicies.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmissionPolicy.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE security/threatSubmission/emailThreatSubmissionPolices/{id}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "delete_emailthreatsubmissionpolicy"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolices/{id}

+```

+### Response

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get emailThreatSubmissionPolicy"

+description: "Read the properties and relationships of an emailThreatSubmissionPolicy object."

+ms.localizationpriority: medium

+# Get emailThreatSubmissionPolicy

+Namespace: microsoft.graph.security

+Read the properties and relationships of an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read, ThreatSubmission.ReadWrite, ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All, ThreatSubmissionPolicies.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All, ThreatSubmissionPolicy.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET security/threatSubmission//emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId}

+```

+## Optional query parameters

+Not suppported.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_emailthreatsubmissionpolicy"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmissionPolicy"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.security.emailThreatSubmissionPolicy",

+ "id": "3df67ecc-11b4-b5b4-9bae-b0729940b3d1",

+ "isReportToMicrosoftEnabled": "Boolean",

+ "isReportToCustomizedEmailAddressEnabled": "Boolean",

+ "isAskMeEnabledForUsers": "Boolean",

+ "isAlwaysReportEnabledForUsers": "Boolean",

+ "isNeverReportEnabledForUsers": "Boolean",

+ "isCustomizedMessageEnabledForPhishing": "Boolean",

+ "isCustomizedMessageEnabled": "Boolean",

+ "customizedReportRecipientEmailAddress": "String",

+ "isReviewEmailNotificationEnabled": "Boolean",

+ "isCustomizedNotificationSenderEnabled": "Boolean",

+ "isOrganizationBrandingEnabled": "Boolean",

+ "customizedNotificationSenderEmailAddress": "String",

+ "isReportFromQuarantineEnabled": "Boolean"

+ }

+}

+```

+ Title: "List emailThreatSubmissionPolicies"

+description: "Get a list of the emailThreatSubmissionPolicy objects and their properties."

+ms.localizationpriority: medium

+# List emailThreatSubmissionPolicies

+Namespace: microsoft.graph.security

+Get a list of the [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read, ThreatSubmission.ReadWrite, ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All, ThreatSubmissionPolicies.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All, ThreatSubmission.ReadWrite.All, ThreatSubmissionPolicy.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET security/threatSubmission/emailThreatSubmissionPolicies

+```

+## Optional query parameters

+Not supported.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_emailthreatsubmissionpolicy"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.security.emailThreatSubmissionPolicy)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.security.emailThreatSubmissionPolicy",

+ "id": "3df67ecc-11b4-b5b4-9bae-b0729940b3d1",

+ "isReportToMicrosoftEnabled": "Boolean",

+ "isReportToCustomizedEmailAddressEnabled": "Boolean",

+ "isAskMeEnabledForUsers": "Boolean",

+ "isAlwaysReportEnabledForUsers": "Boolean",

+ "isNeverReportEnabledForUsers": "Boolean",

+ "isCustomizedMessageEnabledForPhishing": "Boolean",

+ "isCustomizedMessageEnabled": "Boolean",

+ "customizedReportRecipientEmailAddress": "String",

+ "isReviewEmailNotificationEnabled": "Boolean",

+ "isCustomizedNotificationSenderEnabled": "Boolean",

+ "isOrganizationBrandingEnabled": "Boolean",

+ "customizedNotificationSenderEmailAddress": "String",

+ "isReportFromQuarantineEnabled": "Boolean"

+ }

+ ]

+}

+```

+ Title: "Create emailThreatSubmissionPolicy"

+description: "Create a new emailThreatSubmissionPolicy object."

+ms.localizationpriority: medium

+# Create emailThreatSubmissionPolicy

+Namespace: microsoft.graph.security

+Create a new [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmissionPolicies.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmissionPolicy.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /security/threatSubmission/emailThreatSubmissionPolicies

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.

+You can also specify the following properties when creating an **emailThreatSubmissionPolicy**. These properties are related to the user reported message settings. For details, see [User reported message settings](/microsoft-365/security/office-365-security/user-submission.md).

+| Property | Type | Description |

+|:--|:--|:-|

+| customizedNotificationSenderEmailAddress | String | Specifies the email address of the sender from which email notifications will be sent to end users to inform them whether an email is spam, phish or clean. The default value is `null`. Optional for creation. |

+| customizedReportRecipientEmailAddress | String | Specifies the destination where the reported messages from end users will land whenever they report something as phish, junk or not junk. The default value is `null`. Optional for creation. |

+| isAlwaysReportEnabledForUsers | Boolean | Indicates whether end users can report a message as spam, phish or junk directly without a confirmation(popup). The default value is `true`. Optional for creation. |

+| isAskMeEnabledForUsers | Boolean | Indicates whether end users can confirm using a popup before reporting messages as spam, phish or not junk. The default value is `true`. Optional for creation. |

+| isCustomizedMessageEnabled | Boolean | Indicates whether the email notifications sent to end users to inform them if an email is phish, spam or junk is customized or not. The default value is `false`. Optional for creation. |

+| isCustomizedMessageEnabledForPhishing | Boolean | If enabled, customized message only shows when email is reported as phishing. The default value is `false`. Optional for creation. |

+| isCustomizedNotificationSenderEnabled | Boolean | Indicates whether to use the sender email address set using customizedNotificationSenderEmailAddress for sending email notifications to end users. The default value is `false`. Optional for creation. |

+| isNeverReportEnabledForUsers | Boolean | Indicates whether end users can simply move the message from one folder to another based on the action of spam, phish or not junk without actually reporting it. The default value is `true`. Optional for creation. |

+| isOrganizationBrandingEnabled | Boolean | Indicates whether the branding logo should be used in the email notifications sent to end users. The default value is `false`. Optional for creation. |

+| isReportFromQuarantineEnabled | Boolean | Indicates whether end users can submit from the quarantine page. The default value is `true`. Optional for creation. |

+| isReportToCustomizedEmailAddressEnabled | Boolean | Indicates whether emails reported by end users should be send to the custom mailbox configured using customizedReportRecipientEmailAddress. The default value is `false`. Optional for creation. |

+| isReportToMicrosoftEnabled | Boolean | If enabled, the email will be sent to Microsoft for analysis. The default value is `false`. Requried for creation. |

+| isReviewEmailNotificationEnabled | Boolean | Indicates whether an email notification is sent to the end user who reported the email when it has been reviewed by the admin. The default value is `false`. Optional for creation. |

+## Response

+If successful, this method returns a `201 Created` response code and an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_emailthreatsubmissionpolicy_from_emailthreatsubmissionpolicies"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/security/threatSubmission/emailthreatSubmissionPolicies

+Content-type: application/json

+{

+ "isReportToMicrosoftEnabled": true

+}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.emailThreatSubmissionPolicy"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.emailThreatSubmissionPolicy",

+ "id": "DefaultReportSubmissionPolicy",

+ "isReportToMicrosoftEnabled": true,

+ "isReportToCustomizedEmailAddressEnabled": false,

+ "isAskMeEnabledForUsers": true,

+ "isAlwaysReportEnabledForUsers": true,

+ "isNeverReportEnabledForUsers": true,

+ "isCustomizedMessageEnabledForPhishing": false,

+ "isCustomizedMessageEnabled": false,

+ "customizedReportRecipientEmailAddress": null,

+ "isReviewEmailNotificationEnabled": false,

+ "isCustomNotificationSenderEnabled": false,

+ "isOrganizationBrandingEnabled": false,

+ "customizedNotificationSenderEmailAddress": null,

+ "isReportFromQuarantineEnabled": false

+}

+```

+ Title: "Update emailThreatSubmissionPolicy"

+description: "Update the properties of an emailThreatSubmissionPolicy object."

+ms.localizationpriority: medium

+# Update emailThreatSubmissionPolicy

+Namespace: microsoft.graph.security

+Update the properties of an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmissionPolicies.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmissionPolicy.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH security/threatSubmission/emailThreatSubmissionPolicies/{emailThreatSubmissionPoliciesId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+These properties are related to the **user reported message settings**. For details, see [User reported message settings](/microsoft-365/security/office-365-security/user-submission.md).

+| Property | Type | Description |

+|:--|:--|:-|

+| customizedNotificationSenderEmailAddress | String | Specifies the email address of the sender from which email notifications will be sent to end users to inform them whether an email is spam, phish or clean. The default value is `null`. Optional for creation. |

+| customizedReportRecipientEmailAddress | String | Specifies the destination where the reported messages from end users will land whenever they report something as phish, junk or not junk. The default value is `null`. Optional for creation. |

+| isAlwaysReportEnabledForUsers | Boolean | Indicates whether end users can report a message as spam, phish or junk directly without a confirmation(popup). The default value is `true`. Optional for creation. |

+| isAskMeEnabledForUsers | Boolean | Indicates whether end users can confirm using a popup before reporting messages as spam, phish or not junk. The default value is `true`. Optional for creation. |

+| isCustomizedMessageEnabled | Boolean | Indicates whether the email notifications sent to end users to inform them if an email is phish, spam or junk is customized or not. The default value is `false`. Optional for creation. |

+| isCustomizedMessageEnabledForPhishing | Boolean | If enabled, customized message only shows when email is reported as phishing. The default value is `false`. Optional for creation. |

+| isCustomizedNotificationSenderEnabled | Boolean | Indicates whether to use the sender email address set using customizedNotificationSenderEmailAddress for sending email notifications to end users. The default value is `false`. Optional for creation. |

+| isNeverReportEnabledForUsers | Boolean | Indicates whether end users can simply move the message from one folder to another based on the action of spam, phish or not junk without actually reporting it. The default value is `true`. Optional for creation. |

+| isOrganizationBrandingEnabled | Boolean | Indicates whether the branding logo should be used in the email notifications sent to end users. The default value is `false`. Optional for creation. |

+| isReportFromQuarantineEnabled | Boolean | Indicates whether end users can submit from the quarantine page. The default value is `true`. Optional for creation. |

+| isReportToCustomizedEmailAddressEnabled | Boolean | Indicates whether emails reported by end users should be send to the custom mailbox configured using customizedReportRecipientEmailAddress. The default value is `false`. Optional for creation. |

+| isReportToMicrosoftEnabled | Boolean | If enabled, the email will be sent to Microsoft for analysis. The default value is `false`. Requried for creation. |

+| isReviewEmailNotificationEnabled | Boolean | Indicates whether an email notification is sent to the end user who reported the email when it has been reviewed by the admin. The default value is `false`. Optional for creation. |

+## Response

+If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "update_emailthreatsubmissionpolicy"

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/security/threatSubmission/emailthreatSubmissionPolicies/DefaultReportSubmissionPolicy

+Content-type: application/json

+{

+ "isReportToMicrosoftEnabled": false

+}

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get fileThreatSubmission"

+description: "Read the properties and relationships of a fileThreatSubmission object."

+ms.localizationpriority: medium

+# Get fileThreatSubmission

+Namespace: microsoft.graph.security

+Read the properties and relationships of a [fileThreatSubmission](../resources/security-filethreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read,ThreatSubmission.ReadWrite,ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/fileThreats/{fileThreatsId}

+```

+## Optional query parameters

+Not supported.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [fileThreatSubmission](../resources/security-filethreatsubmission.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_filethreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/fileThreats/{fileThreatsId}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.fileThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/fileThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.fileThreatSubmission",

+ "category": "malware",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "file",

+ "fileName": "test.html",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "List fileThreatSubmissions"

+description: "Get a list of the fileThreatSubmission objects and their properties."

+ms.localizationpriority: medium

+# List fileThreatSubmissions

+Namespace: microsoft.graph.security

+Get a list of the [fileThreatSubmission](../resources/security-filethreatsubmission.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read,ThreatSubmission.ReadWrite,ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/fileThreats

+```

+## Optional query parameters

+This method supports `$filter`, `$top`, `$skipToken` and `$count` to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [fileThreatSubmission](../resources/security-filethreatsubmission.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_filethreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/fileThreats

+```

+### Response

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.security.fileThreatSubmission)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/fileThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.fileThreatSubmission",

+ "category": "malware",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "file",

+ "fileName": "test.html",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+ }

+ ]

+}

+```

+ Title: "Create fileThreatSubmission"

+description: "Create a new fileThreatSubmission object."

+ms.localizationpriority: medium

+# Create fileThreatSubmission

+Namespace: microsoft.graph.security

+Create a new [fileThreatSubmission](../resources/security-filethreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.ReadWrite,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /security/threatSubmission/fileThreats

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [fileContentThreatSubmission](../resources/security-filecontentthreatsubmission.md) object. The [fileUrlContentThreatSubmission](../resources/security-fileurlthreatsubmission.md) is reserved and not supported as of today.

+## Response

+If successful, this method returns a `201 Created` response code and a [fileThreatSubmission](../resources/security-filethreatsubmission.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_filethreatsubmission_from_filethreats"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/security/threatSubmission/fileThreatSubmissions

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.fileContentThreatSubmission",

+ "category": "malware",

+ "fileName": "test.html",

+ "fileContent": "UmVjZWl2ZWQ6IGZyb20gTVcyUFIwME1CMDMxNC5uYW1wcmQwMC....."

+}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.fileThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/fileThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.fileThreatSubmission",

+ "category": "malware",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "file",

+ "fileName": "test.html",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "Get urlThreatSubmission"

+description: "Read the properties and relationships of an urlThreatSubmission object."

+ms.localizationpriority: medium

+# Get urlThreatSubmission

+Namespace: microsoft.graph.security

+Read the properties and relationships of an [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read,ThreatSubmission.ReadWrite,ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/urlThreats/{urlThreatsId}

+```

+## Optional query parameters

+Not supported.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_urlthreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/urlThreats/49c5ef5b-1f65-444a-e6b9-08d772ea2059

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.urlThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/urlThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.urlThreatSubmission",

+ "category": "phishing",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "url",

+ "webUrl": "http://phishing.contoso.com",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "List urlThreatSubmissions"

+description: "Get a list of the urlThreatSubmission objects and their properties."

+ms.localizationpriority: medium

+# List urlThreatSubmissions

+Namespace: microsoft.graph.security

+Get a list of the [urlThreatSubmission](../resources/security-urlthreatsubmission.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.Read,ThreatSubmission.ReadWrite,ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.Read.All,ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /security/threatSubmission/urlThreats

+```

+## Optional query parameters

+This method supports `$filter`, `$top`, `$skipToken` and `$count` to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [urlThreatSubmission](../resources/security-urlthreatsubmission.md) objects in the response body.

+## Examples

+### Request

+<!-- {

+ "blockType": "request",

+ "name": "list_urlthreatsubmission"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/security/threatSubmission/urlThreats

+```

+### Response

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.security.urlThreatSubmission)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/urlThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.urlThreatSubmission",

+ "category": "phishing",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "url",

+ "webUrl": "http://phishing.contoso.com",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+ }

+ ]

+}

+```

+ Title: "Create urlThreatSubmission"

+description: "Create a new urlThreatSubmission object."

+ms.localizationpriority: medium

+# Create urlThreatSubmission

+Namespace: microsoft.graph.security

+Create a new [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|ThreatSubmission.ReadWrite,ThreatSubmission.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported|

+|Application|ThreatSubmission.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /security/threatSubmission/urlThreats

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object.

+You may also specify the following properties when creating an **urlThreatSubmission**.

+|Property|Type|Description|

+|:|:|:|

+|category|submissionCategory|Inherited from [threatSubmission](../resources/security-threatsubmission.md) and required field. The possible values are: `notJunk`, `spam`, `phishing`, `malware`, `unknownFutureValue`. It is use to tell what you are reporting the URL as.|

+|webUrl|String|The webUrl to be submitted. Required.|

+## Response

+If successful, this method returns a `201 Created` response code and an [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_urlthreatsubmission_from_urlthreats"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/security/threatSubmission/urlThreats

+Content-type: application/json

+{

+ "@odata.type": "#microsoft.graph.urlThreatSubmission",

+ "category": "phishing",

+ "webUrl": "http://phishing.contoso.com"

+}

+```

+### Response

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.security.urlThreatSubmission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#security/threatSubmission/urlThreatSubmission/$entity",

+ "@odata.type": "#microsoft.graph.urlThreatSubmission",

+ "category": "phishing",

+ "id": "49c5ef5b-1f65-444a-e6b9-08d772ea2059",

+ "createdDateTime": "2021-10-10T03:30:18.6890937Z",

+ "contentType": "url",

+ "webUrl": "http://phishing.contoso.com",

+ "status": "running",

+ "source": "administrator",

+ "createdBy": {

+ "user": {

+ "identity": "c52ce8db-3e4b-4181-93c4-7d6b6bffaf60",

+ "displayName": "Ronald Admin",

+ "email": "tifc@a830edad9050849eqtpwbjzxodq.onmicrosoft.com"

+ }

+ },

+ "result": {

+ "detail": "underInvestigation"

+ },

+ "adminReview": null,

+ "tenantId" : "39238e87-b5ab-4ef6-a559-af54c6b07b42"

+}

+```

+ Title: "Delete operationalInsightsConnection"

+description: "Delete an operationalInsightsConnection object."

+ms.localizationpriority: medium

+# Delete operationalInsightsConnection

+Namespace: microsoft.graph.windowsUpdates

+Delete an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /admin/windows/updates/resourceConnections/{operationalInsightsConnectionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "delete_operationalinsightsconnection"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/fbb71b85-4173-0bf6-d2bc-ee7921b80cb0

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get operationalInsightsConnection"

+description: "Read the properties and relationships of an operationalInsightsConnection object."

+ms.localizationpriority: medium

+# Get operationalInsightsConnection

+Namespace: microsoft.graph.windowsUpdates

+Read the properties and relationships of an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /admin/windows/updates/resourceConnections/{operationalInsightsConnectionId}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_operationalinsightsconnection"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/fbb71b85-4173-0bf6-d2bc-ee7921b80cb0

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.windowsUpdates.operationalInsightsConnection"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "id": "fbb71b85-4173-0bf6-d2bc-ee7921b80cb0",

+ "state": "connected",

+ "azureSubscriptionId": "322ec614-e9c2-4cd5-a55c-5711fdecf02e",

+ "azureResourceGroupName": "target-resource-group",

+ "workspaceName": "my-workspace"

+ }

+}

+```

+ Title: "Delete resourceConnection"

+description: "Delete a resourceConnection object."

+ms.localizationpriority: medium

+# Delete resourceConnection

+Namespace: microsoft.graph.windowsUpdates

+Delete a [resourceConnection](../resources/windowsupdates-resourceconnection.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /admin/windows/updates/resourceConnections/{resourceConnectionId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "delete_resourceConnection"

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/85fbecb2-e407-34e9-9298-4d587857795d

+```

+### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get resourceConnection"

+description: "Read the properties and relationships of a resourceConnection object."

+ms.localizationpriority: medium

+# Get resourceConnection

+Namespace: microsoft.graph.windowsUpdates

+Read the properties and relationships of a [resourceConnection](../resources/windowsupdates-resourceconnection.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /admin/windows/updates/resourceConnections/{resourceConnectionId}

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a [resourceConnection](../resources/windowsupdates-resourceconnection.md) object in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "get_resourceconnection"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/85fbecb2-e407-34e9-9298-4d587857795d

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.windowsUpdates.resourceConnection"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.windowsUpdates.resourceConnection",

+ "id": "85fbecb2-e407-34e9-9298-4d587857795d",

+ "state": "connected"

+ }

+}

+```

+ Title: "List operationalInsightsConnections"

+description: "Get a list of the operationalInsightsConnection objects and their properties."

+ms.localizationpriority: medium

+# List operationalInsightsConnections

+Namespace: microsoft.graph.windowsUpdates

+Get a list of the [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /admin/windows/updates/resourceConnections/microsoft.graph.windowsUpdates.operationalInsightsConnection

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "list_operationalinsightsconnection"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections/microsoft.graph.windowsUpdates.operationalInsightsConnection

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "isCollection": true

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "id": "fbb71b85-4173-0bf6-d2bc-ee7921b80cb0",

+ "state": "connected",

+ "azureSubscriptionId": "322ec614-e9c2-4cd5-a55c-5711fdecf02e",

+ "azureResourceGroupName": "target-resource-group",

+ "workspaceName": "my-workspace"

+ }

+ ]

+}

+```

+ Title: "List resourceConnections"

+description: "Get a list of the resourceConnection objects and their properties."

+ms.localizationpriority: medium

+# List resourceConnections

+Namespace: microsoft.graph.windowsUpdates

+Get a list of the [resourceConnection](../resources/windowsupdates-resourceconnection.md) objects and their properties.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /admin/windows/updates/resourceConnections

+```

+## Optional query parameters

+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [resourceConnection](../resources/windowsupdates-resourceconnection.md) objects in the response body.

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "list_resourceconnection"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.windowsUpdates.resourceConnection",

+ "isCollection": true

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.windowsUpdates.resourceConnection",

+ "id": "85fbecb2-e407-34e9-9298-4d587857795d",

+ "state": "connected"

+ }

+ ]

+}

+```

+ Title: "Create operationalInsightsConnection"

+description: "Create a new operationalInsightsConnection object."

+ms.localizationpriority: medium

+# Create operationalInsightsConnection

+Namespace: microsoft.graph.windowsUpdates

+Create a new [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|WindowsUpdates.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|WindowsUpdates.ReadWrite.All|

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /admin/windows/updates/resourceConnections

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required.|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.

+You must specify the following properties when you create an **operationalInsightsConnection**.

+|Property|Type|Description|

+|:|:|:|

+|azureResourceGroupName|String|The name of the Azure resource group that contains the Log Analytics workspace.|

+|azureSubscriptionId|String|The Azure subscription ID that contains the Log Analytics workspace.|

+|workspaceName|String|The name of the Log Analytics workspace.|

+## Response

+If successful, this method returns a `201 Created` response code and an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object in the response body.

+The following errors are possible:

+|Response Code|Message|

+|:|:|

+|`400 Bad Request`|The specified workspace was not able to be linked. Verify that the key properties are correct.|

+|`403 Forbidden`|The specified workspace was not able to be linked. Verify that the Azure subscription is active.|

+|`409 Conflict`|The specified resource already exists.|

+## Examples

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_operationalInsightsConnection_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/admin/windows/updates/resourceConnections

+Content-Type: application/json

+Content-length: 97

+{

+ "@odata.type": "#microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "azureSubscriptionId": "322ec614-e9c2-4cd5-a55c-5711fdecf02e",

+ "azureResourceGroupName": "target-resource-group",

+ "workspaceName": "my-workspace"

+}

+```

+### Response

+The following is an example of the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.windowsUpdates.operationalInsightsConnection"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "id": "85fbecb2-e407-34e9-9298-4d587857795d",

+ "azureSubscriptionId": "322ec614-e9c2-4cd5-a55c-5711fdecf02e",

+ "azureResourceGroupName": "target-resource-group",

+ "workspaceName": "my-workspace",

+ "state": "connected"

+}

+```

+| reportSettings |[microsoft.graph.adminReportSettings](../resources/adminreportsettings.md)|A container for administrative resources to manage reports.|

+ Title: "adminReportSettings resource type"

+description: "Represents the tenant-level settings for Microsoft 365 reports."

+ms.localizationpriority: medium

+# adminReportSettings resource type

+Namespace: microsoft.graph

+Represents the tenant-level settings for Microsoft 365 reports.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[Get adminReportSettings](../api/adminreportsettings-get.md)|[adminReportSettings](../resources/adminreportsettings.md)|Get the tenant-level settings for Microsoft 365 Reports.|

+|[Update adminReportSettings](../api/adminreportsettings-update.md)|[adminReportSettings](../resources/adminreportsettings.md)|Update tenant-level settings for Microsoft 365 Reports.|

+## Properties

+| Property | Type | Description |

+| -- | -- | - |

+| displayConcealedNames | Boolean | If set to `true`, all reports will conceal user information such as usernames, groups, and sites. If `false`, all reports will show identifiable information. This property represents a setting in the Microsoft 365 admin center. Required. |

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.adminReportSettings",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.adminReportSettings",

+ "displayConcealedNames": "Boolean"

+}

+```

+To manage delegated admin relationships, the calling principal must be in the partner tenant and be granted the appropriate [granular delegated admin privileges permissions](/graph/permissions-reference#granular-delegated-admin-privileges-gdap-permissions).

+ Title: "employeeExperience resource type"

+description: "Represents a container that exposes navigation properties for employee experience resources."

+ms.localizationpriority: medium

+# employeeExperience resource type

+Namespace: microsoft.graph

+Represents a container that exposes navigation properties for employee experience resources.

+## Properties

+None.

+## Relationships

+|Relationship|Type|Description|

+|:|:|:|

+|learningProviders|[learningProvider](../resources/learningprovider.md) collection|A collection of learning providers.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.employeeExperience",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.employeeExperience"

+}

+```

+### resourceConnectionState values

+|Member|

+|:|

+|connected|

+|notAuthorized|

+|notFound|

+|unknownFutureValue|

+### longRunningOperationStatus values

+|Member|

+|:|

+|notStarted|

+|running|

+|succeeded|

+|failed|

+|skipped|

+|unknownFutureValue|

+### submissionCategory values

+|Member|

+|:|

+|notJunk|

+|spam|

+|phishing|

+|malware|

+|unknownFutureValue|

+### submissionClientSource values

+|Member|

+|:|

+|microsoft|

+|other|

+|unknownFutureValue|

+### submissionContentType values

+|Member|

+|:|

+|email|

+|url|

+|file|

+|app|

+|unknownFutureValue|

+### submissionResultCategory values

+|Member|

+|:|

+|notJunk|

+|spam|

+|phishing|

+|malware|

+|allowedByPolicy|

+|blockedByPolicy|

+|spoof|

+|unknown|

+|noResultAvailable|

+|unknownFutureValue|

+### submissionSource values

+|Member|

+|:|

+|user|

+|administrator|

+|unknownFutureValue|

+### tenantAllowBlockListAction values

+|Member|

+|:|

+|allow|

+|block|

+|unknownFutureValue|

+### tenantAllowBlockListEntryType values

+|Member|

+|:|

+|url|

+|fileHash|

+|sender|

+|recipient|

+|unknownFutureValue|

+ Title: "identity resource type"

+description: "Represents an identity of an actor."

+Represents an identity of an _actor_. For example, an actor can be a user, device, or application.

+In some circumstances, the unique identifier for the actor might not be available. In this case, the **displayName** property for the identity will be returned, but the **id** property will be missing from the resource.

+## Properties

+| Property | Type | Description |

+|:--|:-|:-|

+| displayName | String | The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using [delta](../api/driveitem-delta.md). |

+| id | String | Unique identifier for the identity. |

+| tenantId | String | Unique identity of the tenant (optional). |

+ Title: "learningContent resource type"

+description: "Represents an entity that holds details about learning content."

+ms.localizationpriority: medium

+# learningContent resource type

+Namespace: microsoft.graph

+Represents the metadata of content for employee learning.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List learningContents](../api/learningprovider-list-learningcontents.md)|[learningContent](../resources/learningcontent.md) collection|Get a list of the [learningContent](../resources/learningcontent.md) resources and their properties. This list represents the metadata of the specified provider's content in Viva Learning.|

+|[Get learningContent](../api/learningcontent-get.md)|[learningContent](../resources/learningcontent.md)|Get the specified learningContent resource, which represents the metadata of the specified provider's ingested content.|

+|[Update learningContent](../api/learningcontent-update.md)|[learningContent](../resources/learningcontent.md)|Update the specified [learningContent](../resources/learningcontent.md) resource. Used by a [learning provider](learningprovider.md) to ingest or update the metadata for their content in Viva Learning.|

+|[Delete learningContent](../api/learningprovider-delete-learningcontents.md)|None|Delete the specified learningContent resource which represents the metadata of the specified provider's ingested content.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|additionalTags|String collection|Keywords, topics, and other tags associated with the learning content. Optional.|

+|contentWebUrl|String|The content web URL for the learning content. Required.|

+|contributor|String|The author, creator, or contributor of the learning content. Optional.|

+|createdDateTime|DateTimeOffset|The date when the learning content was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Optional.|

+|description|String|The description or summary for the learning content. Optional.|

+|duration|Duration|The duration of the learning content in seconds. Optional.|

+|externalId|String|Unique external content ID for the learning content. Required.|

+|format|String|The format of the learning content. For example, `Course`, `Video`, `Book`, `Book Summary`, `Audiobook Summary`. Optional.|

+|isActive|Boolean|Indicates whether the content is active or not. Inactive content will not show up in the UI. The default value is `true`. Optional.|

+|isPremium|Boolean|Indicates whether the learning content requires the user to sign-in on the learning provider platform or not. The default value is `false`. Optional.|

+|isSearchable|Boolean|Indicates whether the learning content is searchable or not. The default value is `true`. Optional.|

+|languageTag|String|The language of the learning content, for example, `en-us` or `fr-fr`. Required.|

+|lastModifiedDateTime|DateTimeOffset|The date when the learning content was last modified. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Optional.|

+|numberOfPages|Int32|The number of pages of the learning content, for example, 9. Optional.|

+|skillTags|String collection|The skills tags associated with the learning content. Optional.|

+|sourceName|String|The source name of the learning content, such as `LinkedIn Learning` or `Coursera`. Optional.|

+|thumbnailWebUrl|String|The URL of learning content thumbnail image. Optional.|

+|title|String|The title of the learning content. Required.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.learningContent",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.learningContent",

+ "additionalTags": [

+ "String"

+ ],

+ "contentWebUrl": "String",

+ "contributor": "String",

+ "createdDateTime": "String (timestamp)",

+ "description": "String",

+ "duration": "String (duration)",

+ "externalId": "String",

+ "format": "String",

+ "isActive": "Boolean",

+ "isPremium": "Boolean",

+ "isSearchable": "Boolean",

+ "languageTag": "String",

+ "lastModifiedDateTime": "String (timestamp)",

+ "numberOfPages": "Integer",

+ "skillTags": [

+ "String"

+ ],

+ "sourceName": "String",

+ "thumbnailWebUrl": "String",

+ "title": "String"

+}

+```

+ Title: "learningProvider resource type"

+description: "Represents an entity that holds the details about a learning provider."

+ms.localizationpriority: medium

+# learningProvider resource type

+Namespace: microsoft.graph

+Represents an entity that holds the details about a learning provider in Viva learning.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List learningProviders](../api/employeeexperience-list-learningproviders.md)|[learningProvider](../resources/learningprovider.md) collection|Get a list of the [learningProvider](../resources/learningprovider.md) resources registered in Viva Learning for a tenant.|

+|[Create learningProvider](../api/employeeexperience-post-learningproviders.md)|[learningProvider](../resources/learningprovider.md)|Create a new [learningProvider](../resources/learningprovider.md) object and registers it with Viva Learning using the specified display name and logos for different themes.|

+|[Get learningProvider](../api/learningprovider-get.md)|[learningProvider](../resources/learningprovider.md)|Read the properties and relationships of a [learningProvider](../resources/learningprovider.md) object.|

+|[Update learningProvider](../api/learningprovider-update.md)|[learningProvider](../resources/learningprovider.md)|Update the properties of a [learningProvider](../resources/learningprovider.md) object.|

+|[Delete learningProvider](../api/employeeexperience-delete-learningproviders.md)|None|Delete a [learningProvider](../resources/learningprovider.md) resource and remove its registration in Viva Learning for the tenant.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|The display name that appears in Viva Learning. Required.|

+|id|String|The unique identifier for the learning provider. Required.|

+|isEnabled|Boolean|The state of the provider. Optional.|

+|loginWebUrl|String|Authentication URL to access the courses for the provider. Optional.|

+|longLogoWebUrlForDarkTheme|String|The long logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|longLogoWebUrlForLightTheme|String|The long logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForDarkTheme|String|The square logo URL for the dark mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+|squareLogoWebUrlForLightTheme|String|The square logo URL for the light mode, which needs to be a publicly accessible image. This image would be saved to the Blob storage of Viva Learning for rendering within the Viva Learning app. Required.|

+## Relationships

+|Relationship|Type|Description|

+|:|:|:|

+|learningContents|[learningContent](../resources/learningcontent.md) collection|Learning catalog items for the provider.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.learningProvider",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.learningProvider",

+ "displayName": "String",

+ "id": "String (identifier)",

+ "isEnabled": "Boolean",

+ "loginWebUrl": "String",

+ "longLogoWebUrlForDarkTheme": "String",

+ "longLogoWebUrlForLightTheme": "String",

+ "squareLogoWebUrlForDarkTheme": "String",

+ "squareLogoWebUrlForLightTheme": "String"

+}

+```

+description: "Repesents a profile photo of a user, group, team, or Outlook contact accessed from Exchange Online or Azure Active Directory (Azure AD)."

+Repesents a profile photo of a user, group, team, or Outlook contact accessed from Exchange Online or Azure Active Directory (Azure AD). The data is binary and not encoded in base-64.

+The supported sizes of HD photos on Exchange Online are as follows: `48x48`, `64x64`, `96x96`, `120x120`, `240x240`,

+`360x360`,`432x432`, `504x504`, and `648x648`. In Azure AD, photos can be any dimension.

+|[Update profilePhoto](../api/profilephoto-update.md) | [profilePhoto](profilephoto.md) |Assign a photo to the specified user, group, team or contact. The photo should be in binary. It replaces the existing photo, if any. |

+None.

+ "id": "String",

+## Settings

+In Microsoft 365 reports, user information such as usernames, groups, and sites is concealed; actual values are not displayed. You can use the [adminReportSettings ](../resources/adminreportsettings.md) API to control the display of user information in the reports.

+description: "Represents a container for Azure Active Directory (Azure AD) reporting resources."

+Represents a container for Azure Active Directory (Azure AD) reporting resources.

+None.

+**Threat assessment** - The Microsoft Graph threat assessment API helps organizations to assess the threat received by any user in a tenant. This empowers customers to report spam or suspicious emails, phishing URLs, or malware attachments they receive to Microsoft. Microsoft check the sample in question and the organizational policies in play before generating a result so that tenant administrators can understand the threat scanning verdict and adjust their organizational policy. They can also use it to report legitimate emails to prevent them from getting blocked.

+> **Note:** We recommend that you use the [threat submission](https://github.com/microsoftgraph/microsoft-graph-docs/pull/16242/files#threat-submission) API instead.

+## Threat submission

+The Microsoft Graph threat submission API helps organizations to submit a threat received by any user in a tenant. This empowers customers to report spam or suspicious emails, phishing URLs, or malware attachments they receive to Microsoft. Microsoft checks the submission against the organizational policies in effect and sends it to human graders for analysis. The result then helps tenant administrators understand the threat scanning verdict and adjust their organizational policy. Admins can also use the results to report legitimate emails to prevent them from getting blocked.

+> **Note: ** We recommend that you use this API instead of the deprecated Information Protection threat assessment API. The threat submission API provides unified security threat submission functionality and adds unified result support, user submission query support, tenant allow block list support, admin review support and app-only mode support.

+| **Threat submission**|||

+|Get email threat submission|[Get emailThreat](../api/security-emailthreatsubmission-get.md)| [https://graph.microsoft.com/beta/security/threatSubmission/emailThreats/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/emailThreats/{id}&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|List email threat submissions | [List emailThreats](../api/security-emailthreatsubmission-list.md) | [https://graph.microsoft.com/beta/threatSubmission/emailThreats](https://developer.microsoft.com/graph/graph-explorer?request=threatSubmission/emailThreats&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Create email threat submission|[Create emailThreat](../api/security-emailthreatsubmission-post-emailthreats.md)|[https://graph.microsoft.com/beta/security/threatSubmission/emailThreats](https://developer.microsoft.com/graph/graph-explorer?request=security/security/threatSubmission/emailThreats&method=POST&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Review email threat submission|[Review emailThreat](../api/security-emailthreatsubmission-review.md)|[https://graph.microsoft.com/beta/security/threatSubmission/emailThreats/{id}/review](https://developer.microsoft.com/graph/graph-explorer?request=security/security/threatSubmission//emailThreats/{id}/review&method=POST&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Get file threat submission|[Get fileThreat](../api/security-filethreatsubmission-get.md)| [https://graph.microsoft.com/beta/security/threatSubmission/fileThreats/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/urlThreats/{id}&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|List file threat submissions | [List fileThreats](../api/security-filethreatsubmission-list.md) | [https://graph.microsoft.com/beta/threatSubmission/urlThreats](https://developer.microsoft.com/graph/graph-explorer?request=threatSubmission/fileThreats&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Create file threat submission|[Create fileThreat](../api/security-filethreatsubmission-post-fileThreats.md)|[https://graph.microsoft.com/beta/security/threatSubmission/fileThreats](https://developer.microsoft.com/graph/graph-explorer?request=security/security/threatSubmission/fileThreats&method=POST&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Get url threat submission|[Get urlThreat](../api/security-urlthreatsubmission-get.md)| [https://graph.microsoft.com/beta/security/threatSubmission/urlThreats/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/urlThreats/{id}&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|List url threat submissions | [List urlThreats](../api/security-urlthreatsubmission-list.md) | [https://graph.microsoft.com/beta/security/threatSubmission/urlThreats](https://developer.microsoft.com/graph/graph-explorer?request=threatSubmission/urlThreats&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Create url threat submission|[Create urlThreat](../api/security-urlthreatsubmission-post-urlthreats.md)|[https://graph.microsoft.com/beta/security/threatSubmission/urlThreats](https://developer.microsoft.com/graph/graph-explorer?request=security/security/threatSubmission/urlThreats&method=POST&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Get email threat submission policy|[Get emailThreatSubmissionPolicy](../api/security-emailthreatsubmission-get.md)| [https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/emailThreatSubmissionPolicies/{id}&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|List email threat submission policies | [List emailThreatSubmissionPolicies](../api/security-emailthreatsubmissionpolicy-list.md) | [https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/emailThreatSubmissionPolicies&method=GET&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Create email threat submission policy|[Create emailThreatSubmissionPolicy](../api/security-emailthreatsubmission-post-emailthreats.md)|[https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies](https://developer.microsoft.com/graph/graph-explorer?request=/security/threatSubmission/emailThreats&method=POST&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Update email threat submission policy|[Update emailThreatSubmissionPolicy](../api/security-emailthreatsubmission-post-emailthreats.md)|[https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/security/threatSubmission/emailThreatSubmissionPolicies/{id}&method=PATCH&version=beta&GraphUrl=https://graph.microsoft.com)|

+|Delete email threat submission policy|[Delete emailThreatSubmissionPolicy](../api/security-emailthreatsubmissionpolicy-delete.md)|[https://graph.microsoft.com/beta/security/threatSubmission/emailThreatSubmissionPolicies/{id}](https://developer.microsoft.com/graph/graph-explorer?request=security/threatSubmission/emailThreatSubmissionPolicies/{id}&method=DELETE&version=beta&GraphUrl=https://graph.microsoft.com)|

+ Title: "attackSimulationInfo resource type"

+description: "Represents threat submission attack simulation information"

+ms.localizationpriority: medium

+# attackSimulationInfo resource type

+Namespace: microsoft.graph.security

+Represents threat submission's attack simulation information. If an email was an attack simulation email, the email threat submission would contain corresponding attack simulation information.

+## Properties

+| Property | Type | Description |

+|:-|:|:-|

+| attackSimDateTime | DateTimeOffset | Specifies the date time of the attack simulation. |

+| attackSimDurationTime | Duration | Specifies the duration (in time) for the attack simulation |

+| attackSimId | Guid | Specifies the activity id for the attack simulation. |

+| attackSimUserId | String | Specifies the user id of the user who got the attack simulation email |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.attackSimulationInfo"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.attackSimulationInfo",

+ "attackSimId": "Guid",

+ "attackSimDateTime": "String (timestamp)",

+ "attackSimDurationTime": "String (duration)",

+ "attackSimUserId": "String"

+}

+```

+ Title: "emailContentThreatSubmission resource type"

+description: "Represents a threat submission related to the content of an email."

+ms.localizationpriority: medium

+# emailContentThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a threat submission related to the content of an email. This is created when the submission is made using email file content.

+Inherits from [emailThreatSubmission](../resources/security-emailthreatsubmission.md).

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|fileContent|String|Base64 encoded file content.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.emailContentThreatSubmission",

+ "baseType": "microsoft.graph.security.emailThreatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.emailContentThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "recipientEmailAddress": "String",

+ "internetMessageId": "String",

+ "subject": "String",

+ "sender": "String",

+ "senderIP": "String",

+ "receivedDateTime": "String (timestamp)",

+ "originalCategory": "String",

+ "attackSimulationInfo": {

+ "@odata.type": "microsoft.graph.security.attackSimulationInfo"

+ },

+ "tenantAllowOrBlockListAction": {

+ "@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"

+ },

+ "fileContent": "String"

+}

+```

+ Title: "emailThreatSubmission resource type"

+description: "Reports suspected spam, malware or phishing emails to Microsoft Defender for Office 365."

+ms.localizationpriority: medium

+# emailThreatSubmission resource type

+Namespace: microsoft.graph.security

+An abstract type to report suspected spam, malware or phishing emails to Microsoft Defender for Office 365. You can also submit false positive cases, that should not have been blocked by Microsoft Defender for Office 365, for example, emails incorrectly categorized as junk or spam.

+Inherits from [threatSubmission](../resources/security-threatsubmission.md). Base type of [emailContentThreatSubmission](../resources/security-emailcontentthreatsubmission.md) and [emailUrlThreatSubmission](../resources/security-emailurlthreatsubmission.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List emailThreatSubmissions](../api/security-emailthreatsubmission-list.md)|[microsoft.graph.security.emailThreatSubmission](../resources/security-emailthreatsubmission.md) collection|Get a list of the [emailThreatSubmission](../resources/security-emailthreatsubmission.md) objects and their properties.|

+|[Create emailThreatSubmission](../api/security-emailthreatsubmission-post-emailthreats.md)|[microsoft.graph.security.emailThreatSubmission](../resources/security-emailthreatsubmission.md)|Create a new [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object.|

+|[Get emailThreatSubmission](../api/security-emailthreatsubmission-get.md)|[microsoft.graph.security.emailThreatSubmission](../resources/security-emailthreatsubmission.md)|Read the properties and relationships of an [emailThreatSubmission](../resources/security-emailthreatsubmission.md) object.|

+|[review](../api/security-emailthreatsubmission-review.md)|None|Review threat submission from end user by administrator.|

+## Properties

+| Property | Type | Description |

+|:--|:--|:-|

+| attackSimulationInfo | [security.attackSimulationInfo](../resources/security-attacksimulationinfo.md) | If the email is phishing simulation, this field will not be null.|

+| internetMessageId | String | Specifies the internet message id of the email being submitted. This information is present in the email header. |

+| originalCategory | submissionCategory | The original category of the submission. The possible values are: `notJunk`, `spam`, `phishing`, `malware` and `unkownFutureValue`. |

+| receivedDateTime | DateTimeOffset | Specifies the date and time stamp when the email was received. |

+| recipientEmailAddress | String | Specifies the email address (in smtp format) of the recipient who received the email. |

+| sender | String | Specifies the email address of the sender. |

+| senderIP | String | Specifies the IP address of the sender. |

+| subject | String | Specifies the subject of the email . |

+| tenantAllowOrBlockListAction | [security.tenantAllowOrBlockListAction](../resources/security-tenantalloworblocklistaction.md) | It is used to automatically add allows for the components such as URL, file, sender; which are deemed bad by Microsoft so that similar messages in the future can be allowed. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.emailThreatSubmission",

+ "baseType": "microsoft.graph.security.threatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.emailThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "recipientEmailAddress": "String",

+ "internetMessageId": "String",

+ "subject": "String",

+ "sender": "String",

+ "senderIP": "String",

+ "receivedDateTime": "String (timestamp)",

+ "originalCategory": "String",

+ "attackSimulationInfo": {

+ "@odata.type": "microsoft.graph.security.attackSimulationInfo"

+ },

+ "tenantAllowOrBlockListAction": {

+ "@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"

+ }

+}

+```

+ Title: "emailThreatSubmissionPolicy resource type"

+description: "Represents the guidelines of an organization to report potential threats and spam."

+ms.localizationpriority: medium

+# emailThreatSubmissionPolicy resource type

+Namespace: microsoft.graph.security

+Represents the guidelines of an organization to report potential threats and spam messages. It is used for customizing your organization's end user threat submission experience when reporting potential threats and spam in Microsoft Outlook.

+Inherits from [entity](../resources/entity.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List emailThreatSubmissionPolicies](../api/security-emailthreatsubmissionpolicy-list.md)|[microsoft.graph.security.emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) collection|Get a list of the [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) objects and their properties.|

+|[Create emailThreatSubmissionPolicy](../api/security-emailthreatsubmissionpolicy-post-emailthreatsubmissionpolicies.md)|[microsoft.graph.security.emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md)|Create a new [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.|

+|[Get emailThreatSubmissionPolicy](../api/security-emailthreatsubmissionpolicy-get.md)|[microsoft.graph.security.emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md)|Read the properties and relationships of an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.|

+|[Update emailThreatSubmissionPolicy](../api/security-emailthreatsubmissionpolicy-update.md)|None|Update the properties of an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.|

+|[Delete emailThreatSubmissionPolicy](../api/security-emailthreatsubmissionpolicy-delete.md)|None|Deletes an [emailThreatSubmissionPolicy](../resources/security-emailthreatsubmissionpolicy.md) object.|

+## Properties

+| Property | Type | Description |

+|:--|:--|:-|

+| customizedNotificationSenderEmailAddress | String | Specifies the email address of the sender from which email notifications will be sent to end users to inform them whether an email is spam, phish or clean. The default value is `null`. Optional for creation. |

+| customizedReportRecipientEmailAddress | String | Specifies the destination where the reported messages from end users will land whenever they report something as phish, junk or not junk. The default value is `null`. Optional for creation. |

+| id | String | Only one id is supported. The default value is `DefaultReportSubmissionPolicy`. |

+| isAlwaysReportEnabledForUsers | Boolean | Indicates whether end users can report a message as spam, phish or junk directly without a confirmation(popup). The default value is `true`. Optional for creation. |

+| isAskMeEnabledForUsers | Boolean | Indicates whether end users can confirm using a popup before reporting messages as spam, phish or not junk. The default value is `true`. Optional for creation. |

+| isCustomizedMessageEnabled | Boolean | Indicates whether the email notifications sent to end users to inform them if an email is phish, spam or junk is customized or not. The default value is `false`. Optional for creation. |

+| isCustomizedMessageEnabledForPhishing | Boolean | If enabled, customized message only shows when email is reported as phishing. The default value is `false`. Optional for creation. |

+| isCustomizedNotificationSenderEnabled | Boolean | Indicates whether to use the sender email address set using customizedNotificationSenderEmailAddress for sending email notifications to end users. The default value is `false`. Optional for creation. |

+| isNeverReportEnabledForUsers | Boolean | Indicates whether end users can simply move the message from one folder to another based on the action of spam, phish or not junk without actually reporting it. The default value is `true`. Optional for creation. |

+| isOrganizationBrandingEnabled | Boolean | Indicates whether the branding logo should be used in the email notifications sent to end users. The default value is `false`. Optional for creation. |

+| isReportFromQuarantineEnabled | Boolean | Indicates whether end users can submit from the quarantine page. The default value is `true`. Optional for creation. |

+| isReportToCustomizedEmailAddressEnabled | Boolean | Indicates whether emails reported by end users should be send to the custom mailbox configured using customizedReportRecipientEmailAddress. The default value is `false`. Optional for creation. |

+| isReportToMicrosoftEnabled | Boolean | If enabled, the email will be sent to Microsoft for analysis. The default value is `false`. Required for creation. |

+| isReviewEmailNotificationEnabled | Boolean | Indicates whether an email notification is sent to the end user who reported the email when it has been reviewed by the admin. The default value is `false`. Optional for creation. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.emailThreatSubmissionPolicy",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.emailThreatSubmissionPolicy",

+ "id": "String (identifier)",

+ "isReportToMicrosoftEnabled": "Boolean",

+ "isReportToCustomizedEmailAddressEnabled": "Boolean",

+ "isAskMeEnabledForUsers": "Boolean",

+ "isAlwaysReportEnabledForUsers": "Boolean",

+ "isNeverReportEnabledForUsers": "Boolean",

+ "isCustomizedMessageEnabledForPhishing": "Boolean",

+ "isCustomizedMessageEnabled": "Boolean",

+ "customizedReportRecipientEmailAddress": "String",

+ "isReviewEmailNotificationEnabled": "Boolean",

+ "isCustomizedNotificationSenderEnabled": "Boolean",

+ "isOrganizationBrandingEnabled": "Boolean",

+ "customizedNotificationSenderEmailAddress": "String",

+ "isReportFromQuarantineEnabled": "Boolean"

+}

+```

+ Title: "emailUrlThreatSubmission resource type"

+description: "Represents a threat submission object created when the submission is made using the email URL."

+ms.localizationpriority: medium

+# emailUrlThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a threat submission object created when the submission is made using the email URL.

+Inherits from [emailThreatSubmission](../resources/security-emailthreatsubmission.md).

+## Properties

+| Property | Type | Description |

+|:--|:-|:|

+| messageUrl | String | Specifies the url of the message to be submitted. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.emailUrlThreatSubmission",

+ "baseType": "microsoft.graph.security.emailThreatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.emailUrlThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "recipientEmailAddress": "String",

+ "internetMessageId": "String",

+ "subject": "String",

+ "sender": "String",

+ "senderIP": "String",

+ "receivedDateTime": "String (timestamp)",

+ "originalCategory": "String",

+ "attackSimulationInfo": {

+ "@odata.type": "microsoft.graph.security.attackSimulationInfo"

+ },

+ "tenantAllowOrBlockListAction": {

+ "@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"

+ },

+ "messageUrl": "String"

+}

+```

+ Title: "fileContentThreatSubmission resource type"

+description: "Represents a threat submission object created when the submission is made using the content of a file."

+ms.localizationpriority: medium

+# fileContentThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a threat submission object created when the submission is made using the content of a file.

+Inherits from [fileThreatSubmission](../resources/security-filethreatsubmission.md).

+## Properties

+| Property | Type | Description |

+|:|:-|:--|

+| fileContent | String | It specifies the file content in base 64 format. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.fileContentThreatSubmission",

+ "baseType": "microsoft.graph.security.fileThreatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.fileContentThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "fileName": "String",

+ "fileContent": "String"

+}

+```

+ Title: "fileThreatSubmission resource type"

+description: "Represents a threat submission related to a file."

+ms.localizationpriority: medium

+# fileThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a threat submission related to a file. It is used to submit suspected malware email attachments to Microsoft Defender for Office 365. It could also be used to submit false positive cases which should not have been blocked by Microsoft Defender for Office 365, for example, a safe email attachment.

+Currently, file threat submission is routed to Microsoft Defender for Office 365. In future, it may be routed to Microsoft Defender for Endpoint. This is a unified interface for file threat submission no matter where it is routed to.

+This is an abstract type. Inherits from [threatSubmission](../resources/security-threatsubmission.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List fileThreatSubmissions](../api/security-filethreatsubmission-list.md)|[microsoft.graph.security.fileThreatSubmission](../resources/security-filethreatsubmission.md) collection|Get a list of the [fileThreatSubmission](../resources/security-filethreatsubmission.md) objects and their properties.|

+|[Create fileThreatSubmission](../api/security-filethreatsubmission-post-filethreats.md)|[microsoft.graph.security.fileThreatSubmission](../resources/security-filethreatsubmission.md)|Create a new [fileThreatSubmission](../resources/security-filethreatsubmission.md) object.|

+|[Get fileThreatSubmission](../api/security-filethreatsubmission-get.md)|[microsoft.graph.security.fileThreatSubmission](../resources/security-filethreatsubmission.md)|Read the properties and relationships of a [fileThreatSubmission](../resources/security-filethreatsubmission.md) object.|

+## Properties

+| Property | Type | Description |

+|:|:-|:-|

+| fileName | String | It specifies the file name to be submitted. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.fileThreatSubmission",

+ "baseType": "microsoft.graph.security.threatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.fileThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "fileName": "String"

+}

+```

+ Title: "fileUrlThreatSubmission resource type"

+description: "Represents file threat submission object created when a submission is made using a file URL."

+ms.localizationpriority: medium

+# fileUrlThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a file threat submission object created when a submission is made using a file URL. This API is reserved and is not currently supported.

+Inherits from [fileThreatSubmission](../resources/security-filethreatsubmission.md).

+## Properties

+| Property | Type | Description |

+|:|:-|:|

+| fileUrl | String | It specifies the URL of the file which needs to be submitted. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.fileUrlThreatSubmission",

+ "baseType": "microsoft.graph.security.fileThreatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.fileUrlThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "fileName": "String",

+ "fileUrl": "String"

+}

+```

+ Title: "submissionAdminReview resource type"

+description: "Represents admin review information for threat submission"

+ms.localizationpriority: medium

+# submissionAdminReview resource type

+Namespace: microsoft.graph.security

+Represents admin review information for a threat submission. Currently, only a user reported email threat submission is supported and can be reviewed by an administrator.

+## Properties

+| Property | Type | Description |

+|:|:-|:|

+| reviewBy | String | Specifies who reviewed the email. The identification is an email ID or other identity strings.|

+| reviewDateTime | DateTimeOffset | Specifies the date time when the review occurred.|

+| reviewResult | submissionResultCategory | Specifies what the review result was. The possible values are: `notJunk`, `spam`, `phishing`, `malware`, `allowedByPolicy`, `blockedByPolicy`, `spoof`, `unknown`, `noResultAvailable`, and `unknownFutureValue`. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.submissionAdminReview",

+ "reviewDateTime": "String (timestamp)",

+ "reviewResult": "String",

+ "reviewBy": "String"

+}

+```

+ Title: "submissionDetectedFile resource type"

+description: "Represents the information of a detected file in a threat submission"

+ms.localizationpriority: medium

+# submissionDetectedFile resource type

+Namespace: microsoft.graph.security

+Represents the information of a detected file in a threat submission.

+## Properties

+| Property | Type | Description |

+|:|:-|:|

+| fileHash | String | The file hash. |

+| fileName | String | The file name. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.submissionDetectedFile"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.submissionDetectedFile",

+ "fileName": "String",

+ "fileHash": "String"

+}

+```

+ Title: "submissionResult resource type"

+description: "Represents the result of a review after the threat submission is processed by Microsoft."

+ms.localizationpriority: medium

+# submissionResult resource type

+Namespace: microsoft.graph.security

+Represents the result of a review after the threat submission is processed by Microsoft.

+## Properties

+| Property | Type | Description |

+|:-|:--|:|

+| category | submissionResultCategory | The submission result category. The possible values are: `notJunk`, `spam`, `phishing`, `malware`, `allowedByPolicy`, `blockedByPolicy`, `spoof`, `unknown`, `noResultAvailable` and `unkownFutureValue`. |

+| detail | [security.submissionResultDetail](#submissionresultdetail-values) | Specifies the additional details provided by Microsoft to substantiate their analysis result. |

+| detectedFiles | Collection([security.submissionDetectedFile](../resources/security-submissiondetectedfile.md)) | Specifies the files detected by Microsoft in the submitted emails.|

+| detectedUrls | Collection(String) | Specifes the URLs detected by Microsoft in the submitted email.|

+| userMailboxSetting | [security.userMailboxSetting](#usermailboxsetting-values) | Specifies the setting for user mailbox denoted by a comma-separated string. |

+### userMailboxSetting values

+| Member | Description |

+| :-- | : |

+| none | no user mailbox setting related with this threat submission. |

+| junkMailDeletion | the submitted email was applied with junk mail deletion. |

+| isFromAddressInAddressBook | the submitted email was from address in address book. |

+| isFromAddressInAddressSafeList | the submitted email was from address in address safe list. |

+| isFromAddressInAddressBlockList | the submitted email was from address in address safe list. |

+| isFromAddressInAddressImplicitSafeList | the submitted email was from address in address implicit safe list. |

+| isFromAddressInAddressImplicitJunkList | the submitted email was from address in address implicit junk list. |

+| isFromDomainInDomainSafeList | the submitted email was from domain in domain safe list. |

+| isFromDomainInDomainBlockList | the submitted email was from domain in domain block list. |

+| isRecipientInRecipientSafeList | the submitted email was to recipient in recipient safe list. |

+| customRule | the submitted email was handled by one user custom rule. |

+| senderPraPresent | the submitted email was from sender who presents before. |

+| fromFirstTimeSender | the submitted email was from first time sender. |

+| exclusive | the recipient of the submitted email are exclusive to the recipient's address book while delivery was only allowed from address book contacts. |

+| priorSeenPass | the submitted email was prior seen passed. |

+| senderAuthenticationSucceeded | the sender authentication of the submitted email was succeeded. |

+| isJunkMailRuleEnabled | the junk mail rule was enabled. |

+| unknownFutureValue | unknown future value. |

+### submissionResultDetail values

+| Member | Description |

+| :- | :-- |

+| none | Microsoft has no additional details on the result to share. |

+| underInvestigation | Microsoft is still analyzing the sample and the results should be available soon. |

+| simulatedThreat | The reported message was blocked as it is a phish simulated email send to users for phish education. To configure EOP/MDO to allow it check out advanced delivery|

+| allowedBySecOps | The reported message was allowed due to advanced delivery flow for security operators mailbox. So, remove it from advanced delivery to block it |

+| allowedByThirdPartyFilters | The reported message was allowed/blocked due third-party filters working in conjunction with EOP/MDO. Configure enhanced filtering so that EOP/MDO can filter accurately |

+| messageNotFound | Microsoft cannot provide a verdict on the reported message as Microsoft cannot find the actual message. Please resubmit by uploading the email using submissions in security.microsoft.com |

+| urlFileShouldNotBeBlocked | Microsoft finds the reported entity to be clean. Existing emails containing it have been released. The phish and malware filters will learn from this after a few weeks. Till then to allow it, create an allow entry in Tenant allow/block list if not done already. |

+| urlFileShouldBeBlocked | Microsoft finds the reported entity to be malicious. Existing emails containing it have been quarantined. The phish and malware filters will learn from this after a few weeks. Till then to block it, create a block entry in Tenant allow/block list if not done already |

+| urlFileCannotMakeDecision | Microsoft cannot reach a verdict at this time. Resubmit it to get a verdict on it after analysis. Use Tenant allow/block list to immediately allow/block it if not already done. |

+| domainImpersonation | The reported message was allowed/blocked due to domain impersonation policy settings. Configure domain impersonation policy so that EOP/MDO can filter accordingly |

+| userImpersonation | The reported message was allowed/blocked due to user impersonation policy settings. Configure user impersonation policy so that EOP/MDO can filter accordingly |

+| brandImpersonation | The reported message was allowed/blocked due to brand impersonation policy settings. Configure brand impersonation policy so that EOP/MDO can filter accordingly |

+| outboundShouldNotBeBlocked | The reported outgoing messages has been found clean and Microsoft will update its machine learning based outbound filters in the coming weeks. |

+| outboundShouldBeBlocked | The reported outgoing messages has been found malicious and Microsoft will update its machine learning based outbound filters in the coming weeks. |

+| outboundBulk | Microsoft find the reported message to be spam/junk. The outbound filters will learn after a few weeks |

+| outboundCannotMakeDecision | Microsoft cannot reach a verdict at this time. Resubmit it to get to a verdict on it after analysis. |

+| outboundNotRescanned | Microsoft cannot provide a verdict on the reported outbound message as Microsoft cannot find the actual message. Please resubmit by uploading the email using submissions in security.microsoft.com |

+| zeroHourAutoPurgeAllowed | The reported message was zapped as organization has zero-hour auto purge on. |

+| zeroHourAutoPurgeBlocked | The Reported message could not be zapped as organization has turned off zero-hour auto purge. Turn on zero-hour auto purge for EOP/MDO to zap messages if they turn malicious after delivery|

+| zeroHourAutoPurgeQuarantineReleased | The reported message was released from Quarantine despite being quarantined due to zap as message turned malicious after delivery. |

+| onPremisesSkip | The reported message cannot be analyzed as this went through a onprem setup of exchange online protection. Configure your hybrid setup so that EOP/MDO can scan messages before delivering to exchange onprem mailboxes |

+| allowedByTenantAllowBlockList | The reported message was allowed as one or more entities in the email are on the tenant allow/ block list. Remove allows from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| blockedByTenantAllowBlockList | The reported message was blocked as one or more entities in the email are on the tenant allow/ block list. Remove blocks from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| allowedUrlByTenantAllowBlockList | The reported URL was allowed as it is on the Tenant allow/block list. Remove the allow from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| allowedFileByTenantAllowBlockList | The reported file was allowed as it is on the Tenant allow/block list. Remove the allow from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| allowedSenderByTenantAllowBlockList | The reported message was allowed as the sender of the email is on the Tenant allow/block list. Remove allow from Tenant allow/block list so that EOP/MDO can filter accordingly|

+| allowedRecipientByTenantAllowBlockList | The reported outgoing message was allowed as recipient is on the Tenant allow/block list. Remove allow from Tenant allow/block so that EOP/MDO can filter accordingly |

+| blockedUrlByTenantAllowBlockList | The reported URL was blocked as it is on the Tenant allow/block list. Remove the block from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| blockedFileByTenantAllowBlockList | The reported file was blocked as it is on the Tenant allow/block list. Remove the block from Tenant allow/block list so that EOP/MDO can filter accordingly |

+| blockedSenderByTenantAllowBlockList | The reported message was blocked as the sender of the email is on the Tenant allow/block list. Remove block from Tenant allow/block list so that EOP/MDO can filter accordingly|

+| blockedRecipientByTenantAllowBlockList | The reported outgoing message was blocked as recipient is on the Tenant allow/block list. Remove block from Tenant allow/block so that EOP/MDO can filter accordingly |

+| allowedByConnection | The reported message was allowed as the sending IP is on the hosted connection filter policy. Remove the IP from the hosted connection filter policy so that EOP/MDO can filter accordingly |

+| blockedByConnection | The reported message was blocked as the sending IP is on the hosted connection filter policy. Remove the IP from the hosted connection filter policy so that EOP/MDO can filter accordingly |

+| allowedByExchangeTransportRule | The reported message was allowed as the organization has a related exchange transport rule. Remove the exchange transport rule so that EOP/MDO can filter accordingly. |

+| blockedByExchangeTransportRule | The reported message was blocked as the organization has a related exchange transport rule. Remove the exchange transport rule so that EOP/MDO can filter accordingly. |

+| quarantineReleased | The reported message was released from Quarantine despite being quarantined by EOP/MDO |

+| quarantineReleasedThenBlocked | The reported message was blocked by user setting after being released from Quarantine. Remove the user setting so that the mail can be released to the inbox |

+| junkMailRuleDisabled | The reported message was bound to be delivered to the junk folder, but junk folder has been disabled. Turn on junk folder setting so that EOP/MDO can deliver emails accordingly |

+| allowedByUserSetting | The reported message was allowed due to user safe or trusted sender setting in outlook. Remove the safe or trusted sender setting so that EOP/MDO can filter accordingly |

+| blockedByUserSetting | The reported message was blocked due to user blocked or trusted sender setting in outlook. Remove the blocked or trusted sender setting so that EOP/MDO can filter accordingly |

+| allowedByTenant | The reported message was allowed due to tenant policy or policy action settings. Review the EOP/MDO policy or policy action settings so that EOP/MDO can filter accordingly |

+| blockedByTenant | The reported message was blocked due to tenant policy or policy action settings. Review the EOP/MDO policy or policy action settings so that EOP/MDO can filter accordingly |

+| invalidFalsePositive | The reported message is already allowed by EOP/MDO. |

+| invalidFalseNegative | The reported message is already blocked by EOP/MDO. |

+| spoofBlocked | The reported message has been determined by spoof by our system and so blocked. Create a spoof allow in Tenant allow/block list so that EOP/MDO can allow emails from this spoofed sender |

+| goodReclassifiedAsBad | Microsoft finds the reported message to be malicious. Existing emails have been quarantined. The phish and malware filters will learn from this after a few weeks. Till then to block it, create a block entry in Tenant allow/block list if not done already |

+| goodReclassifiedAsBulk | Microsoft finds the reported message to be spam. The spam and bulk filters will learn from this after a few weeks. Till then to block it, create a block entry in Tenant allow/block list if not done already |

+| goodReclassifiedAsGood | Microsoft finds the reported message to be clean. If you disagree with this verdict resubmit the email. Till then to block it, create a block entry in Tenant allow/block list if not done already |

+| goodReclassifiedAsCannotMakeDecision | Microsoft cannot reach a verdict at this time. Resubmit it to get a verdict on it after analysis. Use Tenant allow/block list to immediately block it if not done already. |

+| badReclassifiedAsGood | Microsoft finds the reported message to be clean. Existing emails have been released. The phish and malware filters will learn from this after a few weeks. Till then to allow it, create an allow entry in Tenant allow/block list if not done already |

+| badReclassifiedAsBulk | Microsoft finds the reported message to be spam. The spam and bulk filters will learn from this after a few weeks. Till then to allow it, create an allow entry in Tenant allow/block list if not done already |

+| badReclassifiedAsBad | Microsoft finds the reported message to be malicious. If you disagree with this verdict resubmit the email. Till then to allow it, create an allow entry in Tenant allow/block list if not done already |

+| badReclassifiedAsCannotMakeDecision | Microsoft cannot reach a verdict at this time. Resubmit it to get a verdict on it after analysis. Use Tenant allow/block list to immediately allow it if not done already. |

+| unknownFutureValue | Any future value which is not in use now. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.submissionResult"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.submissionResult",

+ "category": "String",

+ "detail": "String",

+ "userMailboxSetting": "String",

+ "detectedUrls": [

+ "String"

+ ],

+ "detectedFiles": [

+ {

+ "@odata.type": "microsoft.graph.security.submissionDetectedFile"

+ }

+ ]

+}

+```

+ Title: "submissionUserIdentity resource type"

+description: "Represents the identity of the user who sends the threat submission."

+ms.localizationpriority: medium

+# submissionUserIdentity resource type

+Namespace: microsoft.graph.security

+Represents the identity of the user who sends the threat submission.

+Inherits from [identity](../resources/identity.md).

+## Properties

+| Property | Type | Description |

+|:|:-|:|

+| displayName | String | Inherited from **identity**. |

+| email | String | The email of user who is making the submission when logged in (delegated token case). |

+| id | String | Inherited from **identity**. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.submissionUserIdentity",

+ "displayName": "String",

+ "id": "String (identifier)",

+ "email": "String"

+}

+```

+ Title: "tenantAllowBlockListEntryResult resource type"

+description: "Represents a tenant allow block list entry result."

+ms.localizationpriority: medium

+# tenantAllowBlockListEntryResult resource type

+Namespace: microsoft.graph.security

+Represents the result of a tenant allow block list entry. An entry for a tenant allow block list item can be a URL, attachment, or senders.

+## Properties

+| Property | Type | Description |

+|:-|:|:--|

+| entryType | tenantAllowBlockListEntryType | The entry type of tenant allow block list. The possible values are: `url`, `fileHash`, `sender`, `recipient` and `unkownFutureValue`. |

+| expirationDateTime | DateTimeOffset | Specifies when will this entry expire in date time. |

+| identity | String | Specifies the identity of the entry generated by the tenant allow block list system. |

+| status | longRunningOperationStatus | Specifies whether the tenant allow block list entry creation operation was successful. The possible values are: `notStarted`, `running`, `succeeded`, `failed`, `skipped` and `unkownFutureValue`. |

+| value | String | Specifies the value of the created tenant allow block list entry. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.tenantAllowBlockListEntryResult"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.tenantAllowBlockListEntryResult",

+ "identity": "String",

+ "value": "String",

+ "entryType": "String",

+ "expirationDateTime": "String (timestamp)",

+ "status": "String"

+}

+```

+ Title: "tenantAllowOrBlockListAction resource type"

+description: "Represents tenant allow or block list action"

+ms.localizationpriority: medium

+# tenantAllowOrBlockListAction resource type

+Namespace: microsoft.graph.security

+Represents the tenant allow-or-block list action. When an admin creates an email threat submission, a tenant allow block list operation can also be provided. When a tenant allow block list operation is provided, the threat submission will automatically add related items (URLs, attachments, senders) to the tenant allow block list.

+## Properties

+| Property | Type | Description |

+|:-|:--|:|

+| action | tenantAllowBlockListAction | Specifies whether the tenant allow block list is an allow or block. The possible values are: `allow`, `block`, and `unkownFutureValue`.|

+| expirationDateTime | DateTimeOffset | Specifies when the tenant allow-block-list expires in date time. |

+| note | String | Specifies the note added to the tenant allow block list entry in the format of string. |

+| results | Collection([security.tenantAllowBlockListEntryResult](../resources/security-tenantallowblocklistentryresult.md)) | Contains the result of the submission that lead to the tenant allow-block-list entry creation. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.security.tenantAllowOrBlockListAction"

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.tenantAllowOrBlockListAction",

+ "action": "String",

+ "results": [

+ {

+ "@odata.type": "microsoft.graph.security.tenantAllowBlockListEntryResult"

+ }

+ ],

+ "expirationDateTime": "String (timestamp)",

+ "note": "String"

+}

+```

+ Title: "threatSubmission resource type"

+description: "Represents a threat submission, which is used to submit suspected email, UTL, or file threats to Microsoft Defender."

+ms.localizationpriority: medium

+# threatSubmission resource type

+Namespace: microsoft.graph.security

+Represents a threat submission, which is an abstract type for representing suspected spam, malware, phish, and blocked legitimate emails; malware, phish and blocked legitimate URLs; phish, malware and blocked legitimate email attachments to Microsoft Defender for Office 365, and suspicious files to Microsoft Defender for Endpoint.

+This resource can also be used to submit false positive cases that should not be blocked by Microsoft Defender for Office 365; for example, not junk emails, safe URLs, and safe email attachments.

+This is an abstract type. Inherits from [entity](../resources/entity.md). Base type of [emailThreatSubmission](../resources/security-emailthreatsubmission.md), [urlThreatSubmission](../resources/security-urlthreatsubmission.md), [fileThreatSubmissin](../resources/security-filethreatsubmission.md).

+## Properties

+| Property | Type | Description |

+|:-|:|:|

+| adminReview | [security.submissionAdminReview](../resources/security-submissionadminreview.md)| Specifies the admin review property which constitutes of who reviewed the user submission, when and what was it identified as. |

+| category | submissionCategory | Specifies the category of the submission. Supports `$filter = category eq 'value'`. The possible values are: `notJunk`, `spam`, `phishing`, `malware` and `unkownFutureValue`.|

+| clientSource | submissionClientSource | Specifies the source of the submission. The possible values are: `microsoft`, `other` and `unkownFutureValue`. |

+| contentType | submissionContentType | Specifies the type of content being submitted. The possible values are: `email`, `url`, `file`, `app` and `unkownFutureValue`. |

+| createdBy | [security.submissionUserIdentity](../resources/security-submissionuseridentity.md) | Specifies who submitted the email as a threat. Supports `$filter = createdBy/email eq 'value'`. |

+| createdDateTime | DateTimeOffset | Specifies when the threat submission was created. Supports `$filter = createdDateTime ge 2022-01-01T00:00:00Z and createdDateTime lt 2022-01-02T00:00:00Z`. |

+| id | String | Specifies the ID of threat submission. |

+| result | [security.submissionResult](../resources/security-submissionresult.md) | Specifies the result of the analysis performed by Microsoft. |

+| source | submissionSource | Specifies the role of the submitter. Supports `$filter = source eq 'value'`. The possible values are: `administrator`, `user` and `unkownFutureValue`. |

+| status | longRunningOperationStatus | Indicates whether the threat submission has been analyzed by Microsoft. Supports `$filter = status eq 'value'`. The possible values are: `notStarted`, `running`, `succeeded`, `failed`, `skipped` and `unkownFutureValue`. |

+| tenantId | String | Indicates the tenant id of the submitter. Not required when created using a `POST` operation. It is extracted from the token of the post API call. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.threatSubmission",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.threatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String"

+}

+```

+ Title: "urlThreatSubmission resource type"

+description: "Represent a threat submission related to a URL"

+ms.localizationpriority: medium

+# urlThreatSubmission resource type

+Namespace: microsoft.graph.security

+Represent a threat submission related to a URL.

+This resource is used to submit suspected phishing URLs to Microsoft Defender for Office 365. It can also be used to submit false positive cases that should not have been blocked, such as safe URLs.

+Inherits from [threatSubmission](../resources/security-threatsubmission.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List urlThreatSubmissions](../api/security-urlthreatsubmission-list.md)|[microsoft.graph.security.urlThreatSubmission](../resources/security-urlthreatsubmission.md) collection|Get a list of the [urlThreatSubmission](../resources/security-urlthreatsubmission.md) objects and their properties.|

+|[Create urlThreatSubmission](../api/security-urlthreatsubmission-post-urlthreats.md)|[microsoft.graph.security.urlThreatSubmission](../resources/security-urlthreatsubmission.md)|Create a new [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object.|

+|[Get urlThreatSubmission](../api/security-urlthreatsubmission-get.md)|[microsoft.graph.security.urlThreatSubmission](../resources/security-urlthreatsubmission.md)|Read the properties and relationships of an [urlThreatSubmission](../resources/security-urlthreatsubmission.md) object.|

+## Properties

+| Property | Type | Description |

+|:|:-|:-|

+| webUrl | String | Denotes the webUrl that needs to be submitted. |

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.security.urlThreatSubmission",

+ "baseType": "microsoft.graph.security.threatSubmission",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.security.urlThreatSubmission",

+ "id": "String (identifier)",

+ "tenantId": "String",

+ "createdDateTime": "String (timestamp)",

+ "contentType": "String",

+ "category": "String",

+ "source": "String",

+ "createdBy": {

+ "@odata.type": "microsoft.graph.security.submissionUserIdentity"

+ },

+ "status": "String",

+ "result": {

+ "@odata.type": "microsoft.graph.security.submissionResult"

+ },

+ "adminReview": {

+ "@odata.type": "microsoft.graph.security.submissionAdminReview"

+ },

+ "clientSource": "String",

+ "webUrl": "String"

+}

+```

+description: "Connects Microsoft security products, services, and partners to streamline security operations and improve threat protection, detection, and response capabilities."

+Connects Microsoft security products, services, and partners to streamline security operations and improve threat protection, detection, and response capabilities.

+|threatSubmission|[security.threatSubmission](../resources/security-threatsubmission.md)|A threat submission sent to Microsoft; for example, a suspicious email threat, URL threat, or file threat.|

+|[Get team photo](../api/profilephoto-get.md) | Binary data | Get the photo (picture) for a team. |

+|[channel](../resources/channel.md)|[List](../api/channel-list.md), [create](../api/channel-post.md), [get](../api/channel-get.md), [update](../api/channel-patch.md), [delete](../api/channel-delete.md)|

+|[chat](../resources/chat.md)| [List](../api/chat-list.md), [read](../api/chat-get.md)

+|[chatMessage](../resources/chatmessage.md)| [List in channel](../api/channel-list-messages.md), [list in chat](../api/chat-list-messages.md), [send](../api/chatmessage-post.md), [read in channel](../api/chatmessage-get.md), [read in chat](../api/chatmessage-get.md)|

+|[group](../resources/group.md)| [Add member](../api/group-post-members.md),ΓÇ»[remove member](../api/group-delete-members.md), [add owner](../api/group-post-owners.md),ΓÇ»[remove owner](../api/group-delete-owners.md), [get files](drive.md), [get notebook](../resources/notebook.md), [get plans](plannergroup.md), [get calendar](event.md) |

+|[learningContent](learningcontent.md) | [List](../api/learningprovider-list-learningcontents.md), [Get](../api/learningcontent-get.md), [Update](../api/learningcontent-update.md), [Delete](../api/learningprovider-delete-learningcontents.md) |

+|[learningProvider](learningprovider.md) | [List](../api/employeeexperience-list-learningproviders.md), [Create](../api/employeeexperience-post-learningproviders.md), [Get](../api/learningprovider-get.md), [Update](../api/learningprovider-update.md), [Delete](../api/employeeexperience-delete-learningproviders.md) |

+|[teamsApp](../resources/teamsapp.md)|[List](../api/appcatalogs-list-teamsapps.md), [publish](../api/teamsapp-publish.md), [update](../api/teamsapp-update.md), [remove](../api/teamsapp-delete.md)|

+|[teamsAppInstallation](../resources/teamsappinstallation.md)| [List](../api/team-list-installedapps.md), [install](../api/team-post-installedapps.md), [upgrade](../api/team-delete-installedapps.md), [remove](../api/team-delete-installedapps.md) |

+|[teamsTab](../resources/teamstab.md) |[List](../api/channel-list-tabs.md), [create](../api/channel-post-tabs.md), [read](../api/channel-get-tabs.md), [update](../api/channel-patch-tabs.md), [delete](../api/channel-delete-tabs.md) |

+|[timeOff](../resources/timeoff.md)| [Create](../api/schedule-post-timesoff.md), [list](../api/schedule-list-timesoff.md), [get](../api/timeoff-get.md), [replace](../api/timeoff-put.md), [delete](../api/timeoff-delete.md) |

+|[timeOffReason](../resources/timeoffreason.md)| [Create](../api/schedule-post-timeoffreasons.md), [list](../api/schedule-list-timeoffreasons.md), [get](../api/timeoffreason-get.md), [replace](../api/timeoffreason-put.md), [delete](../api/timeoffreason-delete.md) |

+ Title: "Use the employee learning API to integrate with Viva Learning"

+description: "Learn how to register a provider, and integrate your content and learner records from your learning provider to Viva Learning."

+ms.localizationpriority: medium

+# Use the employee learning API to integrate with Viva Learning

+Viva Learning is a centralized employee learning hub in Microsoft Teams that lets employees integrate learning and building skills into their work day. In Viva Learning, teams can discover, share, recommend, and learn from content libraries provided by both their organization and partners. They can quickly access assigned or recently completed learning content, and do all of this without leaving Microsoft Teams.

+The employee learning API in Microsoft Graph enables apps to make content from a Learning Management System (LMS) or learning provider available in Viva Learning. Use the following resources to integrate with Viva Learning:

+- [Learning provider](learningprovider.md) to manage learning providers, including registering, enabling, disabling, or deleting providers.

+- [Learning content](learningcontent.md) to upload and manage learning content metadata from your LMS or learning provider in Viva Learning.

+## How do integrations work?

+As administrators, you can integrate your content and learner records (employee assignments and completed course records) from your LMS or learning provider with Viva Learning, by using out-of-the-box integrations where Viva Learning can pull content metadata and learning records from your LMS or learning provider. You can also [use the employee learning API](#use-cases-for-the-employee-learning-api-in-microsoft-graph) in Microsoft Graph to push content metadata from your LMS or learning provider into Viva Learning.

+When the content metadata, employee assignments, and their completed course records are uploaded to Viva Learning, they appear in Viva Learning at the following locations:

+- The content appears on the home page under the **Browse courses** ΓÇô **Providers** section.

+- Assignments and completed course records appear on the **My Learning** page under the **Assigned to you** and **Completed** sections, respectively.

+## Authorization

+With the appropriate delegated or application [employee learning permissions](/graph/permissions-reference#employee-learning-permissions), your app can use the employee learning API to manage learning providers and their content for a learning hub in a tenant. For more information about access tokens, app registration, and delegated and application permissions, see [Authentication and authorization basics](/graph/auth/auth-concepts).

+## Use cases for the employee learning API in Microsoft Graph

+Use the employee learning APIs to do the following:

+- [Register a provider with Viva Learning](../api/employeeexperience-post-learningproviders.md), provide a display name, square logo that is displayed on a learning content card, and a long logo that is displayed in the **Details** page, which is required for the provider content to show up in Viva Learning. The returned registration ID can be used to make the subsequent calls for content ingestion.

+- Enable or disable a registration and update the display name and logo URLs for a provider.ΓÇ»

+- [Get the details about a provider](../api/learningprovider-get.md) in Viva Learning for a specific **registrationId**.ΓÇ»

+- [Get the list of provider registrations](../api/employeeexperience-list-learningproviders.md) in Viva Learning for a tenant.

+- [Delete a registration](../api/employeeexperience-delete-learningproviders.md) of a provider in Viva Learning.

+- [Push content metadata](../api/learningcontent-update.md) to Viva Learning to make content available within Viva Learning for consumption by users.ΓÇ»

+- [Get a list of the metadata of a provider's ingested content](../api/learningprovider-list-learningcontents.md) by using the **registrationId** of a provider.ΓÇ»

+- [Get the specified metadata of a provider's ingested content](../api/learningcontent-get.md) in Viva Learning.

+- [Delete the specfied metadata of a provider's ingested content](../api/learningprovider-delete-learningcontents.md).

+>**Note**: Assignments and completed course records are not yet available in the employee learning API.

+## What's new

+Find out about the [latest new features and updates](/graph/whats-new-overview) for this API set.

+## Next steps

+- [Enable employee learning using the collaborative capabilities in Teams](/graph/teams-concept-overview#enable-employee-learning-using-the-collaborative-capabilities-in-teams).

+- Try the employee learning API in the [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).

+ Title: "operationalInsightsConnection resource type"

+description: "Represents a specialized resourceConnection that links a Log Analytics workspace to the Windows Update for Business deployment service."

+ms.localizationpriority: medium

+# operationalInsightsConnection resource type

+Namespace: microsoft.graph.windowsUpdates

+Represents a specialized [resourceConnection](../resources/windowsupdates-resourceconnection.md) that links a Log Analytics workspace to the Windows Update for Business deployment service.

+Inherits from [resourceConnection](../resources/windowsupdates-resourceconnection.md).

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List operationalInsightsConnections](../api/windowsupdates-updates-list-resourceconnections-operationalinsightsconnection.md)|[microsoft.graph.windowsUpdates.operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) collection|Get a list of the [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) objects and their properties.|

+|[Create operationalInsightsConnection](../api/windowsupdates-updates-post-resourceconnections-operationalinsightsconnection.md)|[microsoft.graph.windowsUpdates.operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md)|Create a new [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.|

+|[Get operationalInsightsConnection](../api/windowsupdates-operationalinsightsconnection-get.md)|[microsoft.graph.windowsUpdates.operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md)|Read the properties and relationships of an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.|

+|[Delete operationalInsightsConnection](../api/windowsupdates-operationalinsightsconnection-delete.md)|None|Delete an [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|azureResourceGroupName|String|The name of the Azure resource group that contains the Log Analytics workspace.|

+|azureSubscriptionId|String|The Azure subscription ID that contains the Log Analytics workspace.|

+|id|String|An identifier for the resource connection. Key. Not nullable. Read-only. Returned by default.|

+|state|microsoft.graph.windowsUpdates.resourceConnectionState|The state of the connection. The possible values are: `connected`, `notAuthorized`, `notFound`, `unknownFutureValue`.|

+|workspaceName|String|The name of the Log Analytics workspace.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "baseType": "microsoft.graph.windowsUpdates.resourceConnection",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.windowsUpdates.operationalInsightsConnection",

+ "azureResourceGroupName": "String",

+ "azureSubscriptionId": "String",

+ "id": "String (identifier)",

+ "state": "String",

+ "workspaceName": "String"

+}

+```

+ Title: "resourceConnection resource type"

+description: "Represents connections to external resources from which more specialized connections will be derived."

+ms.localizationpriority: medium

+# resourceConnection resource type

+Namespace: microsoft.graph.windowsUpdates

+Represents connections to external resources from which more specialized connections like [operationalInsightsConnection](../resources/windowsupdates-operationalinsightsconnection.md) will be derived.

+This is an abstract type.

+## Methods

+|Method|Return type|Description|

+|:|:|:|

+|[List resourceConnections](../api/windowsupdates-updates-list-resourceconnections.md)|[microsoft.graph.windowsUpdates.resourceConnection](../resources/windowsupdates-resourceconnection.md) collection|Get a list of the [resourceConnection](../resources/windowsupdates-resourceconnection.md) objects and their properties.|

+|[Get resourceConnection](../api/windowsupdates-resourceconnection-get.md)|[microsoft.graph.windowsUpdates.resourceConnection](../resources/windowsupdates-resourceconnection.md)|Read the properties and relationships of a [resourceConnection](../resources/windowsupdates-resourceconnection.md) object.|

+|[Delete resourceConnection](../api/windowsupdates-resourceconnection-delete.md)|None|Delete a [resourceConnection](../resources/windowsupdates-resourceconnection.md) object.|

+## Properties

+|Property|Type|Description|

+|:|:|:|

+|id|String|An identifier for the resource connection. Key. Not nullable. Read-only. Returned by default.|

+|state|microsoft.graph.windowsUpdates.resourceConnectionState|The state of the connection. The possible values are: `connected`, `notAuthorized`, `notFound`, `unknownFutureValue`.|

+## Relationships

+None.

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "keyProperty": "id",

+ "@odata.type": "microsoft.graph.windowsUpdates.resourceConnection",

+ "baseType": "microsoft.graph.entity",

+ "openType": false

+}

+-->

+``` json

+{

+ "@odata.type": "#microsoft.graph.windowsUpdates.resourceConnection",

+ "id": "String (identifier)",

+ "state": "String"

+}

+```

+|resourceConnections|[microsoft.graph.windowsUpdates.resourceConnection](../resources/windowsupdates-resourceconnection.md) collection|Service connections to external resources such as analytics workspaces.|

+|Application | Not supported. |

+Do not supply a request body for this method.

+The following is an example of the response.

+-->

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+> [!NOTE]

+> If you create a custom app using application permissions, you must follow the [Business rules validation](/graph/bookingsbusiness-business-rules).

+If successful, this method returns a `204 No Content` response code. It doesn't return anything in the response body.

+-->

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+If successful, this method returns a `200 OK` response code and a [bookingBusiness](../resources/bookingbusiness.md) object in the response body.

+The following is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+ Title: "bookingsBusiness: getStaffAvailability"

+description: "Learn how to get the availability information of staff members of a Microsoft Bookings calendar."

+ms.localizationpriority: medium

+# bookingsBusiness: getStaffAvailability

+Namespace: microsoft.graph

+Get the availability information of [staff members](../resources/bookingstaffmember.md) of a [Microsoft Bookings calendar](../resources/bookingappointment.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type | Permissions (from least to most privileged) |

+|:--|:|

+|Delegated (work or school account) | Not supported. |

+|Delegated (personal Microsoft account) | Not supported. |

+|Application | Calendar.Read, Calendar.ReadWrite, Bookings.Read.All, Calendars.ReadWrite |

+## HTTP request

+<!-- { "blockType": "ignored" } -->

+```http

+POST /solutions/bookingBusinesses/{id}/getStaffAvailability

+```

+## Request header

+|Name |Description |

+|:--|:|

+|Authorization |Bearer {code}. Required. |

+|Content-Type| application/json. Required.|

+## Request body

+In the request body, pass the list of staff IDs along with two other parameters of [dateTimeTimeZone resource type](/graph/resources/datetimetimezone) called **startDateTime** and **endDateTime**. These correspond to the two timestamps between which the staff availability will be returned.

+## Response

+If successful, this method returns a `200 OK` response code and a [staffAvailabilityItem](../resources/staffavailabilityitem.md) collection in the response.

+## Example

+### Request

+The following is an example of a request.

+<!-- {

+ "blockType": "request",

+ "name": "bookingbusiness_getstaffavailability"

+}-->

+```http

+POST https://graph.microsoft.com/v1.0/solutions/bookingBusinesses/Contosolunchdelivery@contoso.onmicrosoft.com/getStaffAvailability

+Content-Type: application/json

+{

+    "staffIds": [

+        "311a5454-08b2-4560-ba1c-f715e938cb79"

+    ],

+    "startDateTime": {

+        "dateTime": "2022-01-25T00: 00: 00",

+        "timeZone": "India Standard Time"

+    },

+    "endDateTime": {

+        "dateTime": "2022-01-26T17: 00: 00",

+        "timeZone": "Pacific Standard Time"

+    }

+}

+```

+### Response

+The following example shows the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.staffAvailabilityItem",

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+    "staffAvailabilityItem": [

+        {

+            "staffId": "311a5454-08b2-4560-ba1c-f715e938cb79",

+            "availabilityItems": [

+                {

+                    "status": "Available",

+                    "startDateTime": {

+                        "dateTime": "2022-01-24T08:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "endDateTime": {

+                        "dateTime": "2022-01-24T15:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "serviceId": ""

+                },

+                {

+                    "status": "Busy",

+                    "startDateTime": {

+                        "dateTime": "2022-01-24T15:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "endDateTime": {

+                        "dateTime": "2022-01-24T16:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "serviceId": "57da6774-a087-4d69-b0e6-6fb82c339976"

+                },

+                {

+                    "status": "Available",

+                    "startDateTime": {

+                        "dateTime": "2022-01-24T16:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "endDateTime": {

+                        "dateTime": "2022-01-24T17:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "serviceId": ""

+                },

+                {

+                    "status": "Available",

+                    "startDateTime": {

+                        "dateTime": "2022-01-25T08:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "endDateTime": {

+                        "dateTime": "2022-01-25T17:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "serviceId": ""

+                },

+                {

+                    "status": "Available",

+                    "startDateTime": {

+                        "dateTime": "2022-01-26T08:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "endDateTime": {

+                        "dateTime": "2022-01-26T17:00:00",

+                        "timeZone": "(UTC-08:00) Pacific Time (US & Canada)"

+                    },

+                    "serviceId": ""

+                }

+            ]

+        }

+    ]

+}

+```

+<!--

+In the response body, for each staff member, their available windows are returned. The types of status of the windows are explained below.

+|Type | Explanation |

+|:--|:|

+|Available | The staff member is available in the given window. |

+|slotAvailable | The staff member has an appointment in the given window. The appointment is for a service which has **maxAttendeecount** more than 1. The customer can join this appointment as there are empty slots available. |

+|Busy | The staff member has an appointment in the given window. Either the staff member has an appointment for a service which has **maxAttendeecount** equal to 1 or the staff has an appointment for a service with **maxAttendeecount** more than 1 but without any available slots. |

+-->

+description: "Get a list of bookingAppointment objects for the specified bookingBusiness."

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+description: "Get the collection of bookingAppointment objects for a bookingBusiness that occurs in the specified date range."

+Get the collection of [bookingAppointment](../resources/bookingappointment.md) objects for a [bookingBusiness](../resources/bookingbusiness.md) that occurs in the specified date range.

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+description: "Get a collection of bookingBusiness objects that have been created for the tenant."

+Get a collection of [bookingBusiness](../resources/bookingbusiness.md) objects that has been created for the tenant.

+This operation returns only the **id** and **displayName** of each Microsoft Bookings business in the collection. For performance considerations, it does not return other properties. You can get the other properties of a Bookings business by specifying its **id** in a [GET](bookingbusiness-get.md) operation.

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+description: "Create a new bookingAppointment for the specified bookingBusiness."

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+> [!NOTE]

+> If you create a custom app using application permissions, you must follow the [Business rules validation](/graph/bookingsbusiness-business-rules).

+-->

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+Do not supply a request body for this method.

+-->

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+| Application | Not supported. |

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+|Application | BookingsAppointment.ReadWrite.All, Bookings.Read.All |

+* The `$expand` and `$select` operators are supported for the `shares` navigation property, but not for `jobs`.

+> **Note:** Using $top=n query parameter will return **up to** `n` shares. Caller needs to use skip token to enumerate over the entire list.

+Some operators are not supported: `$count`, `$search`.

+>**Note**: The response will not contain the **defaults** or **capabilities** properties.

+> For following scenarios, response will contain limited set of properties (id,displayName,manufacturer,model,location):

+> - Listing printer shares on behalf of user who is not [Printer Administrator](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#printer-administrator).

+> - Filtering printer shares based on `capabilities` or `location`.

+You can get additional properties via a [Get printerShare](printershare-get.md) request.

+> **Note:** A user can submit up to ~10000 print jobs in 10 days.

+> **Note:** A user can submit up to ~10000 print jobs in 10 days.

+### To retrieve the profile photo of a contact

+|Delegated (work or school account) | Contacts.Read, Contacts.ReadWrite |

+|Delegated (personal Microsoft account) | Contacts.Read, Contacts.ReadWrite |

+|Application | Contacts.Read, Contacts.ReadWrite |

+### To retrieve the profile photo of a team

+| Permission Type | Permissions (from least to most privileged) |

+| | - |

+| Delegated (work or school account) | TeamReadBasicAll, TeamSettingsReadAll, TeamSettingsReadWriteAll |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | TeamReadBasicAll, TeamSettingsReadAll, TeamSettingsReadWriteAll |

+### To retrieve the profile photo of a user

+|Delegated (work or school account) | User.Read, User.ReadBasic.All, User.Read.All, User.ReadWrite, User.ReadWrite.All |

+|Delegated (personal Microsoft account) | User.Read, User.ReadWrite |

+|Application | User.Read.All, User.ReadWrite.All |

+GET /team/{id}/photo/$value

+GET /team/{id}/photo

+### Example 4: Get the metadata of the team photo

+#### Request

+Here is an example of the request to get the metadata of the team photo.

+<!-- {

+ "blockType": "ignored",

+ "name": "get_team_photo_metadata"

+}-->

+```http

+GET https://graph.microsoft.com/v1.0/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo

+```

+#### Response

+Here is an example of the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response"

+} -->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#teams('172b0cce-e65d-44ce-9a49-91d9f2e8491e')/photo/$entity",

+ "@odata.id": "https://graph.microsoft.com/v1.0/teams('172b0cce-e65d-44ce-9a49-91d9f2e8491e')/photo",

+ "@odata.mediaContentType": "image/jpeg",

+ "@odata.mediaEtag": "\"BA09D118\"",

+ "id": "240X240",

+ "width": 240,

+ "height": 240

+}

+```

+### Example 5: Get the team photo's binary data

+Here is an example of the request to get the team photo's binary data.

+#### Request

+<!-- {

+ "blockType": "ignored",

+ "name": "get_team_photo"

+}-->

+```http

+GET https://graph.microsoft.com/v1.0/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo/$value

+```

+#### Response

+Contains the binary data of the requested photo. The HTTP response code is 200.

+description: "Update the photo for the signed-in user, or the specified group or contact or team."

+Update the photo for the specified contact, group, team, or user in a tenant. The size of the photo you can update to must be under 8 MB.

+You can use either PATCH or PUT for this operation.

+### To update the profile photo of a contact

+|Delegated (work or school account) | Contacts.ReadWrite |

+|Application | Contacts.ReadWrite |

+### To update the profile photo of a team

+| Permission Type | Permissions (from least to most privileged) |

+| | -- |

+| Delegated (work or school account) | TeamSettingsReadWriteAll |

+| Delegated (personal Microsoft account) | Not supported. |

+| Application | TeamSettingsReadWriteAll |

+### To update the profile photo of the signed-in user

+|Delegated (work or school account) | User.ReadWrite, User.ReadWrite.All |

+|Application | User.ReadWrite.All |

+>

+PUT /team/{id}/photo/$value

+If successful, this method returns a `200 OK` response code or a `204 No Content` response code for updating the photo of a **team**.

+## Examples

+### Example 1: Update the photo of the user

+#### Request

+#### Response

+The following is an example of the response.

+### Example 2: Update the photo of a team

+#### Request

+The following is an example of a request to update a team photo.

+ "blockType": "request",

+ "name": "update_team_photo"

+```http

+PUT https://graph.microsoft.com/v1.0/teams/172b0cce-e65d-44ce-9a49-91d9f2e8491e/photo/$value

+Content-type: image/jpeg

+Binary data for the image

+```

+#### Response

+The following is an example of the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+} -->

+```http

+HTTP/1.1 204 No Content

+```

+ Title: "availabilityItem resource type"

+description: "Indicates the status of a staff member for a given time slot."

+ms.localizationpriority: medium

+# availabilityItem resource type

+Namespace: microsoft.graph

+Indicates the status of a [staff member](bookingstaffmember.md) for a given time slot.

+## Properties

+| Property | Type |Description|

+|:|:--|:-|

+|endDateTime |dateTimeTimeZone |The end time of the time slot.|

+|serviceId |String |Indicates the service ID in case of 1:n appointments. If the appointment is of type 1:n, this field will be present, otherwise, `null`.|

+|status |bookingsAvailabilityStatus |The status of the staff member. Possible values are: `available`, `busy`, `slotsAvailable`, `outOfOffice`, `unknownFutureValue`.|

+|startDateTime |dateTimeTimeZone |The start time of the time slot.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.availabilityItem"

+}-->

+``` json

+{

+ "endDateTime": "DateTimeInfo",

+ "serviceId": "String",

+ "status": "String",

+ "startDateTime": "DateTimeInfo"

+}

+```

+> [!NOTE]

+> If you create a custom app using application permissions, you must follow the [Business rules validation](/graph/bookingsbusiness-business-rules).

+|[List appointments](../api/bookingbusiness-list-appointments.md) | [bookingAppointment](bookingappointment.md) collection | Get a list of **bookingAppointment** objects in the specified [bookingbusiness](bookingbusiness.md). |

+|[Create bookingAppointment](../api/bookingbusiness-post-appointments.md) | [bookingAppointment](bookingappointment.md) | Create a new **bookingAppointment** for the specified [bookingbusiness](bookingbusiness.md). |

+|customers|[bookingCustomerInformation](bookingcustomerinformation.md) collection|It lists down the customer properties for an appointment. An appointment will contain a list of customer information and each unit will indicate the properties of a customer who is part of that appointment. Optional.|

+-->

+| Method | Return Type |Description|

+| Property | Type |Description|

+### bookingsAvailabilityStatus values

+|Member|

+|:|

+|available|

+|busy|

+|slotsAvailable|

+|outOfOffice|

+|unknownFutureValue|

+ Title: "identity resource type"

+description: "Represents an identity of an actor."

+Represents an identity of an _actor_. For example, an actor can be a user, device, or application.

+In some circumstances, the unique identifier for the actor might not be available.

+In this case, the **displayName** property for the identity will be returned, but the **id** property will be missing from the resource.

+## Properties

+| Property | Type | Description |

+|:|:-|:-|

+| displayName | String | The display name of the identity. Note that this might not always be available or up to date. For example, if a user changes their display name, the API might show the new value in a future response, but the items associated with the user won't show up as having changed when using [delta](../api/driveitem-delta.md). |

+| id | String | Unique identifier for the identity. |

+- Connections have a capacity limit of 5,000,000 items or ~350 GB of data.

+description: "Repesents a profile photo of a user, group, team, or Outlook contact accessed from Exchange Online or Azure Active Directory (Azure AD)."

+Repesents a profile photo of a user, group, team, or Outlook contact accessed from Exchange Online or Azure Active Directory (Azure AD). The data is binary and not encoded in base-64.

+The supported sizes of HD photos on Exchange Online are as follows: `48x48`, `64x64`, `96x96`, `120x120`, `240x240`,

+`360x360`,`432x432`, `504x504`, and `648x648`. In Azure AD, photos can be any dimension.

+|Method|Return type|Description|

+|:|:|:|

+|[Get profilePhoto](../api/profilephoto-get.md)|[profilePhoto](../resources/profilephoto.md)|Read the properties and relationships of a profile photo object.|

+|[Update profilePhoto](../api/profilephoto-update.md)|[profilePhoto](../resources/profilephoto.md)|Update the properties of a profile photo object.|

+None.

+ "id": "String",

+ Title: "staffAvailabilityItem resource type"

+description: "Represents the available and busy time slots of a Bookings staff member."

+ms.localizationpriority: medium

+# staffAvailabilityItem resource type

+Namespace: microsoft.graph

+ [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]

+Represents the available and busy time slots of a Microsoft Bookings [staff member](bookingstaffmember.md).

+## Properties

+| Property | Type |Description|

+|:|:--|:-|

+|availabilityItems |[availabilityItem](availabilityitem.md) collection |Each item in this collection indicates a slot and the status of the staff member.|

+|staffId |String |The ID of the staff member.|

+## JSON representation

+The following is a JSON representation of the resource.

+<!-- {

+ "blockType": "resource",

+ "@odata.type": "microsoft.graph.staffAvailabilityItem"

+}-->

+``` json

+{

+ "availabilityItems": [{"@odata.type": "microsoft.graph.availabilityItem"}],

+ "staffId": "String"

+}

+```

+|operations|[teamsAsyncOperation](teamsasyncoperation.md) collection| The async operations that ran or are running on this team. |

+|[primaryChannel](../api/team-get-primarychannel.md)|[channel](channel.md)| The general channel for the team. |

+|photo|[profilePhoto](../resources/profilephoto.md)| The profile photo for the team. |

+ - name: Get staff availability

+ href: api/bookingbusiness-getstaffavailability.md

+ - name: Get team photo

+ href: api/profilephoto-get.md

+ - name: Update team photo

+ href: api/profilephoto-update.md