Docs update tracker

Service	Microsoft Docs article	Related commit history on GitHub	Change details
v1.0	Accesspackagecatalog Post Customaccesspackageworkflowextensions	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md	One of the following permissions is required to call this API. To learn more, in \|:\|:\| \|Delegated (work or school account)\|EntitlementManagement.ReadWrite.All \| \|Delegated (personal Microsoft account)\|Not supported.\| -\|Application\|EntitlementManagement.ReadWrite.All \| +\|Application\|Not supported.\| ## HTTP request
v1.0	Externalidentitiespolicy Update	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/externalidentitiespolicy-update.md	PATCH /policies/externalIdentitiesPolicy \|Property\|Type\|Description\| \|:\|:\|:\| \|allowDeletedIdentitiesDataRemoval\|Boolean\|Notifies Azure AD whether to clean up the user information about the external identity, from the guest tenant, when the user is deleted in their home tenant. Required.\| -\|allowExternalIdentitiesToLeave\|Boolean\|Notifies Azure AD whether to clean up the user information about the external identity, from the guest tenant, when the user is deleted in their home tenant. Required.\| +\|allowExternalIdentitiesToLeave\|Boolean\|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days. Required.\| ## Response
v1.0	Organization Get	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-get.md	Title: "Get organization" description: "Retrieve the properties and relationships of currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Organization List	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-list.md	Title: "List organization" description: "Retrieve a list of organization objects." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Organization Update	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-update.md	Title: "Update organization" description: "Update the properties of the currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Orgcontact Get	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/orgcontact-get.md	One of the following permissions is required to call this API. To learn more, in GET /contacts/{id} ``` ## Optional query parameters -This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response. +This method supports the `$select` and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response. ## Request headers \| Name \| Type \| Description\| Here is an example of the request. "name": "get_orgcontact" }--> ```msgraph-interactive -GET https://graph.microsoft.com/beta/contacts/{id} +GET https://graph.microsoft.com/beta/contacts/25caf6a2-d5cb-470d-8940-20ba795ef62d ``` # [C#](#tab/csharp) HTTP/1.1 200 OK Content-type: application/json { - "addresses":[ - { - "city": "string", - "countryOrRegion": "string", - "officeLocation": "string", - "postalCode": "string", - "state": "string", - "street": "string" - } - ], - "companyName": "companyName-value", - "department": "department-value", - "displayName": "displayName-value", - "phones":[ - { - "type": "string", - "number": "string" - } - ] + "@odata.context": "https://graph.microsoft.com/beta/$metadata#contacts/$entity", + "id": "25caf6a2-d5cb-470d-8940-20ba795ef62d", + "deletedDateTime": null, + "companyName": "Adatum Corporation", + "department": null, + "displayName": "Adele Vance", + "proxyAddresses": [ + "SMTP:AdeleVance@adatum.com" + ], + "givenName": "Adele", + "imAddresses": [], + "jobTitle": "Engagement manager", + "mail": "AdeleVance@adatum.com", + "mailNickname": "AdeleVance", + "onPremisesLastSyncDateTime": null, + "onPremisesSyncEnabled": null, + "surname": "Vance", + "addresses": [ + { + "city": null, + "countryOrRegion": "United States", + "officeLocation": null, + "postalCode": null, + "state": null, + "street": null + } + ], + "onPremisesProvisioningErrors": [], + "phones": [ + { + "number": null, + "type": "businessFax" + }, + { + "number": null, + "type": "mobile" + }, + { + "number": null, + "type": "business" + } + ] } ```
v1.0	Authenticationmethods Overview	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/authenticationmethods-overview.md	The authentication method APIs are used to manage a user's authentication method \|Authentication method \| Description \|Examples \| \|:\|:\|:\| -\|[passwordAuthenticationMethod](passwordauthenticationmethod.md)\| A password is currently the default primary authentication method in Azure AD.\|Reset a user's password\| -\|[phoneAuthenticationMethod](phoneauthenticationmethod.md)\|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) (as allowed by policy).\|See a user's authentication phone numbers. Add, update, or remove a phone number to a user. Enable or disable a primary mobile phone for SMS sign-in.\| +\|[emailAuthenticationMethod](emailauthenticationmethod.md)\|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.\|See a user's authentication email address. Add, update, or remove an email address to a user.\| \|[fido2AuthenticationMethod](fido2authenticationmethod.md)\|A FIDO2 Security Key can be used by a user to sign-in to Azure AD.\|Delete a lost FIDO2 Security Key.\| \|[microsoftAuthenticatorAuthenticationMethod](microsoftauthenticatorauthenticationmethod.md)\|Microsoft Authenticator can be used by a user to sign-in or perform multi-factor authentication to Azure AD\|Delete a Microsoft Authenticator authentication method.\| -\|[passwordlessmicrosoftauthenticatorauthenticationmethod](passwordlessmicrosoftauthenticatorauthenticationmethod.md) (deprecated)\|Microsoft Authenticator Passwordless Phone Sign-in can be used by a user to sign-in to Azure AD\|Delete a Passwordless Phone Sign-in authentication method.\| -\|[emailAuthenticationMethod](emailauthenticationmethod.md)\|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.\|See a user's authentication email address. Add, update, or remove an email address to a user.\| -\|[windowsHelloForBusinessAuthenticationMethod](windowsHelloForBusinessAuthenticationMethod.md)\|Windows Hello for Business is a passwordless sign-in method on Windows devices.\|See devices where a user has enabled Windows Hello for Business sign-in. Delete a Windows Hello for Business credential.\| -\|[temporaryaccesspassauthenticationmethod](temporaryaccesspassauthenticationmethod.md)\|Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. \| Set a new Temporary Access Pass on a user.\| +\|[passwordAuthenticationMethod](passwordauthenticationmethod.md)\| A password is currently the default primary authentication method in Azure AD.\|Reset a user's password\| +\|[phoneAuthenticationMethod](phoneauthenticationmethod.md)\|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) (as allowed by policy).\|See a user's authentication phone numbers. Add, update, or remove a phone number to a user. Enable or disable a primary mobile phone for SMS sign-in.\| \|[softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md)\| Allow users to perform multifactor authentication using an application that supports the OATH specification and provides a one-time code. \| Get and delete a software token assigned to a user.\| +\|[temporaryaccesspassauthenticationmethod](temporaryaccesspassauthenticationmethod.md)\|Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. \| Set a new Temporary Access Pass on a user.\| +\|[windowsHelloForBusinessAuthenticationMethod](windowsHelloForBusinessAuthenticationMethod.md)\|Windows Hello for Business is a passwordless sign-in method on Windows devices.\|See devices where a user has enabled Windows Hello for Business sign-in. Delete a Windows Hello for Business credential.\| +\|[passwordlessmicrosoftauthenticatorauthenticationmethod](passwordlessmicrosoftauthenticatorauthenticationmethod.md) (deprecated)\|Microsoft Authenticator Passwordless Phone Sign-in can be used by a user to sign-in to Azure AD\|Delete a Passwordless Phone Sign-in authentication method.\| The following authentication methods are not yet supported in Microsoft Graph `beta`. \|Authentication method \| Description \|Examples \| \|:\|:\|:\| -\|Hardware token \| Allow users to perform multifactor authentication using a physical device that provides a one-time code. \| Get a hardware token assigned to a user.\| -\|Security questions and answers \| Allow users to validate their identity when performing a self-service password reset. \|Delete a security question a user registered.\| \|Default method \| Represents the method the user has selected as default for performing multi-factor authentication.\| Change a user's default MFA method. <br/> NOTE: Managing the details of the default method is currently supported only through the MSOL `Get-MsolUser` and `Set-MsolUser` cmdlets, using the StrongAuthenticationMethods property. \| +\|Hardware token \| Allow users to perform multifactor authentication using a physical device that provides a one-time code. \| Get a hardware token assigned to a user.\| \|Require re-register MFA \| A control that requires that when user signs in next time and MFA is required, they're requested to set up a new MFA authentication method.\|NOTE: This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure AD admin UX, the Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. <br/> The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the StrongAuthenticationMethods property. \| +\|Security questions and answers \| Allow users to validate their identity when performing a self-service password reset. \|Delete a security question a user registered.\| ## Next steps
v1.0	Externalidentitiespolicy	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/externalidentitiespolicy.md	Inherits from [policyBase](../resources/policybase.md). \|Property\|Type\|Description\| \|:\|:\|:\| \|allowDeletedIdentitiesDataRemoval\|Boolean\|Notifies Azure AD whether to clean up the user information about the external identity, from the guest tenant, when the user is deleted in their home tenant. \| -\|allowExternalIdentitiesToLeave\|Boolean\|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are not enabled, and the admin of the guest tenant must manually remove the external user from the guest tenant.\| +\|allowExternalIdentitiesToLeave\|Boolean\|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.\| \|displayName\|String\|The policy name. Inherited from [policyBase](../resources/policybase.md).\| ## Relationships The following is a JSON representation of the resource. } ``` +## See also ++ [Leave an organization as an external user](/azure/active-directory/external-identities/leave-the-organization)
v1.0	Organization	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/organization.md	Title: "organization resource type" description: "Represents an Azure Active Directory tenant. " ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: resourcePageType
v1.0	Teamsappinstallation	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/teamsappinstallation.md	A [teamsApp](teamsapp.md) installed in a [team](team.md), a [chat](chat.md), or ## JSON representation +The following is a JSON representation of the resource. + <!-- { "blockType": "resource", "@odata.type": "microsoft.graph.teamsAppInstallation",
v1.0	Organization Get	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-get.md	Title: "Get organization" description: "Retrieve the properties and relationships of currently authenticated organization." ms.localizationpriority: high-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Organization List	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-list.md	Title: "List organization" description: "Retrieve a list of organization objects." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Organization Update	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-update.md	Title: "Update organization" description: "Update the properties of the currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType
v1.0	Orgcontact Get	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/orgcontact-get.md	The following is an example of the request. "name": "get_orgcontact" }--> ```msgraph-interactive -GET https://graph.microsoft.com/v1.0/contacts/e63333f5-3d11-4026-8fe3-c0f7b044dd3a +GET https://graph.microsoft.com/v1.0/contacts/25caf6a2-d5cb-470d-8940-20ba795ef62d ``` # [C#](#tab/csharp) HTTP/1.1 200 OK Content-type: application/json { - "addresses":[ - { - "city": "string", - "countryOrRegion": "string", - "officeLocation": "string", - "postalCode": "string", - "state": "string", - "street": "string" - } - ], - "companyName": "companyName-value", - "department": "department-value", - "displayName": "displayName-value", - "phones":[ - { - "type": "string", - "number": "string" - } - ] + "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#contacts/$entity", + "id": "25caf6a2-d5cb-470d-8940-20ba795ef62d", + "deletedDateTime": null, + "companyName": "Adatum Corporation", + "department": null, + "displayName": "Adele Vance", + "proxyAddresses": [ + "SMTP:AdeleVance@adatum.com" + ], + "givenName": "Adele", + "imAddresses": [], + "jobTitle": "Engagement manager", + "mail": "AdeleVance@adatum.com", + "mailNickname": "AdeleVance", + "onPremisesLastSyncDateTime": null, + "onPremisesSyncEnabled": null, + "surname": "Vance", + "addresses": [ + { + "city": null, + "countryOrRegion": "United States", + "officeLocation": null, + "postalCode": null, + "state": null, + "street": null + } + ], + "onPremisesProvisioningErrors": [], + "phones": [ + { + "number": null, + "type": "businessFax" + }, + { + "number": null, + "type": "mobile" + }, + { + "number": null, + "type": "business" + } + ] } ```
v1.0	Authenticationmethods Overview	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/authenticationmethods-overview.md	The authentication method APIs are used to manage a user's authentication method \|[emailAuthenticationMethod](emailauthenticationmethod.md)\|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.\|See a user's authentication email address. Add, update, or remove an email address to a user.\| \|[fido2AuthenticationMethod](fido2authenticationmethod.md)\|A FIDO2 Security Key can be used by a user to sign-in to Azure AD.\|Delete a lost FIDO2 Security Key.\| \|[microsoftAuthenticatorAuthenticationMethod](microsoftauthenticatorauthenticationmethod.md)\|Microsoft Authenticator can be used by a user to sign-in or perform multi-factor authentication to Azure AD\|Delete a Microsoft Authenticator authentication method.\| +\|[passwordAuthenticationMethod](passwordauthenticationmethod.md)\| A password is currently the default primary authentication method in Azure AD.\|Reset a user's password\| \|[phoneAuthenticationMethod](phoneauthenticationmethod.md)\|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) as allowed by policy.\|See a user's authentication phone numbers. Add, update, or remove a phone number for a user. Enable or disable a primary mobile phone for SMS sign-in.\| \|[softwareOathAuthenticationMethod](softwareoathauthenticationmethod.md)\| Allow users to perform multifactor authentication using an application that supporters the OATH TOTP specification and provides a one-time code.\|Get and delete a software OATH token assigned to a user.\| \|[temporaryAccessPassAuthenticationMethod](temporaryaccesspassauthenticationmethod.md)\|A time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials.\| The following authentication methods are not yet supported in Microsoft Graph v1 \|Authentication method \| Description \|Examples \| \|:\|:\|:\| -\|Password \| A password is currently the default primary authentication method in Azure AD.\|Reset a user's password.\| -\|Hardware token \| Allow users to perform multifactor authentication using a physical device that provides a one-time code. \| Get a hardware token assigned to a user.\| -\|Security questions and answers \| Allow users to validate their identity when performing a self-service password reset. \|Delete a security question a user registered.\| \|Default method \| Represents the method the user has selected as default for performing multi-factor authentication.\| Change a user's default MFA method. <br/> NOTE: Managing the details of the default method is currently supported only through the MSOL `Get-MsolUser` and `Set-MsolUser` cmdlets, using the StrongAuthenticationMethods property. \| +\|Hardware token \| Allow users to perform multifactor authentication using a physical device that provides a one-time code. \| Get a hardware token assigned to a user.\| +\|Password \| A password is currently the default primary authentication method in Azure AD.\|Reset a user's password.\| \|Require re-register MFA \| Represents a configuration that requires that when user signs in next time, they're requested to set up a new MFA authentication method.\| NOTE: This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure portal, Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the StrongAuthenticationMethods property. \| +\|Security questions and answers \| Allow users to validate their identity when performing a self-service password reset. \|Delete a security question a user registered.\| ## Next steps
v1.0	Organization	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/organization.md	Title: "organization resource type" description: " create and delete are not supported. Inherits from directoryObject." ms.localizationpriority: high-+ ms.prod: "directory-management" doc_type: resourcePageType
v1.0	Teamsappinstallation	https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/teamsappinstallation.md	Represents a [teamsApp](teamsapp.md) installed in a [team](team.md) or the perso ## JSON representation +The following is a JSON representation of the resource. + <!-- { "blockType": "resource", "@odata.type": "microsoft.graph.teamsAppInstallation",

v1.0

Accesspackagecatalog Post Customaccesspackageworkflowextensions

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/accesspackagecatalog-post-customaccesspackageworkflowextensions.md

One of the following permissions is required to call this API. To learn more, in

-|Application|EntitlementManagement.ReadWrite.All |

+|Application|Not supported.|

## HTTP request

v1.0

Externalidentitiespolicy Update

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/externalidentitiespolicy-update.md

PATCH /policies/externalIdentitiesPolicy

-|allowExternalIdentitiesToLeave|Boolean|Notifies Azure AD whether to clean up the user information about the external identity, from the guest tenant, when the user is deleted in their home tenant. Required.|

+|allowExternalIdentitiesToLeave|Boolean|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days. Required.|

## Response

v1.0

Organization Get

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-get.md

Title: "Get organization" description: "Retrieve the properties and relationships of currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Organization List

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-list.md

Title: "List organization" description: "Retrieve a list of organization objects." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Organization Update

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/organization-update.md

Title: "Update organization" description: "Update the properties of the currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Orgcontact Get

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/api/orgcontact-get.md

One of the following permissions is required to call this API. To learn more, in

GET /contacts/{id} ``` ## Optional query parameters

-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.

+This method supports the `$select` and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response.

## Request headers | Name | Type | Description|

Here is an example of the request.

"name": "get_orgcontact" }--> ```msgraph-interactive

-GET https://graph.microsoft.com/beta/contacts/{id}

+GET https://graph.microsoft.com/beta/contacts/25caf6a2-d5cb-470d-8940-20ba795ef62d

``` # [C#](#tab/csharp)

HTTP/1.1 200 OK

Content-type: application/json {

- "addresses":[

- {

- "city": "string",

- "countryOrRegion": "string",

- "officeLocation": "string",

- "postalCode": "string",

- "state": "string",

- "street": "string"

- }

- ],

- "companyName": "companyName-value",

- "department": "department-value",

- "displayName": "displayName-value",

- "phones":[

- {

- "type": "string",

- "number": "string"

- }

- ]

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#contacts/$entity",

+ "id": "25caf6a2-d5cb-470d-8940-20ba795ef62d",

+ "deletedDateTime": null,

+ "companyName": "Adatum Corporation",

+ "department": null,

+ "displayName": "Adele Vance",

+ "proxyAddresses": [

+ "SMTP:AdeleVance@adatum.com"

+ ],

+ "givenName": "Adele",

+ "imAddresses": [],

+ "jobTitle": "Engagement manager",

+ "mail": "AdeleVance@adatum.com",

+ "mailNickname": "AdeleVance",

+ "onPremisesLastSyncDateTime": null,

+ "onPremisesSyncEnabled": null,

+ "surname": "Vance",

+ "addresses": [

+ {

+ "city": null,

+ "countryOrRegion": "United States",

+ "officeLocation": null,

+ "postalCode": null,

+ "state": null,

+ "street": null

+ }

+ ],

+ "onPremisesProvisioningErrors": [],

+ "phones": [

+ {

+ "number": null,

+ "type": "businessFax"

+ },

+ {

+ "number": null,

+ "type": "mobile"

+ },

+ {

+ "number": null,

+ "type": "business"

+ }

+ ]

} ```

v1.0

Authenticationmethods Overview

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/authenticationmethods-overview.md

The authentication method APIs are used to manage a user's authentication method

|Authentication method | Description |Examples | |:|:|:|

-|[passwordAuthenticationMethod](passwordauthenticationmethod.md)| A password is currently the default primary authentication method in Azure AD.|Reset a user's password|

-|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) (as allowed by policy).|See a user's authentication phone numbers. Add, update, or remove a phone number to a user. Enable or disable a primary mobile phone for SMS sign-in.|

+|[emailAuthenticationMethod](emailauthenticationmethod.md)|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.|See a user's authentication email address. Add, update, or remove an email address to a user.|

|[fido2AuthenticationMethod](fido2authenticationmethod.md)|A FIDO2 Security Key can be used by a user to sign-in to Azure AD.|Delete a lost FIDO2 Security Key.| |[microsoftAuthenticatorAuthenticationMethod](microsoftauthenticatorauthenticationmethod.md)|Microsoft Authenticator can be used by a user to sign-in or perform multi-factor authentication to Azure AD|Delete a Microsoft Authenticator authentication method.|

-|[passwordlessmicrosoftauthenticatorauthenticationmethod](passwordlessmicrosoftauthenticatorauthenticationmethod.md) (deprecated)|Microsoft Authenticator Passwordless Phone Sign-in can be used by a user to sign-in to Azure AD|Delete a Passwordless Phone Sign-in authentication method.|

-|[emailAuthenticationMethod](emailauthenticationmethod.md)|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.|See a user's authentication email address. Add, update, or remove an email address to a user.|

-|[windowsHelloForBusinessAuthenticationMethod](windowsHelloForBusinessAuthenticationMethod.md)|Windows Hello for Business is a passwordless sign-in method on Windows devices.|See devices where a user has enabled Windows Hello for Business sign-in. Delete a Windows Hello for Business credential.|

-|[temporaryaccesspassauthenticationmethod](temporaryaccesspassauthenticationmethod.md)|Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. | Set a new Temporary Access Pass on a user.|

+|[passwordAuthenticationMethod](passwordauthenticationmethod.md)| A password is currently the default primary authentication method in Azure AD.|Reset a user's password|

+|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) (as allowed by policy).|See a user's authentication phone numbers. Add, update, or remove a phone number to a user. Enable or disable a primary mobile phone for SMS sign-in.|

|[softwareOathAuthenticationMethod](../resources/softwareoathauthenticationmethod.md)| Allow users to perform multifactor authentication using an application that supports the OATH specification and provides a one-time code. | Get and delete a software token assigned to a user.|

+|[temporaryaccesspassauthenticationmethod](temporaryaccesspassauthenticationmethod.md)|Temporary Access Pass is a time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials. | Set a new Temporary Access Pass on a user.|

+|[windowsHelloForBusinessAuthenticationMethod](windowsHelloForBusinessAuthenticationMethod.md)|Windows Hello for Business is a passwordless sign-in method on Windows devices.|See devices where a user has enabled Windows Hello for Business sign-in. Delete a Windows Hello for Business credential.|

+|[passwordlessmicrosoftauthenticatorauthenticationmethod](passwordlessmicrosoftauthenticatorauthenticationmethod.md) (deprecated)|Microsoft Authenticator Passwordless Phone Sign-in can be used by a user to sign-in to Azure AD|Delete a Passwordless Phone Sign-in authentication method.|

The following authentication methods are not yet supported in Microsoft Graph `beta`. |Authentication method | Description |Examples | |:|:|:|

-|Hardware token | Allow users to perform multifactor authentication using a physical device that provides a one-time code. | Get a hardware token assigned to a user.|

-|Security questions and answers | Allow users to validate their identity when performing a self-service password reset. |Delete a security question a user registered.|

|Default method | Represents the method the user has selected as default for performing multi-factor authentication.| Change a user's default MFA method. <br/> **NOTE:** Managing the details of the default method is currently supported only through the MSOL `Get-MsolUser` and `Set-MsolUser` cmdlets, using the **StrongAuthenticationMethods** property. |

+|Hardware token | Allow users to perform multifactor authentication using a physical device that provides a one-time code. | Get a hardware token assigned to a user.|

|Require re-register MFA | A control that requires that when user signs in next time and MFA is required, they're requested to set up a new MFA authentication method.|**NOTE:** This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure AD admin UX, the Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. <br/> The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the **StrongAuthenticationMethods** property. |

+|Security questions and answers | Allow users to validate their identity when performing a self-service password reset. |Delete a security question a user registered.|

## Next steps

v1.0

Externalidentitiespolicy

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/externalidentitiespolicy.md

Inherits from [policyBase](../resources/policybase.md).

-|allowExternalIdentitiesToLeave|Boolean|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are not enabled, and the admin of the guest tenant must manually remove the external user from the guest tenant.|

+|allowExternalIdentitiesToLeave|Boolean|Defines whether external users can leave the guest tenant. If set to `false`, self-service controls are disabled, and the admin of the guest tenant must manually remove the external user from the guest tenant. When the external user leaves the tenant, their data in the guest tenant is first soft-deleted then permanently deleted in 30 days.|

|displayName|String|The policy name. Inherited from [policyBase](../resources/policybase.md).| ## Relationships

The following is a JSON representation of the resource.

} ```

+## See also

++ [Leave an organization as an external user](/azure/active-directory/external-identities/leave-the-organization)

v1.0

Organization

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/organization.md

Title: "organization resource type" description: "Represents an Azure Active Directory tenant. " ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: resourcePageType

v1.0

Teamsappinstallation

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/beta/resources/teamsappinstallation.md

A [teamsApp](teamsapp.md) installed in a [team](team.md), a [chat](chat.md), or

## JSON representation

+The following is a JSON representation of the resource.

+ <!-- { "blockType": "resource", "@odata.type": "microsoft.graph.teamsAppInstallation",

v1.0

Organization Get

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-get.md

Title: "Get organization" description: "Retrieve the properties and relationships of currently authenticated organization." ms.localizationpriority: high-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Organization List

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-list.md

Title: "List organization" description: "Retrieve a list of organization objects." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Organization Update

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/organization-update.md

Title: "Update organization" description: "Update the properties of the currently authenticated organization." ms.localizationpriority: medium-+ ms.prod: "directory-management" doc_type: apiPageType

v1.0

Orgcontact Get

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/api/orgcontact-get.md

The following is an example of the request.

"name": "get_orgcontact" }--> ```msgraph-interactive

-GET https://graph.microsoft.com/v1.0/contacts/e63333f5-3d11-4026-8fe3-c0f7b044dd3a

+GET https://graph.microsoft.com/v1.0/contacts/25caf6a2-d5cb-470d-8940-20ba795ef62d

``` # [C#](#tab/csharp)

HTTP/1.1 200 OK

Content-type: application/json {

- "addresses":[

- {

- "city": "string",

- "countryOrRegion": "string",

- "officeLocation": "string",

- "postalCode": "string",

- "state": "string",

- "street": "string"

- }

- ],

- "companyName": "companyName-value",

- "department": "department-value",

- "displayName": "displayName-value",

- "phones":[

- {

- "type": "string",

- "number": "string"

- }

- ]

+ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#contacts/$entity",

+ "id": "25caf6a2-d5cb-470d-8940-20ba795ef62d",

+ "deletedDateTime": null,

+ "companyName": "Adatum Corporation",

+ "department": null,

+ "displayName": "Adele Vance",

+ "proxyAddresses": [

+ "SMTP:AdeleVance@adatum.com"

+ ],

+ "givenName": "Adele",

+ "imAddresses": [],

+ "jobTitle": "Engagement manager",

+ "mail": "AdeleVance@adatum.com",

+ "mailNickname": "AdeleVance",

+ "onPremisesLastSyncDateTime": null,

+ "onPremisesSyncEnabled": null,

+ "surname": "Vance",

+ "addresses": [

+ {

+ "city": null,

+ "countryOrRegion": "United States",

+ "officeLocation": null,

+ "postalCode": null,

+ "state": null,

+ "street": null

+ }

+ ],

+ "onPremisesProvisioningErrors": [],

+ "phones": [

+ {

+ "number": null,

+ "type": "businessFax"

+ },

+ {

+ "number": null,

+ "type": "mobile"

+ },

+ {

+ "number": null,

+ "type": "business"

+ }

+ ]

} ```

v1.0

Authenticationmethods Overview

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/authenticationmethods-overview.md

The authentication method APIs are used to manage a user's authentication method

|[emailAuthenticationMethod](emailauthenticationmethod.md)|An email address can be used by a user as part of the Self-Service Password Reset (SSPR) process.|See a user's authentication email address. Add, update, or remove an email address to a user.| |[fido2AuthenticationMethod](fido2authenticationmethod.md)|A FIDO2 Security Key can be used by a user to sign-in to Azure AD.|Delete a lost FIDO2 Security Key.| |[microsoftAuthenticatorAuthenticationMethod](microsoftauthenticatorauthenticationmethod.md)|Microsoft Authenticator can be used by a user to sign-in or perform multi-factor authentication to Azure AD|Delete a Microsoft Authenticator authentication method.|

+|[passwordAuthenticationMethod](passwordauthenticationmethod.md)| A password is currently the default primary authentication method in Azure AD.|Reset a user's password|

|[phoneAuthenticationMethod](phoneauthenticationmethod.md)|A phone can be used by a user to authenticate using [SMS or voice calls](/azure/active-directory/authentication/concept-authentication-methods#phone-options) as allowed by policy.|See a user's authentication phone numbers. Add, update, or remove a phone number for a user. Enable or disable a primary mobile phone for SMS sign-in.| |[softwareOathAuthenticationMethod](softwareoathauthenticationmethod.md)| Allow users to perform multifactor authentication using an application that supporters the OATH TOTP specification and provides a one-time code.|Get and delete a software OATH token assigned to a user.| |[temporaryAccessPassAuthenticationMethod](temporaryaccesspassauthenticationmethod.md)|A time-limited passcode that serves as a strong credential and allows onboarding of passwordless credentials.|

The following authentication methods are not yet supported in Microsoft Graph v1

|Authentication method | Description |Examples | |:|:|:|

-|Password | A password is currently the default primary authentication method in Azure AD.|Reset a user's password.|

-|Hardware token | Allow users to perform multifactor authentication using a physical device that provides a one-time code. | Get a hardware token assigned to a user.|

-|Security questions and answers | Allow users to validate their identity when performing a self-service password reset. |Delete a security question a user registered.|

|Default method | Represents the method the user has selected as default for performing multi-factor authentication.| Change a user's default MFA method. <br/> **NOTE:** Managing the details of the default method is currently supported only through the MSOL `Get-MsolUser` and `Set-MsolUser` cmdlets, using the **StrongAuthenticationMethods** property. |

+|Hardware token | Allow users to perform multifactor authentication using a physical device that provides a one-time code. | Get a hardware token assigned to a user.|

+|Password | A password is currently the default primary authentication method in Azure AD.|Reset a user's password.|

|Require re-register MFA | Represents a configuration that requires that when user signs in next time, they're requested to set up a new MFA authentication method.| **NOTE:** This feature is replaced by the individual authentication method APIs listed above. These can be used to delete a user's existing registered authentication methods; once the user has no more methods, they'll be prompted to register the next time they sign in where strong authentication is required (the user can also register at any time using [MySecurityInfo](https://aka.ms/mysecurityinfo)). This can be done using the Azure portal, Microsoft Graph APIs, and the Microsoft Graph Powershell SDK. The legacy version of this feature is currently supported only through the MSOL`Set-MsolUser` cmdlet, using the **StrongAuthenticationMethods** property. |

+|Security questions and answers | Allow users to validate their identity when performing a self-service password reset. |Delete a security question a user registered.|

## Next steps

v1.0

Organization

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/organization.md

Title: "organization resource type" description: " create and delete are not supported. Inherits from directoryObject." ms.localizationpriority: high-+ ms.prod: "directory-management" doc_type: resourcePageType

v1.0

Teamsappinstallation

https://github.com/microsoftgraph/microsoft-graph-docs/commits/main/api-reference/v1.0/resources/teamsappinstallation.md

Represents a [teamsApp](teamsapp.md) installed in a [team](team.md) or the perso

## JSON representation

+The following is a JSON representation of the resource.

+ <!-- { "blockType": "resource", "@odata.type": "microsoft.graph.teamsAppInstallation",