-description: "Cancel accessPackageAssignmentRequest objects that are in a cancellable state."

-In [Azure AD Entitlement Management](../resources/entitlementmanagement-overview.md), cancel [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) objects that are in a cancellable state: `accepted`, `pendingApproval`, `pendingNotBefore`, `pendingApprovalEscalated`.

-If successful, this method returns a `200 OK` response code. It does not return anything in the response body.

-The following is an example of the response.

-description: "In the Azure AD access reviews feature, update an existing accessReview object to add another user as a reviewer. This operation is only permitted for an access review that is not yet completed, and only for an access review where the reviewers are explicitly specified. This operation is not permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers. "

-In the Azure AD [access reviews](../resources/accessreviews-root.md) feature, update an existing [accessReview](../resources/accessreview.md) object to add another user as a reviewer. This operation is only permitted for an access review that is not yet completed, and only for an access review where the reviewers are explicitly specified. This operation is not permitted for an access review in which users review their own access, and not intended for an access review in which the group owners are assigned as the reviewers.

-If successful, this method returns a `201 Created` response code .

-This is an example of updating a one-time (not reoccurring) access review with an additional reviewer.

-Do not supply a request body for this method.

-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.

-Here is an example of the request.

-Here is an example of the response.

-Applications that donΓÇÖt have any existing valid certificates (no certificates have been added yet, or all certificates have expired), wonΓÇÖt be able to use this service action. You can use the [Update application](../api/application-update.md) operation to perform an update instead.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-| Property | Type |Description|

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal. Replace `{applicationObjectId}` with the **id** for the application object.

- "maxLifetime": "P4DT12H30M5S",

- "maxLifetime": "P4D",

- "maxLifetime": "P4DT12H30M5S",

- "maxLifetime": "P4D",

- "passwordCredentials": [

- {

- "restrictionType": "passwordAddition",

- "maxLifetime": null,

- "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"

- },

- {

- "restrictionType": "passwordLifetime",

- "maxLifetime": "P4DT12H30M5S",

- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"

- },

- {

- "restrictionType": "symmetricKeyAddition",

- "maxLifetime": null,

- "restrictForAppsCreatedAfterDateTime": "2019-10-19T10:37:00Z"

- },

- {

- "restrictionType": "symmetricKeyLifetime",

- "maxLifetime": "P4D",

- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"

- }

- ],

- "keyCredentials": [

- {

- "restrictionType": "asymmetricKeyLifetime",

- "maxLifetime": "P90D",

- "restrictForAppsCreatedAfterDateTime": "2014-10-19T10:37:00Z"

- }

- ]

- }

- "maxLifetime": "P4DT12H30M5S",

->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

-Remove or unlink [an application](../resources/authenticationconditionapplication.md) from an external identities self-service sign up user flow that's represented by an [externalUsersSelfServiceSignupEventsFlow](../resources/externalusersselfservicesignupeventsflow.md) object. This disables the authentication experience that's defined by the user flow for the application.

-Do not supply a request body for this method.

-If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

-The following is an example of a request. `63856651-13d9-4784-9abf-20758d509e19` representes the **appId** of the application, also known as the client ID, not the object ID.

-The following is an example of the response

- "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authorizationPolicy/$entity",

- "id": "authorizationPolicy",

- "displayName": "Authorization Policy",

- "description": "Used to manage authorization related settings across the company.",

- "enabledPreviewFeatures": [],

- "guestUserRoleId": "10dae51f-b6af-4016-8d66-8c2a99b929b3",

- "allowUserConsentForRiskyApps": false,

- "blockMsolPowerShell": ""

- "defaultUserRolePermissions": {

- "allowedToCreateApps": true,

- "allowedToCreateSecurityGroups": false,

- "allowedToReadOtherUsers": true

- }

- "allowedToSignUpEmailBasedSubscriptions": false,

- "allowedToUseSSPR": true,

- "allowEmailVerifiedUsersToJoinOrganization": true,

- "permissionGrantPolicyIdsAssignedToDefaultUserRole": [

- "managePermissionGrantsForSelf.microsoft-user-default-low"

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

-|blockMsolPowerShell|Boolean| To disable the use of MSOL PowerShell, set this property to `true`. This also disables user-based access to the legacy service endpoint used by MSOL PowerShell. This does not affect Azure Active Directory Connect or Microsoft Graph. |

-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

-The following is an example of the request. In this example, guest access level is modified to Restricted Guest User.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_guestUserLevel"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_preview"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_blockMSOLPowerShell"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_applications"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_SSPR"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_disableUserConsent"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-The following is an example of the request that allows user consent to apps, subject to the built-in [app consent policy](/azure/active-directory/manage-apps/manage-app-consent-policies) `microsoft-user-default-low`, which allows delegated permissions classified "low", for client apps from verified publishers or registered in the same tenant.

-# [HTTP](#tab/http)

- "name": "update_authZPolicy_enableUserConsentLow"

-# [C#](#tab/csharp)

-# [CLI](#tab/cli)

-# [Go](#tab/go)

-# [Java](#tab/java)

-# [JavaScript](#tab/javascript)

-# [PHP](#tab/php)

-# [Python](#tab/python)

-The following is an example of the response.

-Delete an identity provider from a [b2xIdentityUserFlow](../resources/b2xidentityuserflow.md) object. For self-service sign up user flows, the values can be `Google-OAUTH` or `Facebook-OAUTH`.

-Do not supply a request body for this method.

-If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

-The following is an example of the request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-You can use `$expand` to expand specific user flow properties that are not expanded by default.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

-|isHiddenFromCustomers|Boolean|True means this service is not available to customers for booking.|

-If successful, this method returns a `204 No content` response code. It does not return anything in the response body.

-The following is an example of the response.

-Do not supply a request body for this method.

-If successful, this method returns `204, No Content` response code. It does not return anything in the response body.

-The following is an example of the request.

-The following is an example of the response.

-Note that deleting a bundle using this method permanently deletes the bundle and does not move it to the Recycle Bin.

-It does not, however, remove the items that were referenced by the bundle.

-They will remain in their parent folders.

-| if-match | eTag. Optional. If this request header is included and the eTag (or cTag) provided does not match the current tag on the bundle, a `412 Precondition Failed` response is returned and the bundle will not be deleted.|

-Do not supply a request body for this method.

-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

-The following is an example of a request.

-The following is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

- "name": "get_certificatebasedauthconfigurations"

-|Delegated (work or school account) | TeamsTab.ReadWriteSelfForTeam , TeamsTab.ReadWriteForTeam, TeamsTab.ReadWrite.All, Group.ReadWrite.All**, Directory.ReadWrite.All** |

-Do not supply a request body for this method.

-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.

-The following is an example of a request.

-The following is an example of the response.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-|startCell|string|The start cell. This is where the chart will be moved to. The start cell is the top-left or top-right cell, depending on the user's right-to-left display settings.|

-If successful, this method returns `200 OK` response code. It does not return anything in the response body.

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response.

-|color|string|HTML color code representing the color of the border line, of the form #RRGGBB (e.g. "FFA500") or as a named HTML color (e.g. "orange").|

-If successful, this method returns `200 OK` response code. It does not return anything in the response body.

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|color|string|HTML color code representation of the text color. E.g. #FF0000 represents Red.|

-|name|string|Font name (e.g. "Calibri")|

-|size|double|Size of the font (e.g. 11)|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|visible|boolean|A boolean value the represents the visibility of a ChartLegend object.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|overlay|boolean|Boolean value representing if the chart title will overlay the chart or not.|

-|visible|boolean|A boolean value the represents the visibility of a chart title object.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Perform a bulk resize action to resize a group of [cloudPCs](../resources/cloudpc.md) that have successfully passed [validation](cloudpc-validatebulkresize.md). If any devices cannot be resized, those devices will indicate "resize failed". The remaining devices will be `provisioned` for the resize process.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-The following is an example of a request.

-The following is an example of the response.

-The following is an example of a request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-After a [Windows 365 Frontline](https://www.microsoft.com/en/windows-365/frontline) Cloud PC is powered off, it is de-allocated, and licenses are revoked immediately. Only IT admin users can perform this action.

-Do not supply a request body for this method.

-Retry installation for the partner agents which failed to install on the Cloud PC. Service side will check which agent installation failed firstly and retry.

-Do not supply a request body for this method.

-The following is an example of a request.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|connectorGroupType|string| Indicates the type of hybrid agent. This pre-set by the system. |

-|isDefault|boolean| Indicates if the connectorGroup is the default connectorGroup. Only a single connector group can be the default connectorGroup and this is pre-set by the system. |

-|region|string| The region the connectorGroup is assigned to and will optimize traffic for. This region can only be set if **no** connectors or applications are assigned to the connectorGroup. The regions available include: North America, Europe, Australia, Asia, and India. Possible values are: `nam`, `eur`, `aus`, `asia`, `ind`.|

-The following is an example of the request.

-The following is an example of the response. Note: The response object shown here might be shortened for readability.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-The following is an example of the response.

-This method does not support any OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response.

-You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).

-You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).

-You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).

-When assigning a role using the Azure portal, the role activation step is implicitly done on the admin's behalf. To get the full list of roles that are available in Azure AD, use [List directoryRoleTemplates](directoryroletemplate-list.md).

-You can use both the object ID and template ID of the **directoryRole** with this API. The template ID of a built-in role is immutable and can be seen in the role description on the Azure portal. For details, see [Role template IDs](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#role-template-ids).

-If a user's OneDrive is not provisioned but the user has a license to use OneDrive, this request will automatically provision the user's drive, when using delegated authentication.

-If a user's OneDrive is not provisioned but the user has a license to use OneDrive, this request will automatically provision the user's drive, when using delegated authentication.

-| _groupId_ | string | Required. The identifier for the group which owns the document library. |

-These method support the [$select query parameter][odata-query-parameters] to shape the response.

-If the drive does not exist and cannot be provisioned automatically (when using delegated authentication) an `HTTP 404` response will be returned.

-This collection includes items that are in the user's drive as well as items they have access to from other drives.

-This method returns a collection of [DriveItem](../resources/driveitem.md) resources for items which the owner of the drive has recently accessed.

-Some driveItems returned from the **recent** action will include the **remoteItem** facet which indicates they are items from another drive.

-To access the original driveItem object, you will need to make a request using the information provided in **remoteItem** in the following format:

-This API is part of Microsoft SharePoint and OneDrive APIs that perform advanced premium administrative functions and is considered a protected API. Protected APIs require you to have additional validation, beyond permission and consent, before you can use them. Before you call this API, you must [request access](https://aka.ms/PreviewSPOPremiumAPI).

-| justificationText | String | Optional. Justification text for audit purposes. Required when downgrading/removing a label. |

-For more details about how to monitor the progress of an assign sensitivity label operation, see [monitoring long-running operations](/graph/long-running-actions-overview).

-Also, Few Irm Protected sensitivity labels cannot be updated by Application and need delegated user access to validate if the user has proper rights, For these scenario the API will throw `Not Supported` response code.

-| fileDoubleKeyEncrypted | Indicates that the file is protected via double key encryption; therefore, it cannot be opened. |

-| fileDecryptionNotSupported | Indicates that the encrypted file has specific properties that do not allow these files to be opened by SharePoint.|

-| fileDecryptionDeferred | Indicates that the file is being processed for decryption; therefore, it cannot be opened. |

-| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |

-The following is an example of a request.

-The following is an example of the response.

-The response from the API only indicates that the assign sensitivity label operation was accepted or rejected. The operation might be rejected, for example, if the file type is not supported, or the file is double encrypted.

-Here is an example to download a complete file.

-Returns a `302 Found` response redirecting to a pre-authenticated download URL for the file.

-To download the contents of the file your application will need to follow the `Location` header in the response.

-Many HTTP client libraries will automatically follow the 302 redirection and start downloading the file immedately.

-Pre-authenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header to download.

-To download files in a JavaScript app, you cannot use the `/content` API, because this responds with a `302` redirect.

-Because these URLs are pre-authenticated, they can be retrieved without a CORS preflight request.

-This returns the ID and download URL for a file:

-Note that you must append the `Range` header to the actual `@microsoft.graph.downloadUrl` URL and not to the request for `/content`.

-This will return an `HTTP 206 Partial Content` response with the request range of bytes from the file.

-If the range cannot be generated the Range header may be ignored and an `HTTP 200` response would be returned with the full contents of the file.

-Returns a `302 Found` response redirecting to a pre-authenticated download URL for the bytes of the file.

-To download the contents of the file your application will need to follow the `Location` header in the response.

-Many HTTP client libraries will automatically follow the 302 redirection and start downloading the file immedately.

-Pre-authenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header to download.

-This returns a redirect to where the contents of the version can be downloaded.

-OneDrive does not preserve the complete metadata for previous versions of a file.

-Deletes a units of measure object from Dynamics 365 Business Central.

-|If-Match |Required. When this request header is included and the eTag provided does not match the current tag on the **unitsOfMeasure**, the **unitsOfMeasure** will not be updated. |

-Do not supply a request body for this method.

-If successful, this method returns ```204 No Content``` response code. It does not return anything in the response body.

-Here is an example of the request.

-Here is an example of the response.

-Update the properties of a units of measure object for Dynamics 365 Business Central.

-|If-Match |Required. When this request header is included and the eTag provided does not match the current tag on the **unitsOfMeasure**, the **unitsOfMeasure** will not be updated. |

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response.

-|applyHoldToSource|Boolean|Indicates if hold is applied to non-custodial data source (such as mailbox or site).|

-|datasource|[microsoft.graph.ediscovery.dataSource](../resources/ediscovery-datasource.md)|Either a userSource or siteSource. For userSource, use "dataSource" : { "@odata.type" : "microsoft.graph.ediscovery.userSource", "email" : "SMTP address"}. For site source use "dataSource" : { "@odata.type" : "microsoft.graph.ediscovery.siteSource", "site@odata.bind" : "siteId" }, where siteId can be derived from the site URL, e.g. `https://contoso.sharepoint.com/sites/HumanResources`, the Microsoft Graph request would be `https://graph.microsoft.com/v1.0/sites/contoso.sharepoint.com:/sites/HumanResources`. The ID is the first GUID listed in the ID field.

-### Example 1: Add a non-custodial data source user or group mailbox with an email

-### Example 2: Add a non-custodial data source site with a URL

-Only teachers in the class can do this. Note that you can't use a PATCH request to change the status of an **assignment**. Use the [publish](../api/educationassignment-publish.md) action to change the **assignment** status.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

-|addToCalendarAction|educationAddToCalendarOptions|Optional field to control the assignment behavior for adding assignments to students' and teachers' calendars when the assignment is published. Possible values are: `none`, `studentsAndPublisher`, `studentsAndTeamOwners`, `studentsOnly` and `unknownFutureValue`. Default value is `none`. Cannot be modified when assignment is in **Published** state. |

-|assignDateTime|DateTimeOffset| Date the assignment should be published to students. Cannot be edited after the assignment has been published. |

-|closeDateTime|DateTimeOffset| Date when the assignment will be closed for submissions. This is an optional field that can be null if the assignment does not allowLateSubmissions or the closeDateTime is the same as the dueDateTime but if specified, it must be greater than or equal to the dueDateTime.|

-|grading|[educationAssignmentGradeType](../resources/educationassignmentgradetype.md)| How the assignment will be graded.|

-|notificationChannelUrl|String| Channel to post assignment publish notification. Updating the channel URL is not allowed after the assignment has been published and is only allowed when the **assignTo** value is [educationAssignmentClassRecipient](../resources/educationassignmentclassrecipient.md).|

-The following is an example of the request.

-The following is an example of the response.

-description: "Retrieve the simple directory **administrativeUnit** that corresponds to this **educationSchool**."

-Retrieve the simple directory **administrativeUnit** that corresponds to this **educationSchool**.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

-| mobilePhone | String | Mobile number of user |

-| mailingAddress | [physicalAddress] | Mail address of user. Note: `type` and `postOfficeBox` are not supported for `educationUser` resources. |

-| residenceAddress | [physicalAddress] | Address where user lives. Note: `type` and `postOfficeBox` are not supported for `educationUser` resources. |

-| student | [educationStudent] | If the primary role is student, this block will contain student specific data. |

-| teacher | [educationTeacher](../resources/educationteacher.md) | If the primary role is teacher, this block will contain teacher specific data. |

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-If successful, this method returns `204 No Content` response code. It does not return anything in the response body.

-The following is an example of the request.

-The following is an example of the response.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the application using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

- - The only supported `$filter` expression is for tracking changes on a specific object: `$filter=id+eq+{value}`. You can filter multiple objects. For example, `https://graph.microsoft.com/beta/groups/delta/?$filter= id eq '477e9fc6-5de7-4406-bb2a-7e5c83c9ffff' or id eq '004d6a07-fe70-4b92-add5-e6e37b8affff'`. There is a limit of 50 filtered objects.

-Do not supply a request body for this method.

-If successful, this method returns `200 OK` response code and [group](../resources/group.md) collection object in the response body. The response also includes a state token which is either a `@odata.nextLink` URL or a `@odata.deltaLink` URL.

- - This indicates there are additional pages of data to be retrieved in the session. The application continues making requests using the `@odata.nextLink` URL until a `@odata.deltaLink` URL is included in the response.

- - This indicates there is no more data about the existing state of the resource to be returned. Save and use the `@odata.deltaLink` URL to learn about changes to the resource in the next round.

-The following is an example of the request. There is no `$select` parameter, so a default set of properties is tracked and returned.

-The following is an example of the response when using `@odata.deltaLink` obtained from the query initialization.

-The next example shows the initial request selecting 3 properties for change tracking, with default response behavior:

-The following is an example of the response when using `@odata.deltaLink` obtained from the query initialization. Note that all 3 properties are included in the response and it is not known which ones have changed since the `@odata.deltaLink` was obtained.

-The next example shows the initial request selecting 3 properties for change tracking, with alternative minimal response behavior:

-The following is an example of the response when using `@odata.deltaLink` obtained from the query initialization. Note that the `mailNickname` property is not included, which means it has not changed since the last delta query; `displayName` and `description` are included which means their values have changed.

-Specify the user or group in `@odata.id` in the request body. Users in the accepted senders list can post to conversations of the group . Make sure you do not specify the same user or group in the accepted senders and rejected senders lists, otherwise you will get an error.

-In the request body, supply the id of a user or group object.

-The following is an example of the request.

-The following is an example of the response.

-| securityEnabled | boolean | Set to `true` for security-enabled groups, including Microsoft 365 groups. Required. **Note:** Groups created using the Microsoft Azure portal always have **securityEnabled** initially set to `true`. |

- "id": "45b7d2e7-b882-4a80-ba97-10b7a63b8fa4",

- "deletedDateTime": null,

- "classification": null,

- "createdDateTime": "2018-12-22T02:21:05Z",

- "description": "Self help community for golf",

- "displayName": "Golf Assist",

- "expirationDateTime": null,

- "groupTypes": [

- "Unified"

- ],

- "mail": "golfassist@contoso.com",

- "mailEnabled": true,

- "mailNickname": "golfassist",

- "membershipRule": null,

- "membershipRuleProcessingState": null,

- "onPremisesLastSyncDateTime": null,

- "onPremisesSecurityIdentifier": null,

- "onPremisesSyncEnabled": null,

- "preferredDataLocation": "CAN",

- "preferredLanguage": null,

- "proxyAddresses": [

- "SMTP:golfassist@contoso.onmicrosoft.com"

- ],

- "renewedDateTime": "2018-12-22T02:21:05Z",

- "resourceBehaviorOptions": [],

- "resourceProvisioningOptions": [],

- "securityEnabled": false,

- "theme": null,

- "visibility": "Public",

- "onPremisesProvisioningErrors": []

-Specify the user or group in `@odata.id` in the request body. Users in the rejected senders list cannot post to conversations of the group (identified in the POST request URL). Make sure you do not specify the same user or group in the rejected senders and accepted senders lists, otherwise you will get an error.

-The following is an example of the request.

-The following is an example of the response.

-You can use `$expand` to expand specific user flow properties that are not expanded by default.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the request.

-The following is an example of the response.

-|onAttributeCollection|[onAttributeCollectionHandler](../resources/onattributecollectionhandler.md)|The configuration for what to invoke when attributes are ready to be collected from the user.|

-|onUserCreateStart|[onUserCreateStartHandler](../resources/onusercreatestarthandler.md)|The configuration for what to invoke during user creation.|

-|id|String|Required. The name of the user flow. The name will be pre-pended with `B2X_1` after creation.|

-|userFlowType|String|Required. The type of user flow you are creating. This value will always be `signUpOrSignIn`.|

-If successful, this method returns a `201 Created` response code and a Location header with a URI to the [b2xIdentityUserFlow](../resources/b2xidentityuserflow.md) object created for this request, with the `B2X_1` prefix added to the name. If unsuccessful, a `4xx` error will be returned with specific details.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the request.

-The following is an example of the response.

-* Global administrator

-* External Identity User Flow Attribute administrator

-* Global administrator

-* External Identity User Flow Attribute administrator

-* Global administrator

-* External Identity User Flow Attribute administrator

-* Global administrator

-* External Identity User Flow Attribute administrator

-* Global administrator

-* External Identity User Flow Attributes administrator

->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-The following is an example of a request.

-The following is an example of the response.

-This method does not support any OData query parameters.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-|includePersonalNotebooks|Boolean|Include notebooks owned by the user. Set to `true` to include notebooks owned by the user; otherwise, set to `false`. If you don't include the `includePersonalNotebooks` parameter, your request will return a `400` error response.|

-Do not supply a request body for this method.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

-The following is an example of a request that removes city as an attribute from the attribute collection step of an external identities self-service sign-up user flow. After executing this step, [update the attributes collected in the userflow](../api/authenticationeventsflow-update.md).

-The following is an example of the response

-Do not supply a request body for this method.

-If successful, this method returns a `204 No Content` response code. If unsuccessful, a `4xx` error will be returned with specific details.

-The following is an example of a request to remove Facebook as an identity provider option for account creation.

-The following is an example of the response

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-description: "Get the status of a long-running OneNote operation. This applies to operations that return the **Operation-Location** header in the response, such as `CopyNotebook`, `CopyToNotebook`, `CopyToSectionGroup`, `and CopyToSection`. "

-Get the status of a long-running OneNote operation. This applies to operations that return the **Operation-Location** header in the response, such as `CopyNotebook`, `CopyToNotebook`, `CopyToSectionGroup`, `and CopyToSection`.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-> `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). See more details in [application access policy](/graph/cloud-communication-online-meeting-application-access-policy).

-> - `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Configure application access to online meetings](/graph/cloud-communication-online-meeting-application-access-policy).

->- `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [Allow applications to access online meetings on behalf of a user](/graph/cloud-communication-online-meeting-application-access-policy).

-> - `userId` is the object ID of a user in [Azure user management portal](https://portal.azure.com/#blade/Microsoft_AAD_IAM/UsersManagementMenuBlade). For more details, see [application access policy](/graph/cloud-communication-online-meeting-application-access-policy).

-This method does not support OData query parameters to customize the response.

-The following is an example of the request.

-The following is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-e.g.

-Do not supply a request body for this method.

-By default, the response will not contain [printerCapabilities](../resources/printerCapabilities.md). To get **printerCapabilities**, use the `$select` query parameter.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the response, when using $select=id,displayName,capabilities

-description: Delete a printer share (unshare the associated printer). This action cannot be undone. If the printer is shared again in the future, any Windows users who had previously installed the printer will need to discover and re-install it.

-Delete a printer share (unshare the associated [printer](../resources/printer.md)). This action cannot be undone. If the [printer](../resources/printer.md) is shared again in the future, any Windows users who had previously installed the [printer](../resources/printer.md) will need to discover and reinstall it.

-Do not supply a request body for this method.

-If successful, this method returns a `204 No Content` response code. It does not return anything in the response body.

-The following is an example of the request.

-The following is an example of the response.

-e.g.

-* The `$count` operator is not supported.

-Do not supply a request body for this method.

-By default, the response will not contain [printerCapabilities](../resources/printerCapabilities.md). To get **printerCapabilities**, use the `$select` query parameter.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the response, when using $select=id,displayName,capabilities

-description: "Gets an object which represents a range that's offset from the specified range. The dimension of the returned range will match this range. If the resulting range is forced outside the bounds of the worksheet grid, an exception will be thrown."

-Gets an object which represents a range that's offset from the specified range. The dimension of the returned range will match this range. If the resulting range is forced outside the bounds of the worksheet grid, an exception will be thrown.

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|color|string|HTML color code representing the color of the border line, of the form #RRGGBB (e.g. "FFA500") or as a named HTML color (e.g. "orange").|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|color|string|HTML color code representing the color of the border line, of the form #RRGGBB (e.g. "FFA500") or as a named HTML color (e.g. "orange")|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|color|string|HTML color code representation of the text color. E.g. #FF0000 represents Red.|

-|name|string|Font name (e.g. "Calibri")|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|columnWidth|double|Gets or sets the width of all colums within the range. If the column widths are not uniform, null will be returned.|

-|rowHeight|double|Gets or sets the height of all rows in the range. If the row heights are not uniform null will be returned.|

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-This request updates the font style, size, and color of the third cell. Note that the underline property takes **Single** or **Double** as values.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-|matchCase|boolean|Optional. Whether to have the casing impact string ordering.|

-If successful, this method returns `200 OK` response code. It does not return anything in the response body.

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response.

-You can use `$select` to get specific regionalAndLanguageSettings properties, including those that are not returned by default.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-description: "Get a report that provides the trend of activity count by activity type over a selected period."

-Get a report that provides the trend of activity count by activity type over a selected period.

-> **Note:** For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

-Do not supply a request body for this method.

-Preauthenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header.

-The following is an example that outputs CSV.

-The following is an example of a request.

-The following is an example of the response.

-Follow the 302 redirection and the CSV file that downloads will have the following schema.

-The following is an example that returns JSON.

-The following is an example of a request.

-The following is an example of the response.

->**Note**: For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

-Preauthenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header.

-The following is an example that outputs CSV.

-The following is an example of the request.

-The following is an example of the response.

-Follow the 302 redirection and the CSV file that downloads will have the following schema.

-The following is an example that returns JSON.

-The following is an example of the request.

-The following is an example of the response.

-description: "Get details about Microsoft Teams activity by team. The numbers include activities for both licensed and non-licensed users."

-Get details about Microsoft Teams activity by team. The numbers include activities for both licensed and non-licensed users.

-> **Note:** For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

-Do not supply a request body for this method.

-Preauthenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header.

-The following is an example that outputs CSV.

-The following is an example of a request.

-The following is an example of the response.

-The following is an example that returns JSON.

-The following is an example of a request.

-The following is an example of the response.

-> **Note:** For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure Active Directory limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

-Do not supply a request body for this method.

-Pre-authenticated download URLs are only valid for a short period (a few minutes) and do not require an `Authorization` header.

-The following is an example that outputs CSV.

-The following is an example of a request.

-The following is an example of the response.

-Follow the 302 redirection and the CSV file that downloads will have the following schema.

-The following is an example that returns JSON.

-The following is an example of a request.

-The following is an example of the response.

->**Note**: For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user the appropriate Azure AD limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).

-Preauthenticated download URLs are only valid for a short period of time (a few minutes) and do not require an `Authorization` header.

-The following is an example that outputs CSV.

-The following is an example of the request.

-The following is an example of the response.

-Follow the 302 redirection and the CSV file that downloads will have the following schema.

-The following is an example that returns JSON.

-The following is an example of the request.

-The following is an example of the response.

-In the request body, supply a JSON representation of the [qna](../resources/search-qna.md) object. Supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|webUrl|String|Qna URL link. When users click this qna in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

-|availabilityStartDateTime|DateTimeOffset|Timestamp of when the qna will start to appear as a search result. Set as `null` for always available.|

-|availabilityEndDateTime|DateTimeOffset|Timestamp of when the qna will stop to appear as a search result. Set as `null` for always available.|

-|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a qna for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|

-|webUrl|String|Qna URL link. When users click this qna in search results, they will go to this URL. Inherited from [searchAnswer](../resources/search-searchAnswer.md).|

-|availabilityStartDateTime|DateTimeOffset|Timestamp of when the qna will start to appear as a search result. Set as `null` for always available.|

-|availabilityEndDateTime|DateTimeOffset|Timestamp of when the qna will stop to appear as a search result. Set as `null` for always available.|

-|targetedVariations|[microsoft.graph.search.answerVariant](../resources/search-answerVariant.md) collection|Variations of a qna for different countries or devices. Use when you need to show different content to users based on their device, country/region, or both. The date and group settings will apply to all variations.|

-Here is an example of the response.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here is truncated for brevity. All of the properties will be returned from an actual call.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-Start the process of applying hold on [eDiscovery non-custodial data sources](../resources/security-ediscoverynoncustodialdatasource.md). After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an [eDiscoveryHoldOperation](../resources/security-ediscoveryholdoperation.md) object.

-The following is an example of a request.

-The following is an example of the response.

-The following is an example of a request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-Start the process of removing hold from [eDiscovery non-custodial data sources](../resources/security-ediscoverynoncustodialdatasource.md). After the operation is created, you can get the status by retrieving the `Location` parameter from the response headers. The location provides a URL that will return an [eDiscoveryHoldOperation](../resources/security-ediscoveryholdoperation.md) object.

-The following is an example of a request.

-The following is an example of the response.

-The following is an example of a request.

-The following is an example of the response.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of the response.

-# Add Add noncustodialDataSources

-The following is an example of a request.

-The following is an example of the response.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in the Azure portal.

-Get a [signIn](../resources/signin.md) object that contains a specific user sign-in event for your tenant. This includes sign-ins where a user is asked to enter a username or password, and session tokens.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-* If an error occurred while following any of the specified sites, this method returns a `207` status code and the response body will contain an array of entries containing [error](/graph/errors) objects and siteIds indicating which sites were unable to be followed.

-The following example shows how to follow multiple sites.

-If an error occured, it returns the following JSON response

-* If an error occured while unfollowing any of the specified sites, this method returns a `207` status code and the response body will contain an array of entries containing [error](/graph/errors) objects and siteIds indicating which sites unable to be unfollowed.

-If an error occured, it returns the following JSON response

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-This method does not support the [OData query parameter](/graph/query-parameters) to help customize the response.

-Do not supply a request body for this method.

-Do not supply a request body for this method.

-Do not supply a request body for this method.

-Get the list of commercial subscriptions that an organization has acquired. For the mapping of license names as displayed on the Azure portal or the Microsoft 365 admin center against their Microsoft Graph **skuId** and **skuPartNumber** properties, see [Product names and service plan identifiers for licensing](/azure/active-directory/enterprise-users/licensing-service-plan-reference).

-> If the target directory for the operation is Azure AD, then the matched user is soft-deleted. The user can be seen on the Microsoft Azure portal **Deleted users** page for the next 30 days and can be restored during that time.

-`{servicePrincipalId}` refers to the **id** of the service principal object. **id** is referred to as the **Object ID** of the enterprise application in the Azure portal.

- 1) Doc bug where 'jobs' isn't defined on the resource.

- 2) Doc bug where 'jobs' is an example key and should instead be replaced with a placeholder like {item-id} or declared in the sampleKeys annotation.

- 3) Doc bug where 'synchronization' is supposed to be an entity type, but is being treated as a complex because it (and its ancestors) are missing the keyProperty annotation."

-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response. For reliable results, use the [$top](/graph/query-parameters#top) and [$skip](/graph/query-parameters#skip-parameter) query parameters to page through the results. This will help avoid performance problems related to large result sets.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-Do not supply a request body for this method.

-If successful, this method returns a `200 OK` response code and collection of [workbookTableColumn](../resources/workbooktablecolumn.md) objects in the response body.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response. For reliable results, use the [$top](/graph/query-parameters#top) and [$skip](/graph/query-parameters#skip-parameter) query parameters to page through the results. This will help avoid performance problems related to large result sets.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-description: "Create a new table. The range source address determines the worksheet under which the table will be added. If the table cannot be added (e.g., because the address is invalid, or the table would overlap with another table), an error will be thrown."

-Create a new table. The range source address determines the worksheet under which the table will be added. If the table cannot be added (e.g., because the address is invalid, or the table would overlap with another table), an error will be thrown.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-|address|string|Address or name of the range object representing the data source. If the address does not contain a sheet name, the currently-active sheet is used.|

-|hasHeaders|boolean|Boolean value that indicates whether the data being imported has column labels. If the source does not contain headers (i.e,. when this property set to false), Excel will automatically generate header shifting the data down by one row.|

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|values|Json|Represents the raw values of the specified range. The data returned could be of type string, number, or a boolean. Cell that contain an error will return the error string.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-|values|Json|Represents the raw values of the specified range. The data returned could be of type string, number, or a boolean. Cell that contain an error will return the error string.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-If successful, this method returns `200 OK` response code. It does not return anything in the response body.

-Here is an example of how to call this API.

-Here is an example of the request.

-Here is an example of the response.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-When tabs are cloned, they are not configured. The tabs are displayed on the tab bar in Microsoft Teams, and the first time a user opens them, they must go through the configuration screen.

-If the user who opens the tab does not have permission to configure apps, they will see a message that says that the tab is not configured.

-Cloning is a long-running operation. After the POST clone returns, you need to GET the [operation](../resources/teamsasyncoperation.md) returned by the `Location:` header to see if it's `running`, `succeeded`, or `failed`. You should continue to GET until the status is not `running`. The recommended delay between GETs is 5 seconds.

-|classification|String (optional)|Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList [setting](../resources/directorysetting.md) value, based on the [template definition](../resources/directorysettingtemplate.md). If classification is not specified, the classification will be copied from the original team/group.|

-|description|String (optional)|An optional description for the group. If this property is not specified, it will be left blank.|

-|displayName|String|The display name for the group. This property is required when a group is created and it cannot be cleared during updates. Supports $filter and $orderby.|

-|mailNickname|String|The mail alias for the group, unique in the organization. This property must be specified when a group is created. Supports $filter. If this property is not specified, it will be computed from the displayName. Known issue: this property is currently ignored.|

-|visibility|[teamVisibilityType](../resources/teamvisibilitytype.md) (optional)| Specifies the visibility of the group. Possible values are: **Private**, **Public**. If visibility is not specified, the visibility will be copied from the original team/group. If the team being cloned is an **educationClass** team, the visibility parameter is ignored, and the new group's visibility will be set to HiddenMembership.|

-If successful, this method will return a `202 Accepted` response code with a Location: header pointing to the [operation](../resources/teamsasyncoperation.md) resource.

-When the operation is complete, the operation resource will tell you the id of the created team.

-The following is an example of the request.

-The following is an example of the response. Note: The response object shown here might be shortened for readability.

-description: "Restore an archived team. This restores users' ability to send messages and edit the team, abiding by tenant and team settings. Teams are archived using the archive API."

-Restore an archived [team](../resources/team.md). This restores users' ability to send messages and edit the team, abiding by tenant and team settings. Teams are archived using the [archive](team-archive.md) API.

-Do not supply a request body for this method.

-The following is an example of a request.

-The following is an example of a response.

- "maxLifetime": "P4DT12H30M5S",

- "maxLifetime": "P40D",

- },

-Do not supply a request body for this method.

-The following is an example of the response. From the response, the user created a Microsoft 365 group, an application, and it's service principal.

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response.

-Your application service does not require any additional permissions to post notifications to your targeted user.

-If successful, this method returns a `201 Created` response code that indicates that the notification was successfully created and stored. The notification will be subsequently fanned-out to all specified endpoints with a valid subscription.

-|Error code | Descrition |

-|HttpStatusCode.BadRequest | Body is an array (multiple notifications is not supported).|

-|HttpStatusCode.MethodNotAllowed | The HTTP method used is not supported. |

-|HttpStatusCode.BadRequest | Unsupported headers are present in the request. Two headers are not supported:<br/><br/>If-Modified-Since<br/>If-Range |

-|HttpStatusCode.Forbidden | Caller is not authorized to act on behalf of the user or send notification to the user. |

-The following is an example of a request.

-The following is an example of the corresponding response.

-It's also possible to opt-out multiple users from Delve through a batch request.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

-Here is an example request on how to opt-out a user from Delve and disable his contribution on content relevancy for the whole organization.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the request.

-The following is an example of the response.

-| workbook-session-id | Workbook session Id to be closed |

-This API does not require any request body.

-Here is an example of the request.

-Note that workbook-session-id header is required.

-Here is an example of the response.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-Do not supply a request body for this method.

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-| Address | string| Range address. If you are calling this API off of `worksheets/{id or name}/tables/add` path, there is no need to for sheet name prefix in the address. However, if you are calling this off of `workbook/tables/add` path, then supply the sheet name on which the table needs to be created (example: `sheet1!A1:D4`)|

-| hasHeaders | boolean|Boolean value that indicates whether the range has column labels. If the source does not contain headers (i.e,. when this property set to false), Excel will automatically generate header shifting the data down by one row.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-This API does not require any request body.

-Here is an example of the request.

-Note that workbook-session-id header is required.

-Here is an example of the response.

-In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

-|apiVersion|Int32|API version for the call back url. Start with 1.|

-|supportedEntities|string| This property will replace **supports** in v1.0. We recommend that you use this property instead of **supports**. The **supports** property will still be supported in beta for the time being. Possible values are `none`, `shift`, `swapRequest`, `openshift`, `openShiftRequest`, `userShiftPreferences`. If selecting more than one value, all values must start with the first letter in uppercase.|

-The following is an example of the request.

-The following is an example of the response.

-The following is an example of the request.

-The following is an example of the response.

-The interaction between Shifts app and workforce integration endpoints will follow the existing pattern.

-The following is an example of the request made by Shifts to the workforce integration endpoint to fetch eligible shifts for a swap request.

-The following is an example of the response from the workforce integration service.

-### Example 4: Shifts synchronous call back to the workforce integration endpoint when enabled for real time notifications on timeCard changes.

-The following is an example of the request.

-The following is an example of the response.

-| Workbook-Session-Id | Workbook session Id that determines if changes are persisted or not. Optional.|

-| Address | string| Range address. If you are calling this API off of `worksheets/{id|name}/tables/add` path, there is no need to support the sheet name prefix in the address. However, if you are calling this off of `workbook/tables/add` path, then supply the sheet name on which the table needs to be created (example: `sheet1!A1:D4`)|

-| hasHeaders | boolean|Boolean value that indicates whether the range has column labels. If the source does not contain headers (i.e,. when this property set to false), Excel will automatically generate header shifting the data down by one row.|

-Here is an example of the request.

-Here is an example of the response. Note: The response object shown here might be shortened for readability.

-Do not supply a request body for this method.

-If successful, this method returns `200 OK` response code. It does not return anything in the response body.

-The following is an example of the request.

-The following is an example of the response.

-A complex type used to represent a text in multiple localalized forms. It includes a default text, which is used in any case where the requested localization is not available.

-|defaultText|String|The fallback string, which is used when a requested localization is not available. Required. |

-The following is a JSON representation of the resource.

-A child of **accessPackageQuestion** that has text input as an answer. This is used in the **questions** property of an [accessPackageAssignmentPolicy](accesspackageassignmentpolicy.md) and inside an [accessPackageResourceAttribute](accesspackageresourceattribute.md) of an access package resource.

-|regexPattern|String|This is the regex pattern that the corresponding text answer must follow.|

-The following is a JSON representation of the resource.

-The following is a JSON representation of the resource.

-In the Azure AD [access reviews](accessreviews-root.md) feature, the `accessReviewDecision` represents an Azure AD access review decision of a particular entity's access. Within an access review, or an instance of a recurring access review, there is one `accessReviewDecision` per reviewed user. For example, if a group has two guests and one non-guest as members, and an access review of guests is performed for that group, then there will be two access review decision objects. If a reviewer changes their decision, or another reviewer overrides them, then the `accessReviewDecision` is updated.

-None. Objects of this type are automatically created by the feature when an access review initializes, and cannot be deleted. They can be retrieved from an access review using the [decisions](../api/accessreview-listdecisions.md) and [mydecisions](../api/accessreview-listmydecisions.md) relationships.

-| `id` |`String` | The id of the decision within the access review. |

-| `accessReviewId` |`String` | The feature-generated id of the access review. |

-| `appliedBy` |[userIdentity](useridentity.md)| When the review completes, if the results were manually applied, the user identity of the user who applied the decision. If the review was auto-applied, the userPrincipalName is empty. |

-In addition, additional properties may be present depending on the object type of the object possessing the access that was decided upon. For example, if the access review decision is a particular user's group membership or application access, the user who is potentially going to have their access be removed is identified through these properties:

-| `userId` |`String` | The id of user whose access was reviewed. |

-Here is a JSON representation of the resource.

-|decisions|String collection|Determines which review decisions will be included in the fetched review history data if specified. Optional on create. All decisions will be included by default if no decisions are provided on create. Possible values are: `approve`, `deny`, `dontKnow`, `notReviewed`, and `notNotified`.|

-|reviewHistoryPeriodStartDateTime|DateTimeOffset|A timestamp. Reviews starting on or before this date will be included in the fetched history data. Only required if **scheduleSettings** is not defined.|

-| scheduleSettings |[accessReviewHistoryScheduleSettings](accessReviewHistoryScheduleSettings.md)| The settings for a recurring access review history definition series. Only required if **reviewHistoryPeriodStartDateTime** or **reviewHistoryPeriodEndDateTime** are not defined. Not supported yet.|

-|instances|[accessReviewHistoryInstance](accessreviewhistoryinstance.md) collection| If the **accessReviewHistoryDefinition** is a recurring definition, instances represent each recurrence. A definition that does not recur will have exactly one instance.|

-The following is a JSON representation of the resource.

- Represents a recurrence of an [accessReviewHistoryDefinition](accessreviewhistorydefinition.md) object. A history definition that does not recur will have exactly one instance.

- Every **accessReviewHistoryInstance** along with its associated **accessReviewHistoryDefinition** contain the properties **reviewHistoryPeriodStartDateTime**, **reviewHistoryPeriodEndDateTime**, **decisions**, **scheduleSettings**, and **scopes**. These properties are used when scheduling recurrences as well as selecting review data and can be modified. Each **accessReviewHistoryInstance** object and data is only available for 30 days. Once an **accessReviewHistoryInstance** status has been moved to `done` a link can be generated to retrieve the instance's data by calling [generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md).

-|[generateDownloadUri](../api/accessreviewhistoryinstance-generatedownloaduri.md)|[accessReviewHistoryDefinition](accessreviewhistorydefinition.md)|Generates a URI which can be used to retrieve the instance's review history data.|

-|downloadUri|String|Uri which can be used to retrieve review history data. This URI will be active for 24 hours after being generated. Required.|

-|reviewHistoryPeriodEndDateTime|DateTimeOffset|Timestamp, reviews ending on or before this date will be included in the fetched history data.|

-|reviewHistoryPeriodStartDateTime|DateTimeOffset|Timestamp, reviews starting on or after this date will be included in the fetched history data.|

-The following is a JSON representation of the resource.

-The **accessReviewNotificationRecipientScope** represents a base class for defining users who will receive notifications on instances of [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) objects. It is inherited by [accessReviewNotificationRecipientQueryScope](../resources/accessReviewNotificationRecipientQueryScope.md).

-The following is a JSON representation of the resource.

-description: "Provides additional settings when creating an access review."

-Provides additional settings when creating an access review, to control the feature behavior when starting an access review.

-| autoReviewEnabled | Boolean | Indicates whether a decision should be set if the reviewer did not supply one. For use when auto-apply is enabled. If you don't want to have a review decision recorded unless the reviewer makes an explicit choice, set it to `false`.|

-| autoReviewSettings | [autoReviewSettings](autoreviewsettings.md) | Detailed settings for how the feature should set the review decision. For use when auto-apply is enabled. |

-description: "In Azure AD access reviews, the accessReviewStageSettings represents the settings of the stages associated with a multi-stage access review."

-|decisionsThatWillMoveToNextStage|String collection|Indicate which decisions will go to the next stage. Can be a sub-set of `Approve`, `Deny`, `Recommendation`, or `NotReviewed`. If not provided, all decisions will go to the next stage. Optional. |

-|dependsOn|String collection| Defines the sequential or parallel order of the stages and depends on the **stageId**. Only sequential stages are currently supported. For example, if **stageId** is `2`, then **dependsOn** must be `1`. If **stageId** is `1`, do not specify **dependsOn**. Required if **stageId** is not `1`. |

-|durationInDays|Int32|The duration of the stage. Required. <br/><br/>**NOTE:** The cumulative value of this property across all stages <br/> 1. Will override the [instanceDurationInDays setting](accessReviewScheduleSettings.md) on the [accessReviewScheduleDefinition](accessReviewScheduleDefinition.md) object. <br/>2. Cannot exceed the length of one recurrence. That is, if the review recurs weekly, the cumulative **durationInDays** cannot exceed 7. |

-|fallbackReviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|If provided, the fallback reviewers are asked to complete a review if the primary reviewers do not exist. For example, if managers are selected as **reviewers** and a principal under review does not have a manager in Azure AD, the fallback reviewers are asked to review that principal. <br/><br/>**NOTE:** The value of this property will override the corresponding setting on the [accessReviewScheduleDefinition](accessReviewScheduleDefinition.md) object.|

-|recommendationsEnabled|Boolean|Indicates whether showing recommendations to reviewers is enabled. Required. <br/><br/>**NOTE:** The value of this property will override override the corresponding [setting](accessReviewScheduleSettings.md) on the [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) object.|

-| recommendationInsightsSettings | [accessReviewRecommendationInsightSetting](accessReviewRecommendationInsightSetting.md) collection | Determines which recommendations to show to reviewers. <br/><br/>**NOTE:** The value of this property will override the corresponding [setting](accessReviewScheduleSettings.md) on the [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) object.|

-| recommendationLookBackDuration | Duration| Optional field. Indicates the time period of inactivity (with respect to the start date of the review instance) that recommendations will be configured from. The recommendation will be to `deny` if the user is inactive during the look back duration. For reviews of groups and Azure AD roles, any duration is accepted. For reviews of applications, 30 days is the maximum duration. If not specified, the duration is 30 days. <br/><br/>**NOTE:** The value of this property will override the corresponding [setting](accessReviewScheduleSettings.md) on the [accessReviewScheduleDefinition](accessreviewscheduledefinition.md) object. |

-|reviewers|[accessReviewReviewerScope](../resources/accessreviewreviewerscope.md) collection|Defines who the reviewers are. If none are specified, the review is a self-review (users review their own access). For examples of options for assigning reviewers, see [Assign reviewers to your access review definition using the Microsoft Graph API](/graph/accessreviews-reviewers-concept). <br/><br/>**NOTE:** The value of this property will override the corresponding setting on the [accessReviewScheduleDefinition](accessReviewScheduleDefinition.md). |

-|stageId|String|Unique identifier of the **accessReviewStageSettings**. The **stageId** will be used in **dependsOn** property to indicate the stage relationship. Required. |

-The following is a JSON representation of the resource.

-|actionUrl|[actionUrl](../resources/actionurl.md)|A link to the documentation or Azure portal page that is associated with the action step.|

-description: "The link to the documentation or Azure portal page that provides more information about an actionStep."

-The link to the documentation or Azure portal page that provides more information about an [actionStep](../resources/actionstep.md).

-|url|String|The URL to the documentation or Azure portal page.|

-User activities donΓÇÖt just launch apps ΓÇö they are deep links into specific content within your app. The user activities you create can not only be used in your own app, but will also appear in Cortana and Windows Timeline ΓÇö driving more app reengagement and making it easier for your users to continue using your app across multiple devices.

-*Playlist scenarios:* This is especially relevant for music playlists or TV shows ΓÇö a single user activity can be updated to show your progress. In this case, you will have a single user activity with multiple [history items](/graph/api/resources/projectrome-historyitem) representing periods of engagement across multiple days or weeks.

-**DO NOT:** Create a user activity for actions that users do not need to resume in the future.

-If your application is used to complete simple, one-time operations that do not persist status for you to track in the future, you probably do not need to write a user activity.

-To be clear, even though user activities appear in Windows Timeline, this is not designed as a versioning tool ΓÇö choosing a document-based activity should always show the latest version of that document (including changes that were made by another user.)

-If someone sends the user a message, or @mentions the user within your app, you should not write a new activity. These interactions are better served by surfacing notifications.

-* **Document-based apps** ΓÇö Create one activity per document with one or more history records reflecting periods of use. It is important to update your activity card as changes are made to the document.

-* **Utility apps** ΓÇö If there is nothing within your app that users would want to resume, you should not publish activities. A good example is a simple single-purpose app like calculator.

-* **Line-of-business apps** ΓÇö Many apps exist for managing simple tasks or workflows. Create one activity for each separate workflow accessed through your app. For example, each expense report would be a separate activity, because you might want to click that activity to see if it was approved.

-Represents a policy that can control the idle timeout for web sessions for applications that support activity-based timeout functionality. Applications enforce automatic signout after a period of inactivity. This type of policy can only be applied at the organization level (by setting the **isOrganizationDefault** property to `true`).

-|ApplicationPolicies|JSON object|Collection of application policy. An application policy, is a combination of an ApplicationId and a WebSessionIdleTimeout: <br> <ul><li>**ApplicationId**: Allowed values:<ul><li> default: applies the policy to all applications that support activity-based timeout functionality but do not have application-specific override</li><li> c44b4083-3bb0-49c1-b47d-974e53cbdf3c: applies the policy to the Azure Portal</li></ul></li><li>**WebSessionIdleTimeout**: The period of user inactivity after which the user's web session is considered expired. The minimum value is 5 minutes; the maximum value is 1 day.</li></ul> |

-The following is a JSON representation of the resource.

-description: "Here is a JSON representation of the resource."

-Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams [might configure add-ins](/onedrive/developer/file-handlers/?view=odsp-graph-online&preserve-view=true) for File Handler functionality. This will let services like Microsoft 365 call the application in the context of a document the user is working on.

-|id|guid||

-Here is a JSON representation of the resource.

-description: Facet describing a bundle which is a photo album.

-A photo album is a way to virtually group [driveItems][driveItem] with [photo][] facets together in a [bundle][]. Bundles of this type will have the **album** property set on the [bundle][] resource.

-**Note:** If a **coverImageItemId** has not been set before, the thumbnails for an album are chosen automatically.

-Anonymous users do not have a Microsoft Teams identity and can join meetings using meeting join links. For more details, see [Anonymous users](/microsoftteams/non-standard-users#anonymous-users).

-The following is a JSON representation of the resource.

-| appId | String | The globally unique appId (also called *client ID* on the Azure portal) of the credential application. |

-| Property | Type |Description|

-|displayName|String|Refers to the Application Name displayed in the Azure Portal.|

-| id | String | Unique identifier for the application object. This property is referred to as **Object ID** in the Azure portal. Inherited from [directoryObject](directoryobject.md). Key. Not nullable. Read-only. Supports `$filter` (`eq`, `ne`, `not`, `in`). |

-description: "Represents the listeners, such as Azure Logic Apps and Azure Functions, that are triggered by the corresponding events in an sign-in event."

-Represents the [authentication event listeners](authenticationeventlistener.md), such as Azure Logic Apps and Azure Functions, that are triggered by the corresponding events in a [sign-in event](../resources/signin.md).

-The following is a JSON representation of the resource.

-| id | string | Id of an app-specific container or resource representing the scope of the assignment. Usually the immutable id of the resource. The scope of an assignment determines the set of resources for which the principal has been granted access. This property is required. |

-| type | String | Describes the type of app-specific resource represented by the app scope. Provided for display purposes, so a user interface can convey to the user the kind of app specific resource represented by the app scope. This property is read only. |

-The following is a JSON representation of the resource.

-description: "An event attendee. This can be a person or resource such as a meeting room or equipment, that has been set up as a resource on the Exchange server for the tenant."

-|proposedNewTime|[timeSlot](timeslot.md)|An alternate date/time proposed by the attendee for a meeting request to start and end. If the attendee hasn't proposed another time, then this property is not included in a response of a GET event.|

-Here is a JSON representation of the resource

-For more details about authentication context in conditional access, see the [conditional access context documentation](/azure/active-directory/conditional-access/concept-conditional-access-cloud-apps#authentication-context-preview).

-|id|String|The identifier of a authentication context in your tenant.|

-The following is a JSON representation of the resource.

-|id|String| Identifier used to reference the authentication context class. The id is used to trigger step-up authentication for the referenced authentication requirements and is the value that will be issued in the `acrs` claim of an access token. This value in the claim is used to verify that the required authentication context has been satisfied. The allowed values are `c1` through `c25`. <br/> Supports `$filter` (`eq`). |

-|isAvailable|boolean| Indicates whether the authenticationContextClassReference has been published by the security admin and is ready for use by apps. When it is set to `false`, it should not be shown in selection UX used to tag resources with authentication context class values. It will still be shown in the Conditionall Access policy authoring experience. <br/> Supports `$filter` (`eq`). |

-The following is a JSON representation of the resource.

-|displayName|String| Inherited property. The human-readable name of the policy. This property is not a key. Optional. Read-only.|

-|description|String|Inherited property. A description of the policy. This property is not a key. Optional. Read-only.|

-|selfServiceSignUp|[selfServiceSignUpAuthenticationFlowConfiguration](../resources/selfservicesignupauthenticationflowconfiguration.md) |Contains [selfServiceSignUpAuthenticationFlowConfiguration](../resources/selfservicesignupauthenticationflowconfiguration.md) settings that convey whether self-service sign-up is enabled or disabled. This property is not a key. Optional. Read-only. |

-The following is a JSON representation of the resource.

-|targetType|authenticationMethodTargetType| Possible values are: `group`, and `unknownFutureValue`. From December 2022, targeting individual users using `user` is no longer recommended. Existing targets will remain but we recommend to move the individual users to a targeted group.|

-The following is a JSON representation of the resource.

-The **authenticationStrength** object corresponds to the 'Require authentication strength' control of the Conditional Access policy's UX on the Azure portal.

-|blockMsolPowerShell|Boolean| To disable the use of the [MSOnline PowerShell module](/powershell/module/msonline) set this property to `true`. This will also disable user-based access to the legacy service endpoint used by the MSOnline PowerShell module. This does not affect Azure AD Connect or Microsoft Graph. |

-The following is a JSON representation of the resource.

-The local accounts in Azure AD B2C do not follow the settings or paradigms from Azure AD. The Azure AD authentication methods policy is not used or enforced by Azure AD B2C. Azure AD B2C stores these settings in a different policy, which is consumed by user flows.

-|id|String|The id of the B2C authentication methods policy. This is a read only property and the key.|

-The following is a JSON representation of the resource.

-description: "Represents a self-service sign up user flow within an Azure Active Directory tenant."

-Represents a self-service sign up user flow within an Azure Active Directory tenant.

-|[Get API connectors configuration for user flow](../api/b2xidentityuserflow-get-apiConnectorConfiguration.md)|[userFlowApiConnectorConfiguration](../resources/userflowapiconnectorconfiguration.md)| Get the configuration for API connectors used in the user flow. The $expand query parameter is not supported for this method.|

-|userFlowType|userFlowType|The type of user flow. For self-service sign up user flows, the value can only be `signUpOrSignIn` and cannot be modified after creation.|

-|userFlowTypeVersion|Single|The version of the user flow. For self-service sign up user flows, the version is always `1`.|

-|apiConnectorConfiguration|[userFlowApiConnectorConfiguration](../resources/userflowapiconnectorconfiguration.md)|Configuration for enabling an API connector for use as part of the self-service sign up user flow. You can only obtain the value of this object using [Get userFlowApiConnectorConfiguration](../api/b2xidentityuserflow-get-apiConnectorConfiguration.md).|

-|languages|[userFlowLanguageConfiguration](../resources/userflowlanguageconfiguration.md) collection|The languages supported for customization within the user flow. Language customization is enabled by default in self-service sign up user flow. You cannot create custom languages in self-service sign up user flows.|

-The following is a JSON representation of the resource.

-|password|String| The password. It is not returned in the responses. |

-The following is a JSON representation of the resource.

-description: "Provides the details on how to generate the agregations in the results"

-Provides the details on how to generate the agregations in the results.

-|ranges|[bucketAggregationRange](bucketaggregationrange.md) collection|Specifies the manual ranges to compute the aggregations. This is only valid for non-string refiners of date or numeric type. Optional.|

-|sortBy|bucketAggregationSortProperty| The possible values are `count` to sort by the number of matches in the aggregation, `keyAsString`to sort alphabeticaly based on the key in the aggregation, `keyAsNumber` for numerical sorting based on the key in the aggregation. Required.

-The following is a JSON representation of the resource.

-For Azure AD B2B scenarios in an Azure AD tenant, the built in identity provider type can be an Azure Active Directory(AAD), Microsoft account(MSA) or email one-time passcode (EmailOTP).

-|[List](../api/identitycontainer-list-identityproviders.md)|[identityProviderBase](../resources/identityproviderbase.md) collection|Retrieve all identity providers configured in a tenant including the built-in identity providers. There is no way to retrieve only the built-in identity providers in a tenant.|

-|[Get](../api/identityproviderbase-get.md) |builtInIdentityProvider|Retrieve properties of an built-in identity provider.|

-The following is a JSON representation of the resource.

-Getting the calendar permissions of a calendar on behalf of a sharee or delegate returns an empty calendar permissions collection.

-Once a sharee or delegate has been set up for a calendar, you can [update](../api/calendarpermission-update.md) only the **role** property to change the permissions of a sharee or delegate. You cannot **update** the **allowedRoles**, **emailAddress**, **isInsideOrganization**, or **isRemovable** property. To change these properties, you should [delete](../api/calendarpermission-delete.md) the corresponding **calendarPermission** object and create another sharee or delegate in an Outlook client.

-|emailAddress|[emailAddress](emailaddress.md)| Represents a sharee or delegate who has access to the calendar. For the "My Organization" sharee, the **address** property is null. Read-only. |

-|id|String| The unique identifier of the user (sharee or delegate) with whom the calendar has been shared. Read-only.|

-|isInsideOrganization|Boolean| True if the user in context (sharee or delegate) is inside the same organization as the calendar owner.|

-|isRemovable|Boolean| `True` if the user can be removed from the list of sharees or delegates for the specified calendar, `false` otherwise. The "My organization" user determines the permissions other people within your organization have to the given calendar. You cannot remove "My organization" as a sharee to a calendar.|

-|role|[calendarRoleType](#calendarroletype-values)| Current permission level of the calendar sharee or delegate. |

-| none | Calendar is not shared with the user. |

-| freeBusyRead | User is a sharee who can view free/busy status of the owner on the calendar. |

-| limitedRead | User is a sharee who can view free/busy status, and titles and locations of the events on the calendar. |

-| read | User is a sharee who can view all the details of the events on the calendar, except for the owner's private events. |

-| write | User is a sharee who can view all the details (except for private events) and edit events on the calendar. |

-| delegateWithoutPrivateEventAccess | User is a delegate who has write access but cannot view information of the owner's private events on the calendar. |

-The following is a JSON representation of the resource.

-|calleeNumber|String|Number of the user or bot who received the call ([E.164](https://en.wikipedia.org/wiki/E.164) format, but may include additional data).|

-|callerNumber|String|Number of the user or bot who made the call ([E.164](https://en.wikipedia.org/wiki/E.164) format, but may include additional data).|

-|inviteDateTime|DateTimeOffset|When the initial invite was sent.|

-|otherPartyCountryCode|String|Country code of the caller in case of an incoming call, or callee in case of an outgoing call. For details, see [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).|

-|userId|String|The unique identifier (GUID) of the user in Azure Active Directory. This and other user info will be null/empty for bot call types.|

-|userPrincipalName|String|The user principal name (sign-in name) in Azure Active Directory. This is usually the same as the user's SIP address, and can be same as the user's e-mail address.|

-The following is a JSON representation of the resource.

-This is an _open type_ that represents the set of feedback tokens provided by the user of this endpoint for the Session. This is a set of Boolean properties. The property names should not be relied upon since they may change depending on what tokens are offered to the user.

-Explicit property names will not be documented since the feedback token names can change, hence this is an [open type](/aspnet/web-api/overview/odata-support-in-aspnet-web-api/odata-v4/use-open-types-in-odata-v4).

-The following is a JSON representation of the resource.

-|operator|String|The telecommunications operator which provided PSTN services for this call. This may be Microsoft, or it may be a third-party operator via the [Operator Connect Program](https://techcommunity.microsoft.com/t5/microsoft-teams-blog/introducing-operator-connect-and-more-teams-calling-updates/ba-p/2176398).|

-|otherPartyCountryCode|String|Country code of the caller in case of an incoming call, or callee in case of an outgoing call. For details, see [ISO 3166-1 alpha-2](https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2).|

-The following is a JSON representation of the resource.

-[File attachments](chatmessageattachment.md) are not hosted content;

-they are stored in SharePoint or OneDrive.

-|contentBytes |Edm.Binary | Write-only. When posting new chat message hosted content, represents the bytes of the payload. These are represented as a base64Encoded string.|

-The following is a JSON representation of the resource.

-|body|[itemBody](../resources/itembody.md)|Body of the [chatMessage](../resources/chatmessage.md). This will still contain markers for @mentions and attachments even though the object does not return @mentions and attachments.|

-|eventDetail|[eventMessageDetail](../resources/eventmessagedetail.md)|Read-only. If present, represents details of an event that happened in a chat, a channel, or a team, for example, members were added, and so on. For event messages, the **messageType** property will be set to `systemEventMessage`.|

-The following is a JSON representation of the resource.

-description: "Represents a policy violation on a chat message. Policy violations are typically set by a data loss prevention (DLP) application."

-|userAction|**chatMessagePolicyViolationUserActionType**|Indicates the action taken by the user on a message blocked by the DLP provider. Supported values are: <li>None</li><li>Override</li><li>ReportFalsePositive</li>When the DLP provider is updating the message for blocking sensitive content, userAction is not required.|

-|verdictDetails|**chatMessagePolicyViolationVerdictDetailsType**|Indicates what actions the sender may take in response to the policy violation. Supported values are: <li>None</li><li>AllowFalsePositiveOverride -- Allows the sender to declare the policyViolation to be an error in the DLP app and its rules, and allow readers to see the message again if the dlpAction had hidden it.</li><li>AllowOverrideWithoutJustification -- Allows the sender to overriide the DLP violation and allow readers to see the message again if the dlpAction had hidden it, without needing to provide an explanation for doing so. </li><li>AllowOverrideWithJustification -- Allows the sender to overriide the DLP violation and allow readers to see the message again if the dlpAction had hidden it, after providing an explanation for doing so.</li>AllowOverrideWithoutJustification and AllowOverrideWithJustification are mutually exclusive.|

-The following is a JSON representation of the resource.

-|userId|String|The claim that provides the unique identifier for the signed-in user. It is a required propoerty.|

-|displayName|String|The claim that provides the display name or full name for the user. It is a required propoerty.|

-The following is a JSON representation of the resource.

-|[Get shift work access state](../api/cloudpc-getshiftworkcloudpcaccessstate.md)|[shiftWorkCloudPcAccessState](#shiftworkcloudpcaccessstate-values)|Get the access state of the shift work Cloud PC. The possible values are: {unassigned, noLicensesAvailable, activationFailed, active, activating, waitlisted, unknownFutureValue, standbyMode}. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value in this [shiftWorkCloudPcAccessState](#shiftworkcloudpcaccessstate-values): {standbyMode}.|

-|[Retry partner agent installation](../api/cloudpc-retrypartneragentinstallation.md)|None|Retry installation for the partner agents which failed to install on the [cloudPC](../resources/cloudpc.md).|

-|[Bulk resize](../api/cloudpc-retrypartneragentinstallation.md)|[cloudPcRemoteActionResult](../resources//cloudpcremoteactionresult.md) collection|Perform a bulk resize action to resize a group of [cloudPCs](../resources/cloudpc.md) that have successfully passed validation (cloudPC: validateBulkResize). If any devices cannot be resized, they will be labeled as "resize failed," while the remaining devices will be `provisioned` for the resize process.|

-|gracePeriodEndDateTime|DateTimeOffset|The date and time when the grace period ends and reprovisioning/deprovisioning happens. Required only if the status is `inGracePeriod`. The timestamp is shown in ISO 8601 format and Coordinated Universal Time (UTC). For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|

-|notAvailable|The Cloud PC is not provisioned, or is in a state where encryption is not available.|

-|notEncrypted|The Cloud PC should be encrypted, but the encryption is not done yet (reserved, should not happen).|

-|encryptedUsingPlatformManagedKey|The Cloud PC is encrypted using a platform managed key. This is the default value if the customer-managed key is not enabled.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-|resizePendingLicense|Indicates that the Cloud PC resize process has been initiated but cannot be completed because the target license hasn't been identified. It is currently awaiting customer action to resolve the licensing issue.|

-|unassigned|Set to unassigned if the Cloud PC is not consuming any shared-use licenses. The default value is unassigned.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-The following is a JSON representation of the resource.

-|isThirdPartyPartner|Boolean|Indicates if the partner agent is a third party. When 'TRUE', the agent is a third-party (non-Microsoft) agent. When 'FALSE', the agent is a Microsoft agent or is not known. The default value is 'FALSE'.|

-|retriable|Boolean|Indicates if the partner agent is a third party. When 'TRUE', the agent is a third-party (non-Microsoft) agent. When 'FALSE', the agent is a Microsoft agent or is not known. The default value is 'FALSE'.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-|uninstalling|The partner agent will automatically be removed. This occurs when there is no third-party-partner license but the third-party-partner agent was previously installed.|

-|licensed|The partner license was assigned to this Cloud PC, but the third-party partner agent is not yet installed.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-The following is a JSON representation of the resource.

-description: "Represents the validation result of a single resized Cloud PC during the bulk-resize action ."

-|cloudPcId|String|The [cloudPC](../resources/cloudpc.md) id that corresponds to its unique identifier.|

-|cloudPcNotFound|Indicates that the Cloud PC was not found.|

-|operationNotSupported|Indicates that the resize action is not supported for the Cloud PC.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-The following is a JSON representation of the resource.

-|userRestoreEnabled|Boolean|If `true`, the user has the ability to use snapshots to restore Cloud PCs. If `false`, non-admin users cannot use snapshots to restore the Cloud PC.|

-The following is a JSON representation of the resource.

-|regionGroup|[cloudPcRegionGroup](#cloudpcregiongroup-values)|The geographic group this region belongs to. Multiple regions can belong to one region group. For example, the `europeUnion` region group contains the Northern Europe and Western Europe regions. A customer can select a region group when provisioning a Cloud PC; however, the Cloud PC will be put under one of the regions under the group based on resource capacity. The region with more quota will be chosen. Possible values are: `default`, `australia`, `canada`, `usCentral`, `usEast`, `usWest`, `france`, `germany`, `europeUnion`, `unitedKingdom`, `japan`, `asia`, `india`, `southAmerica`, `euap`, `usGovernment`, `usGovernmentDOD`, `unknownFutureValue`, `norway`, `switzerland`，`southKorea`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `norway`, `switzerland`，`southKorea`. Read-only.|

-|supportedSolution|[cloudPcManagementService](../resources/cloudpconpremisesconnection.md#cloudpcmanagementservice-values)|The supported service or solution for the region. The possible values are: `windows365`, `devBox`, `unknownFutureValue`, `rpaBox`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `rpaBox`. Read-only.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |

-The following is a JSON representation of the resource.

-|unknownFutureValue| Evolvable enumeration sentinel value. Do not use. |

-The following is a JSON representation of the resource.

-When it is returned as a response to an action, the status indicates whether there will be subsequent notifications. If, for example, an operation with status of `completed` or `failed` is returned, there will not be any subsequent operation via the notification channel.

-If a `null` operation, or an operation with a status of `notStarted` or `running` is returned, subsequent updates will come via the notification channel.

-| id | String | The operation ID. Read-only. |

-The following is a JSON representation of the resource.

-| hidden | Boolean | True if the participant would not like to be shown in other participants' rosters. |

-The following is a JSON representation of the resource.

-description: "Represents the identity of a user whose underlying identity is not available to the application due to privacy restrictions."

-Represents the identity of a user whose underlying identity is not available to the application due to privacy restrictions. For example, in a group call, participants other than the one who invited a Skype Consumer user will not have access to the identity of that user in the call roster.

-The following is a JSON representation of the resource.

-| externalTenants | [conditionalAccessExternalTenants](conditionalaccessexternaltenants.md) | The tenant IDs of the selected types of external users. Either all B2B tenant or a collection of tenant IDs. External tenants can be specified only when the property **guestOrExternalUserTypes** is not `null` or an empty String. |

-| guestOrExternalUserTypes | conditionalAccessGuestOrExternalUserTypes | Indicates internal guests or external user types. This is a multi-valued property. Possible values are: `none`, `internalGuest`, `b2bCollaborationGuest`, `b2bCollaborationMember`, `b2bDirectConnectUser`, `otherExternalUser`, `serviceProvider`, `unknownFutureValue`. |

-The following is a JSON representation of the resource.

-| associatedHubsUrls | String collection | List of canonical URLs for hub sites with which this content type is associated to. This will contain all hubsites where this content type is queued to be enforced or is already enforced. Enforcing a content type means that the content type will be applied to the lists in the enforced sites.|

-| readOnly | Boolean | If `true`, the content type cannot be modified unless this value is first set to `false`.|

-| sealed | Boolean | If `true`, the content type cannot be modified by users or through push-down operations. Only site collection administrators can seal or unseal content types.|

-For more details, see [Introduction to content types and content type publishing][contentTypeIntro].

-The following is a JSON representation of a resource.

-|defaultDomainName|String|A copy of the customer tenant's default domain name. The copy is made when the partnership with the customer is established. It is not automatically updated if the customer tenant's default domain name changes.|

-|displayName|String|A copy of the customer tenant's display name. The copy is made when the partnership with the customer is established. It is not automatically updated if the customer tenant's display name changes.|

-|BreadthPartner|Partner has the ability to provide administrative support for this customer. However, the partner is not allowed to resell to the customer.|

-|ResellerPartner|Partner that is similar to a syndication partner, except that the partner doesnΓÇÖt have exclusive access to a tenant. In the syndication case, the customer cannot buy additional direct subscriptions from Microsoft or from other partners.|

-Here is a JSON representation of the resource.

-description: "Here is a JSON representation of the copyStatusModel resource."

-Here is a JSON representation of the resource.

-The type of token authentication used depends on the token security. If the token security value is normal, you will use the [azureAdTokenAuthentication](../resources/azureadtokenauthentication.md) resource type. If the value is Proof of Possession, you will use the [azureAdPopTokenAuthentication](../resources/azureAdPopTokenAuthentication.md) resource type.

-The following is a JSON representation of the resource.

-To read the **customExtensionStageSettings** objects on a policy, append `?$expand=customExtensionStageSettings` to a [GET accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-get.md) request. For example, `GET https://graph.microsoft.com/bet#example-2-retrieve-the-custom-extension-handlers-for-a-policy).

-To delete the **customExtensionStageSettings** objects from a policy, call the [Update accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-update.md) and specify the customExtensionHandlers property as an empty collection. For more details, see [Example 2: Remove the customExtensionStageSettings from a policy](../api/accesspackageassignmentpolicy-update.md#example-3-remove-the-customextensionstagesettings-from-a-policy).

-|customExtension|[customCalloutExtension](../resources/customcalloutextension.md)|Indicates the custom workflow extension that will be executed at this stage. Nullable. Supports `$expand`.|

-The following is a JSON representation of the resource.

-Here is a JSON representation of a **dateTimeColumn** resource.

-| **friendly** | Uses a friendly relative representation (eg. "today at 3:00 PM") |

-| **standard** | Uses the standard absolute representation (eg. "5/10/2017 3:20 PM") |

-| allowedToCreateApps | Boolean | Indicates whether the default user role can create applications. This setting corresponds to the _Users can register applications_ setting in the [User settings menu in the Azure portal](/azure/active-directory/fundamentals/users-default-permissions?context=graph%2Fcontext#restrict-member-users-default-permissions). |

-| allowedToCreateSecurityGroups | Boolean | Indicates whether the default user role can create security groups. This setting corresponds to the following menus in the Azure portal: <br/><li> _The Users can create security groups in Azure portals, API or PowerShell_ setting in the [Group settings menu](/azure/active-directory/enterprise-users/groups-self-service-management). <li> _Users can create security groups_ setting in the [User settings menu](/azure/active-directory/fundamentals/users-default-permissions?context=graph%2Fcontext#restrict-member-users-default-permissions). |

-| allowedToCreateTenants | Boolean | Indicates whether the default user role can create tenants. This setting corresponds to the _Restrict non-admin users from creating tenants_ setting in the [User settings menu in the Azure portal](/azure/active-directory/fundamentals/users-default-permissions?context=graph%2Fcontext#restrict-member-users-default-permissions).<br/><br/> When this setting is `false`, users assigned the [Tenant Creator](/azure/active-directory/roles/permissions-reference?context=graph%2Fcontext#tenant-creator) role can still create tenants. |

-|customer|[delegatedAdminRelationshipCustomerParticipant](../resources/delegatedadminrelationshipcustomerparticipant.md)|The display name and unique identifier of the customer of the relationship. This is configured either by the partner at the time the relationship is created or by the system after the customer approves the relationship. Cannot be changed by the customer.|

-|displayName|String|The display name of the relationship used for ease of identification. Must be unique across *all* delegated admin relationships of the partner. This is set by the partner only when the relationship is in the `created` status and cannot be changed by the customer.|

-|duration|Duration|The duration of the relationship in ISO 8601 format. Must be a value between `P1D` and `P2Y` inclusive. This is set by the partner only when the relationship is in the `created` status and cannot be changed by the customer.|

-| expired | The system completes the de-provisioning of the relationship. |

-| terminating | The system starts de-provisioning the relationship. |

-| terminated | The system has completed de-provisioning the relationship. |

-| unknownFutureValue | Evolvable enumeration sentinel value. Do not use. |

-The following is a JSON representation of the resource.

-| classification | permissionClassificationType | The classification value being given. Possible value: `low`. Does not support `$filter`. |

-| permissionId | Guid | The unique identifier (**id**) for the delegated permission listed in the **publishedPermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Required on create. Does not support `$filter`. |

-| permissionName | String | The claim value (**value**) for the delegated permission listed in the **publishedPermissionScopes** collection of the [servicePrincipal](servicePrincipal.md). Does not support `$filter`. |

-The following is a JSON representation of the resource.

-For more information about each setting, see [group (directory) settings](/graph/group-directory-settings).

-Disable any B2B guest user who is denied in an access review for 30 days, and then subsequently delete their account. This option does not contain any configuration options.

-The following is a JSON representation of the resource.

-Direct queries to this resource are not supported. Please see the [domain](domain.md) topic for information on how to query for domain service records.

-|supportedService|String| Microsoft Online Service or feature that has a dependency on this CNAME record.</br></br>Can be one of the following values: **null**, *Email*, *Sharepoint*, *EmailInternalRelayOnly*, *OfficeCommunicationsOnline*, *SharePointDefaultDomain*, *FullRedelegation*, *SharePointPublic*, *OrgIdAuthentication*, *Yammer*, *Intune*|

-Here is a JSON representation of the resource.

-description: "Represents a MX record added to the DNS zone file of a particular domain in the tenant."

-Represents a MX record added to the DNS zone file of a particular domain in the tenant. Inherited from [DomainDnsRecord](domaindnsrecord.md) entity.

-Direct queries to this resource are not supported. Please see the [domain](domain.md) topic for information on how to query for domain service records.

-|supportedService|String| Microsoft Online Service or feature that has a dependency on this MX record.</br></br>Can be one of the following values: **null**, *Email*, *Sharepoint*, *EmailInternalRelayOnly*, *OfficeCommunicationsOnline*, *SharePointDefaultDomain*, *FullRedelegation*, *SharePointPublic*, *OrgIdAuthentication*, *Yammer*, *Intune* |

-Here is a JSON representation of the resource.

-|recordType|String| Indicates what type of DNS record this entity represents.</br></br>The value can be one of the following: `CName`, `Mx`, `Srv`, `Txt`. |

-|supportedService|String| Microsoft Online Service or feature that has a dependency on this DNS record.</br></br>Can be one of the following values: `null`, `Email`, `Sharepoint`, `EmailInternalRelayOnly`, `OfficeCommunicationsOnline`, `SharePointDefaultDomain`, `FullRedelegation`, `SharePointPublic`, `OrgIdAuthentication`, `Yammer`, `Intune`.|

-Here is a JSON representation of the resource.

-Direct queries to this resource are not supported. Please see the [domain](domain.md) topic for information on how to query for domain service records.

-|supportedService|String| Microsoft Online Service or feature that has a dependency on this TXT record.</br></br>Can be one of the following values: **null**, *Email*, *Sharepoint*, *EmailInternalRelayOnly*, *OfficeCommunicationsOnline*, *SharePointDefaultDomain*, *FullRedelegation*, *SharePointPublic*, *OrgIdAuthentication*, *Yammer*, *Intune* |

-Here is a JSON representation of the resource.

-description: "The domainIdentitySource type identifies a non-tenant domain as an identity source for a connected organization."

-When [creating a new connectedOrganization](../api/entitlementmanagement-post-connectedorganizations.md), if the caller provides in the identitySources collection a domainIdentitySource and the domain corresponds to a registered domain of an Azure Active Directory tenant, then the resulting connectedOrganization that is created will have an identitySources collection containing a single member of the [azureActiveDirectoryTenant](azureactivedirectorytenant.md) type.

-The following is a JSON representation of the type.

-| isDowngradeJustified | Boolean | Indicates whether the downgrade is or is not justified. |

-| justificationMessage | String | Message that indicates why a downgrade is justified. The message will appear in administrative logs. |

-The following is a JSON representation of the resource.

-description: "The driveItem resource represents a file, folder, or other item stored in a drive."

-The **driveItem** resource represents a file, folder, or other item stored in a drive.

->**Note:** In OneDrive for Business or SharePoint document libraries, the **cTag** property is not returned, if the **driveItem** has a [folder][] facet.

-| createdBy | [identitySet][] | Identity of the user, device, and application which created the item. Read-only.

-| cTag | String | An eTag for the content of the item. This eTag is not changed if only the metadata is changed. **Note** This property is not returned if the item is a folder. Read-only.

-| lastModifiedBy | [identitySet][] | Identity of the user, device, and application which last modified the item. Read-only.

-| publication | [publicationFacet][] | Provides information about the published or checked-out state of an item, in locations that support such actions. This property is not returned by default. Read-only. |

-| workbook | [workbook][] | For files that are Excel spreadsheets, accesses the workbook API to work with the spreadsheet's contents. Nullable.

-These properties are temporary and either a) define behavior the service should perform or b) provide short-term property values, like a download URL for an item that expires.

-| @microsoft.graph.conflictBehavior | string | The conflict resolution behavior for actions that create a new item. You can use the values *fail*, *replace*, or *rename*. The default for PUT is *replace*. An item will never be returned with this annotation. Write-only.

-| @microsoft.graph.downloadUrl | string | A URL that can be used to download this file's content. Authentication is not required with this URL. Read-only.

-| @microsoft.graph.sourceUrl | string | When issuing a PUT request, this instance annotation can be used to instruct the service to download the contents of the URL, and store it as the file. Write-only.

-The URL will only be available for a short period of time (1 hour) before it is invalidated.

-Here is a JSON representation of a **driveItem** resource.

-|blocked|Boolean|Specifies that entries cannot be posted to the G/L account. `True` indicates that the account is blocked and posting is not allowed.|

-The following is a JSON representation of the resource.

-|contactId|String|The exchange contact id for the given customer. If a customer id is not specified, we will use the contact id to find it. Maximum supported size is 250 characters.|

-A customer payment is a subpage of a customer payment journal. It cannot be accessed directly.

-The following is a JSON representation of the resource.

-|displayName |string |Specifies the dimension's name. This name will appear where the dimension is used.|

-Here is a JSON representation of the resource.

-|displayName |string |Specifies the dimension value's name. This name will appear where the dimension value is used.|

-Here is a JSON representation of the resource.

-|id |GUID |The unique ID of the item. Non-editable. |

-|blocked |boolean |Specifies that transactions with the item cannot be posted, for example, because the item is in quarantine. Set to **true**, if item is blocked.|

-|gtin |numeric |This is the Global Trade Item Number. |

-Here is a JSON representation of the resource.

-description: "Represents a category for a number of items in Dynamics 365 Business Central."

-Represents a category for a number of items in Dynamics 365 Business Central.

-|id |String |The unique ID of the item category. Non-editable.|

-The following is a JSON representation of the resource.

-The journal resource type offers a bound action called `post` which posts the corresponding general journal batch.

-Here is a JSON representation of the resource.

-|calculateDiscountOnCreditMemos|Boolean |Specifies whether the discount should be applied to credit memos. `True` indicates a discount will be given; `false`* indicates a discount will not be given.|

-The following is a JSON representation of the resource.

-|id|String|The unique identifier of the **shipmentMethod**. Non-editable.|

-The following is a JSON representation of the resource.

-|id|GUID|The unique ID of the unitsOfMeasure. Non-editable.|

-|internationalStandardCode|string|Specifies the unit of measure code expressed according to the UNECE Rec20 standard in connection with electronic sending of sales documents.|

-Here is a JSON representation of the **unitsOfMeasure** resource.

-description: "Contains ettings for an eDiscovery case."

-|topicModeling|[microsoft.graph.ediscovery.topicModelingSettings](../resources/ediscovery-topicmodelingsettings.md)|The Topic Modeling (Themes) settings for the case.|

-The following is a JSON representation of the resource.

-|displayName|String|The display name of the **dataSource**. This will be the name of the SharePoint site.|

-|id|String| The ID of the **dataSource**. This is not the ID of the actual site.|

-The following is a JSON representation of the resource.

-description: "Non-custodial data sources lets you add data to a case without having to associate it to a custodian"

-Non-custodial data sources let you add data to a case without having to associate it to a custodian. To learn more, visit [Add non-custodial data sources to an Advanced eDiscovery case

-|[Release dataSource](../api/ediscovery-noncustodialdatasource-release.md)|None|Releases a non-custodial data source.|

-|applyHoldToSource|Boolean|Indicates if hold is applied to non-custodial data source (such as mailbox or site).|

-|dataSource|[microsoft.graph.ediscovery.dataSource](../resources/ediscovery-datasource.md)|User source or SharePoint site data source as non-custodial data source.|

-The following is a JSON representation of the resource.

-description: "Topic modeling settings for an eDiscovery case"

-Topic modeling (Themes) settings for an eDiscovery case. To learn more, see [Configure search and analytics settings in Advanced eDiscovery](/microsoft-365/compliance/configure-search-and-analytics-settings-in-advanced-ediscovery).

-|isEnabled|Boolean|Indicates whether themes is enabled for the case.|

-The following is a JSON representation of the resource.

-description: "Represents how an assignment will be graded. This is used within the **assignments.grading** property."

-Represents how an assignment will be graded. This is used within the **assignments.grading** property.

-This superclass can not be used directly in the assignment property. It exists to allow for multiple different ways to grade assignments.

-be copied to the student submission. If the object is not copied, each student will see a link to the resource on the assignment. The student will not be able to update this resource. This is a handout from the teacher to the student with nothing to be turned in. If the resource is distributed, each student

-will receive a copy of this resource in the resource list of their submission. Each student will be able to modify their copy and submit it for grading.

-The following is a JSON representation of the resource.

-|submissionAnimationDisabled|Boolean|Indicates whether turn-in celebration animation will be shown. If `true`, the animation will not be shown. The default value is `false`.|

-The following is a JSON representation of the resource.

-description: "A subclass of educationResource. This resource is a link and does not have any additional data associated with it."

-A subclass of [educationResource](educationresource.md). This resource is a link and does not have any additional data associated with it.

-|createdDateTime|DateTimeOffset|Date time the resoruce was added.|

-The following is a JSON representation of the resource.

-A wrapper object that stores the resources associated with a module. The student will not be able to update this resource. This is a handout from the teacher to the student with nothing to be turned in.

-The following is a JSON representation of the resource.

-A wrapper around a resource for use on a submission. The wrapper adds a pointer to the assignment resource if this was copied from the assignment.

-|assignmentResourceUrl|String|Pointer to the assignment from which this resource was copied. If this is null, the student uploaded the resource.|

-The following is a JSON representation of the resource.

-description: "A term. This represents a designated portion of the academic year. It is used within educationClass."

-A term. This represents a designated portion of the academic year. It is used within [educationClass](educationclass.md).

-The following is a JSON representation of the resource.

-| externalSourceDetail | String | The name of the external source this resources was generated from. |

-| mailingAddress | [physicalAddress] | Mail address of user. Note: `type` and `postOfficeBox` are not supported for `educationUser` resources. |

-| onPremisesInfo | [educationOnPremisesInfo] | Additional information used to associate the AAD user with it's Active Directory counterpart. |

-| passwordPolicies | String | Specifies password policies for the user. See standard [user] resource for additional details. |

-| passwordProfile | [passwordProfile] | Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. See standard [user] resource for additional details. |

-| residenceAddress | [physicalAddress] | Address where user lives. Note: `type` and `postOfficeBox` are not supported for `educationUser` resources. |

-| student | [educationStudent] | If the primary role is student, this block will contain student specific data. |

-The following is a JSON representation of the resource.

-Represents this tenant's email OTP authentication methods policy. Authentication methods policies define configuration settings and users or groups who are enabled to use the authentication method. Email OTP may be used by the tenant's cloud-native users for self-service password reset, or by external users for authentication during invitation redemption and self-service sign-up for specific apps in user flows.

-|allowExternalIdToUseEmailOtp|externalEmailOtpState|Determines whether email OTP is usable by external users for authentication. Possible values are: `default`, `enabled`, `disabled`, `unknownFutureValue`. Tenants in the `default` state who did not use public preview will automatically have email OTP enabled beginning in October 2021.|

-The following is a JSON representation of the resource.

-|isExternalSender|Boolean|Indicates whether the sender is not from the user's organization.|

-The following is a JSON representation of the resource.

-The following is a JSON representation of the resource.

-Here is a JSON representation of the resource

-See the methods of the derived type [openTypeExtension](opentypeextension.md) for actually supported methods.

-| id | String | The unique ID of the member. It would be the objectId in case of Azure Active Directory users or groups and the **id** property of the **externalGroup** in case of external groups. |

-The following is a JSON representation of the resource.

-| id | String | The unique ID of the identity. It would be the objectId property in case of Azure Active Directory (Azure AD) users or groups and the **id** property of the **externalGroup** in the case of external groups. |

-The following is a JSON representation of the resource.

-Configuration to require specific FIDO2 key types in an authentication strength. An administrator may use this entity to specify which Authenticator Attesttation GUIDs (AAGUIDs) are allowed to be used, as part of certain authentication method combinations, in an [authentication strength](authenticationstrengthpolicy.md).

-The following is a JSON representation of the resource.

-If a [**DriveItem**](driveitem.md) has a non-null **file** facet, the item represents an file.

-In addition to other properties, files have a **content** relationship which contains the byte stream of the file.

-Here is a JSON representation of the resource.

-|contentLocation|String|Do not use this property as it is not supported.|

-|name|String|The name representing the text that is displayed below the icon representing the embedded attachment.This does not need to be the actual file name.|

-The following is a JSON representation of the resource.

-|dueDateTime|**dateTimeTimeZone**|The date and time that the follow up is to be finished. **Note**: To set the due date, you must also specify the `startDateTime`; otherwise, you will get a `400 Bad Request` response.|

-Here is a JSON representation of the resource

-description: "Represents resources that could be managed by Privileged Identity Management (PIM). For Azure resources, it can be a subscription, a resource group, and a resource such as a virtual machine, a SQL database, etc."

-Represents resources that could be managed by Privileged Identity Management (PIM). For Azure resources, it can be a subscription, a resource group, and a resource such as a virtual machine, a SQL database, etc.

-|roleAssignmentCount|Int32 |Optional. The number of role assignments for the given resource. To get the property, please explictly use `$select=roleAssignmentCount` in the query.|

-|roleDefinitionCount|Int32 |Optional. The number of role definitions for the given resource. To get the property, please explictly use `$select=roleDefinitionCount` in the query.|

-|permissions|[governancePermission](../resources/governancepermission.md) |Optional. It represents the status of the requestor's access to the resource.To get the property, please explictly use `$select=permissions` in the query.|

-|roleDefinitions |[governanceRoleDefinition](../resources/governanceroledefinition.md) collection|The collection of role defintions for the resource.|

-The following is a JSON representation of the resource.

-description: "Indicates whether writeback of cloud groups to on-premise Active Directory is enabled and the target group type for the on-premise group."

-Indicates whether writeback of cloud groups to on-premise Active Directory is enabled and the target group type for the on-premise group.

- By default, all Azure AD security groups are not writeback enabled. For Microsoft 365 groups, the default settings that are defined by the properties of this resource can be overwritten by the `NewUnifiedgroupWritebackDefault` [directory setting object](directorysetting.md).

-|isEnabled|Boolean|Indicates whether writeback of cloud groups to on-premise Active Directory is enabled. Nullable. Default value is `true` for Microsoft 365 groups and `false` for security groups. Inherited from [writebackConfiguration](../resources/writebackconfiguration.md).|

-|onPremisesGroupType|String|Indicates the target on-premise group type the cloud object will be written back as. Nullable. The possible values are: `universalDistributionGroup`, `universalSecurityGroup`, `universalMailEnabledSecurityGroup`.<ol><li>If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: `universalDistributionGroup`, `universalSecurityGroup`, `universalMailEnabledSecurityGroup`. </li><li>Azure AD security groups can be written back as `universalSecurityGroup`. </li><li>If **isEnabled** or the `NewUnifiedGroupWritebackDefault` [group setting](directorysetting.md) is `true` but this property is not explicitly configured: <ul><li>Microsoft 365 groups will be written back as `universalDistributionGroup` by default</li></ul><ul><li>Security groups will be written back as `universalSecurityGroup` by default</li></ul>|

-The following is a JSON representation of the resource.

-description: "Represents a Hardware OATH authentication methods policy."

-doc_type: resourcePageType

-# hardwareOathAuthenticationMethodConfiguration resource type

-Namespace: microsoft.graph

-Represents a Hardware OATH authentication method policy. Authentication method policies define configuration settings and users or groups that are enabled to use the authentication method.

-Inherits from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).

-## Methods

-|Method|Return type|Description|

-|:|:|:|

-|[Get hardwareOathAuthenticationMethodConfiguration](../api/hardwareoathauthenticationmethodconfiguration-get.md)|[hardwareOathAuthenticationMethodConfiguration](../resources/hardwareoathauthenticationmethodconfiguration.md)|Read the properties and relationships of a [hardwareOathAuthenticationMethodConfiguration](../resources/hardwareoathauthenticationmethodconfiguration.md) object.|

-|[Update hardwareOathAuthenticationMethodConfiguration](../api/hardwareoathauthenticationmethodconfiguration-update.md)|[hardwareOathAuthenticationMethodConfiguration](../resources/hardwareoathauthenticationmethodconfiguration.md)|Update the properties of a [hardwareOathAuthenticationMethodConfiguration](../resources/hardwareoathauthenticationmethodconfiguration.md) object.|

-|[Delete hardwareOathAuthenticationMethodConfiguration](../api/hardwareoathauthenticationmethodconfiguration-delete.md)|None|Reverts the hardwareOathAuthenticationMethodConfiguration object to its default configuration.|

-## Properties

-|Property|Type|Description|

-|:|:|:|

-|excludeTargets|[excludeTarget](../resources/excludetarget.md) collection|Groups of users that are excluded from the policy. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|

-|id|String|The authentication method policy identifier. Inherited from [entity](../resources/entity.md).|

-|state|authenticationMethodState|Possible values are: `enabled`, `disabled`. Inherited from [authenticationMethodConfiguration](../resources/authenticationmethodconfiguration.md).|

-## Relationships

-|Relationship|Type|Description|

-|:|:|:|

-|includeTargets|[authenticationMethodTarget](../resources/authenticationmethodtarget.md) collection|A collection of groups that are enabled to use the authentication method. Expanded by default.|

-## JSON representation

-The following is a JSON representation of the resource.

-<!-- {

- "blockType": "resource",

- "keyProperty": "id",

- "@odata.type": "microsoft.graph.hardwareOathAuthenticationMethodConfiguration",

- "baseType": "microsoft.graph.authenticationMethodConfiguration",

- "openType": false

-}

-``` json

-{

- "@odata.type": "#microsoft.graph.hardwareOathAuthenticationMethodConfiguration",

- "id": "String (identifier)",

- "state": "String",

- "excludeTargets": [

- {

- "@odata.type": "microsoft.graph.excludeTarget"

- }

- ]

-}

-```

-description: " > **Important:** APIs under the /beta version in Microsoft Graph are in preview and are subject to change. Use of these APIs in production applications is not supported."

-|os|String|Host Operating System. (For example, Windows10, MacOS, RHEL, etc.).|

-The following is a JSON representation of the resource.

-2) Tenant administrator can configure an update window(start and end time) during which the agents can recive updates.

-3) Tenant administrator can enable allowUpdateConfigurationOverride which overrides the updater configutration for Provisioning agents and alows them to receive the next available update.

-The DateTime/Time information specified in the updater configuration will be converted to the local timezone reported by the agent during evaluvation.

-The update of the agent will follow the below priority list

-2) If the defer update is set, the agent will not be updated until the defer update date time (priority 2).

-3) If the update window is set, the agent will be updated only during that time window in a 24 hour day (priority 3).

-The following is a JSON representation of the resource.

-description: "Represents a built-in user flow attribute in Azure Active Directory tenants that can be used in self-service sign-up user flows."

-Represents a built-in user flow attribute in Azure Active Directory tenants that can be used in your self-service sign-up user flows. These attributes cannot be modified and are read-only.

-|id|String|The identifier of the user flow attribute. This is a read-only attribute that is automatically created. Inherited from [identityUserFlowAttribute](../resources/identityuserflowattribute.md)|

-|userFlowAttributeType|identityUserFlowAttributeType|The type of the user flow attribute. This is a read-only attribute that is automatically set. The value for this property will be `builtIn`. Inherited from [identityUserFlowAttribute](../resources/identityuserflowattribute.md). Read-only.|

-|dataType|identityUserFlowAttributeDataType|The data type of the user flow attribute. This cannot be modified after the custom user flow attribute is created. The supported values for **dataType** are: `string` , `boolean` , `int64` , `stringCollection` , `dateTime`. Inherited from [identityUserFlowAttribute](../resources/identityuserflowattribute.md). Read-only.|

-The following is a JSON representation of the resource.

-description: "Represents a custom user flow attribute in Azure Active Directory tenants that can be used in your self-service sign-up user flows."

-Represents a custom user flow attribute in Azure Active Directory tenants that can be used in your self-service sign-up user flows. These attributes cannot be modified and are read-only.

-|dataType|identityUserFlowAttributeDataType|The data type of the user flow attribute. This cannot be modified after the custom user flow attribute is created. The supported values for **dataType** are: `string` , `boolean` , `int64` , `stringCollection` , `dateTime`. Inherited from [identityUserFlowAttribute](../resources/identityuserflowattribute.md).|

-The following is a JSON representation of the resource.

-Access reviews are a form of auditing the effectiveness of the organizationΓÇÖs internal controls. For more information, see the [overview of access reviews](/graph/api/resources/accessreviewsv2-overview).

-Every organization has its terms and conditions that users may need to abide by before they can access the organizationΓÇÖs resources. You can define and enforce these terms and conditions through Azure AD Terms of Use.

-## Identity governance and Zero Trust

-With identities being the common denominator when considering the security of your data, identity governance APIs in Microsoft Graph help your organization to achieve the [Identity Zero Trust deployment objectives](#see-also).

-+ [Securing identity with Zero Trust](/security/zero-trust/deploy/identity#iv-identities-and-access-privileges-are-managed-with-identity-governance)

-|isEnabled|Boolean|Whether the workflow is enabled or disabled. If this setting is `true`, the workflow can be run on demand or on schedule when **isSchedulingEnabled** is `true`.|

-|isSchedulingEnabled|Boolean|If `true`, the Lifecycle Workflow engine executes the workflow based on the schedule defined by tenant settings. Cannot be `true` for a disabled workflow (where **isEnabled** is `false`).|

-The following is a JSON representation of the resource.

-This is an abstract type that represents the workflow execution trigger when the [workflow runs on schedule](../resources/identitygovernance-triggerandscopebasedconditions.md). It is inherited by the following derived types:

-The following is a JSON representation of the resource.

-description: "Represents user flow attributes in an Azure Active Directory tenant and an Azure AD B2C tenant."

-Represents user flow attributes in an Azure Active Directory (Azure AD) tenant and an Azure AD B2C tenant.

-Configuring user flow attributes in your Azure AD or Azure AD B2C tenant allows you to collect information about a user during sign-up. You can choose to collect a built-in set of attribute; for example, Given Name, Surname, City, and Postal Code. You can also configure custom user flow attributes to collect information from a user that is not built in to the directory. Custom user flow attributes are an abstraction over [Azure Active Directory schema extensions](/azure/active-directory/develop/active-directory-schema-extensions).

-|id|String|The identifier of the user flow attribute. This is a read-only attribute that is automatically created.|

-|displayName|String|The display name of the user flow attribute.|

-|userFlowAttributeType|identityUserFlowAttributeType|The type of the user flow attribute. This is a read-only attribute that is automatically set. Depending on the type of attribute, the values for this property will be `builtIn`, `custom`, or `required`.|

-|dataType|identityUserFlowAttributeDataType|The data type of the user flow attribute. This cannot be modified after the custom user flow attribute is created. The supported values for **dataType** are: `string` , `boolean` , `int64` , `stringCollection` , `dateTime`.|

-description: "Here is a JSON representation of the importStatusModel resource."

-Here is a JSON representation of the resource.

-The properties within may provide information about why there is incomplete data.

-| missingDataBeforeDateTime | DateTimeOffset | The service does not have source data before the specified time.

-| wasThrottled | Boolean | Some data was not recorded due to excessive activity.

-description: "An insight representing documents used by a specific user. The insights returns the most relevant documents that a user viewed or modified."

-An insight representing documents used by a specific user. The insights returns the most relevant documents that a user viewed or modified. This includes documents in:

-Here is a JSON representation of the resource

-description: "Represents the details of an alert incident that is triggered if the current tenant does not have a valid Azure AD Premium P2 license."

-Represents the details of an alert incident that is triggered if the current tenant does not have a valid Azure AD Premium P2 license.

-The following is a JSON representation of the resource.

-* The invited user clicks on the invitation link, signs in and redeems the invitation and creation of the user entity representing the invited user completes

-Creating an invitation will return a redemption URL in the response (*inviteRedeemUrl*). The create invitation API can automatically send an email containing the redemption URL to the invited user, by setting the *sendInvitationMessage* to true. You can also customize the message that will be sent to the invited user. Instead, if you wish to send the redemption URL through some other means, you can set the *sendInvitationMessage* to false and use the redeem URL from the response to craft your own communication. Currently, there is no API to perform the redemption process. The invited user has to click on the *inviteRedeemUrl* link sent in the communication in the step above, and go through the interactive redemption process in a browser. Once completed, the invited user becomes an external user in the organization.

-|invitedUserEmailAddress|String|The email address of the user being invited. Required. The following special characters are not permitted in the email address:<br><ul><li>Tilde (~)</li><li>Exclamation point (`!`)</li><li>At sign (`@`)</li><li>Number sign (`#`)</li><li>Dollar sign (`$`)</li><li>Percent (`%`)</li><li>Circumflex (`^`)</li><li>Ampersand (`&`)</li><li>Asterisk (`*`)</li><li>Parentheses (`( )`)</li><li>Hyphen (`-`)</li><li>Plus sign (`+`)</li><li>Equal sign (`=`)</li><li>Brackets (`[ ]`)</li><li>Braces (`{ }`)</li><li>Backslash (`\`)</li><li>Slash mark (`/`)</li><li>Pipe (`|`)</li><li>Semicolon (`;`)</li><li>Colon (`:`)</li><li>Quotation marks (`"`)</li><li>Angle brackets (`< >`)</li><li>Question mark (`?`)</li><li>Comma (`,`)</li></ul><br>However, the following exceptions apply:<br><ul><li>A period (`.`) or a hyphen (`-`) is permitted anywhere in the user name, except at the beginning or end of the name.</li><li>An underscore (`_`) is permitted anywhere in the user name. This includes at the beginning or end of the name.</li></ul>|

-|invitedUserType|String|The userType of the user being invited. By default, this is `Guest`. You can invite as `Member` if you're are company administrator. The default is `false`. |

-Here is a JSON representation of the resource

-|ccRecipients|[recipient](recipient.md) collection|Additional recipients the invitation message should be sent to. Currently only 1 additional recipient is supported.|

-Here is a JSON representation of the resource

-The following is a JSON representation of the resource.

-The following is a JSON representation of the resource.

-description: "Key credential configuration complex type to configure key credential restriction, maxLifetime, and enforcement date"

-Key credential configuration object that contains properties to configure restrictions such as restricting the lifetime of key secrets.

-| restrictionType | appKeyCredentialRestrictionType | The type of restriction being applied. Possible values are `asymmetricKeyLifetime`, `unknownFutureValue`. Each value of restrictionType can be used only once per policy. |

- "restrictionType": {

- "@odata.type": "microsoft.graph.appKeyCredentialRestrictionType"

- },

- "restrictForAppsCreatedAfterDateTime": "DateTimeOffset"

-description: "Provides additional relevant information about the sign-in request"

-Provides additional authentication processing information, such as the server name and the presence of hints for sign in and domain.

-| Attribute_Generic_ConfirmationLabel | Re-enter |

-| Attribute_Password_MismatchErrorString | Passwords do not match. |

-The following is a JSON representation of the resource.

-description: "The **licenseAssignmentStates** property of the user entity is a collection of **licenseAssignmentState**. It provides details about license assignments to a user. The details includes information like: "

-The **licenseAssignmentStates** property of the [user](user.md) entity is a collection of **licenseAssignmentState**. It provides details about license assignments to a user. The details includes information like:

-|error|String|License assignment failure error. If the license is assigned successfully, this field will be Null. Read-Only. The possible values are `CountViolation`, `MutuallyExclusiveViolation`, `DependencyViolation`, `ProhibitedInUsageLocationViolation`, `UniquenessViolation`, and `Other`. For more information on how to identify and resolve license assignment errors see [here](/azure/active-directory/users-groups-roles/licensing-groups-resolve-problems).|

-Here is a JSON representation of the resource

-| lockedOut | Int32 | The number of units that are locked out because the customer cancelled their subscription of the service SKU. |

-| suspended | Int32 | The number of units that are suspended because the subscription of the service SKU has been cancelled. The units cannot be assigned but can still be reactivated before they are deleted. |

-| warning | Int32 | The number of units that are in warning status. When the subscription of the service SKU has expired, the customer has a grace period to renew their subscription before it is cancelled (moved to a `suspended` state). |

-The following is a JSON representation of the resource.

-| layoutTemplateType | layoutTemplateType | Represents the layout template to be displayed on the login page for a tenant. The possible values are <ul><li> `default` - Represents the default Microsoft layout with a centered lightbox. <li> `verticalSplit` - Represents a layout with a backgound on the left side and a full-height lightbox to the right. <li> `unknownFutureValue` - Evolvable enumeration sentinel value. Do not use. </ul> |

-The following is a JSON representation of the resource.

-|activity|String|A string which uniquely represents the operation that occurred. Required. Read-only.|

-|activityDateTime|DateTimeOffset|The time when the activity ocurred. Required. Read-only.|

-|category|String|A category which represents a logical grouping of activities. Required. Read-only.|

-|tenantIds|String|The collection of Azure Active Directory tenant identifiers for the [managed tenants](../resources/managedtenants-tenant.md) that were impacted by this change. This is formatted as a list of comma-separated values. Required. Read-only.|

-|tenantNames|String|The collection of tenant names that were impacted by this change. This is formatted as a list of comma-separated values. Required. Read-only.|

-The following is a JSON representation of the resource.

-|notManaged|The device is not managed by Microsoft Managed Desktop.|

-|premiumManaged|The device is managed by Microsoft Managed Desktop premium plan.|

-|standardManaged|The device is managed by Microsoft Managed Desktop standard plan.|

-|starterManaged|The device is managed by Microsoft Managed Desktop starter plan.|

-|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|

-The following is a JSON representation of the resource.

-|targetType|authenticationMethodTargetType| Possible values are: `group`, and `unknownFutureValue`. From December 2022, targeting individual users using `user` is no longer recommended. Existing targets will remain but we recommend to move the individual users to a targeted group. Inherited from [authenticationMethodTarget](authenticationMethodTarget.md).|

-|displayAppInformationRequiredState (deprecated)|advancedConfigState|Determines whether the user is shown additional context in their Authenticator app notification. In the body of the Authenticator notification, the user will be shown the app they are signing into along with the location that the authentication request originated from. Possible values are: `enabled`, `disabled`, `default`.|

-The following is a JSON representation of the resource.

-|[Post](../api/multivaluelegacyextendedproperty-post-multivalueextendedproperties.md) | A supported resource instance: [message](../resources/message.md), [mailFolder](../resources/mailfolder.md), [event](../resources/event.md), [calendar](../resources/calendar.md), [contact](../resources/contact.md), [contactFolder](../resources/contactfolder.md), [Outlook task](../resources/outlooktask.md), or [Outlook task folder](../resources/outlooktaskfolder.md). Note that group [post](../resources/post.md) is not supported. | Create a **multiValueLegacyExtendedProperty** in a new or existing instance of a supported resource. |

-Here is a JSON representation of the resource.

-description: "Conditional access settings defines how you can restore users source IP and how you can use compliant network validation to ensure that the user is connecting from a verified network."

-Conditional access settings defines how you can restore users source IP and how you can use compliant network validation. Source IP restoration preserves your original user IP context for all AAD and M365 traffic, and compliant network validation ensures the user is connecting from a verified network.

-|signalingStatus|microsoft.graph.networkaccess.status|When SignalingStatus is enabled, the Conditional Access policy includes zero trust network access information.The possible values are: `enabled`, `disabled`.|

-The following is a JSON representation of the resource.

-|branches|[microsoft.graph.networkaccess.branchSite](../resources/networkaccess-branchsite.md) collection|Branch represent locations for connectivity.|

-The following is a JSON representation of the resource.

-description: "A forwarding policy defines the specific traffic that is routed through the Global Secure Access services. It is then added to a forwarding profile."

-A forwarding policy defines the specific traffic that is routed through the Gloval Secure Access services. It is then added to a [forwarding profile](networkaccess-forwardingprofile.md).

-The following is a JSON representation of the resource.

-description: "Represnts network connections that are routed through the Global Secure Access services."

-Represnts network connections that are routed through the Global Secure Access services.

-The following is a JSON representation of the resource.

-|category|microsoft.graph.networkaccess.forwardingCategory|Defines the category of Office 365 traffic used by a forwarding rule for M365 traffic (e.g., optimized traffic) .The possible values are: `default`, `optimized`, `allow`.|

-|id|String|Identifier. Inherited from [microsoft.graph.entity](../resources/entity.md).|

-|ports|String collection|The port(s) used by a forwarding rule for M365 traffic are specified to determine the specific network port(s) through which the Microsoft 365 traffic is directed and forwarded.|

-|protocol|microsoft.graph.networkaccess.networkingProtocol|Defines the networking protocol type used by a forwarding rule for M365 traffic .The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`|

-|ruleType|microsoft.graph.networkaccess.networkDestinationType|Destination Type. Inherited from [microsoft.graph.networkaccess.forwardingRule](../resources/networkaccess-forwardingrule.md).The possible values are: `url`, `fqdn`, `ipAddress`, `ipRange`, `ipSubnet`, `webCategory`.|

-The following is a JSON representation of the resource.

-|state|microsoft.graph.networkaccess.status|Profile state.The possible values are: `enabled`, `disabled`.|

-The following is a JSON representation of the resource.

-|onboardingErrorMessage|String|Reflects a message to the user in case of an error.|

-The following is a JSON representation of the resource.

-description: "Specifies connectivity settings such as protocol, IPSec policy, and presharked key) for establishing connectivity."

-Specifies connectivity settings such as protocol, IPSec policy, and presharked key) for establishing connectivity.

-The following is a JSON representation of the resource.

-|description|String|Description of the NIC (e.g. Ethernet adapter, Wireless LAN adapter Local Area Connection, and so on).|

-|ipV6Address|String|Last Public (aka global) IPv6 address associated with this NIC.|

-The following is a JSON representation of the resource.

-description: "Represents an alert configuration that is triggered if roles do not require multi-factor authentication for activation."

-Represents an alert configuration that is triggered if roles do not require multi-factor authentication for activation. Without multi-factor authentication, privileged roles can be activated more easily by compromised users.

-The following is a JSON representation of the resource.

-description: "Represents the details of an alert incident that is triggered if roles do not require multi-factor authentication for activation."

-Represents the details of an alert incident that is triggered if roles do not require multi-factor authentication for activation.

-The following is a JSON representation of the resource.

-|signInType|String| Specifies the user sign-in types in your directory, such as `emailAddress`, `userName`, `federated`, or `userPrincipalName`. `federated` represents a unique identifier for a user from an issuer, that can be in any format chosen by the issuer. Setting or updating a `userPrincipalName` identity will update the value of the **userPrincipalName** property on the user object. The validations performed on the `userPrincipalName` property on the user object, for example, verified domains and acceptable characters, will be performed when setting or updating a `userPrincipalName` identity. Additional validation is enforced on **issuerAssignedId** when the sign-in type is set to `emailAddress` or `userName`. This property can also be set to any custom string.|

-|issuer|string|Specifies the issuer of the identity, for example `facebook.com`.<br>For local accounts (where **signInType** is not `federated`), this property is the local B2C tenant default domain name, for example `contoso.onmicrosoft.com`.<br>For external users from other Azure AD organization, this will be the domain of the federated organization, for example `contoso.com`.<br><br>Supports `$filter`. 512 character limit.|

-The following is a JSON representation of the resource.

-In future, this type will be merged with [identity](identity.md)

-Here is a JSON representation of the resource.