+To remove the collection of **customExtensionStageSettings** and their associated custom workflow extension objects from a policy, assign an empty collection to the **customExtensionStageSettings** object.

+### Example 4: Update the customExtensionStageSettings for a policy

+The following example shows how to update a policy to include a custom extension.

+#### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_accesspackageassignmentpolicy_updating_customExtensionStageSettings"

+}

+-->

+```http

+PUT https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackageAssignmentPolicies/f9afd2e3-7486-40df-9c35-aa2ae108c495

+Content-Type: application/json

+{

+ "displayName": "API Created policy with updated customExtensionStageSettings",

+ "description": "policy with updated customExtensionStageSettings",

+ "allowedTargetScope": "notSpecified",

+ "specificAllowedTargets": [],

+ "expiration": {

+ "endDateTime": null,

+ "duration": null,

+ "type": "noExpiration"

+ },

+ "requestorSettings": {

+ "enableTargetsToSelfAddAccess": false,

+ "enableTargetsToSelfUpdateAccess": false,

+ "enableTargetsToSelfRemoveAccess": false,

+ "allowCustomAssignmentSchedule": true,

+ "enableOnBehalfRequestorsToAddAccess": false,

+ "enableOnBehalfRequestorsToUpdateAccess": false,

+ "enableOnBehalfRequestorsToRemoveAccess": false,

+ "onBehalfRequestors": []

+ },

+ "requestApprovalSettings": {

+ "isApprovalRequiredForAdd": false,

+ "isApprovalRequiredForUpdate": false,

+ "stages": []

+ },

+ "accessPackage": {

+ "id": "f9afd2e3-7486-40df-9c35-aa2ae108c495"

+ },

+ "customExtensionStageSettings": [

+ {

+ "stage": "assignmentRequestCreated",

+ "customExtension": {

+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",

+ "id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"

+ }

+ }

+ ]

+}

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+#### Response

+The following example shows the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.accessPackageAssignmentPolicy"

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "id": "4540a08f-8ab5-43f6-a923-015275799197",

+ "displayName": "API Created policy with updated customExtensionStageSettings",

+ "description": "policy with updated customExtensionStageSettings",

+ "accessPackageId": "f9afd2e3-7486-40df-9c35-aa2ae108c495",

+ "expiration": {

+ "type": "afterDuration",

+ "duration": "P365D"

+ },

+ "requestApprovalSettings": null,

+ "requestorSettings": {

+ "acceptRequests": true,

+ "scopeType": "AllExistingDirectorySubjects",

+ "allowedRequestors": []

+ },

+ "accessReviewSettings": null,

+ "customExtensionStageSettings": [

+ {

+ "stage": "assignmentRequestCreated",

+ "customExtension": {

+ "@odata.type": "#microsoft.graph.accessPackageAssignmentRequestWorkflowExtension",

+ "id": "bebe7873-1f0d-4db9-b6c3-01f7ebfe8476"

+ }

+ }

+ ]

+}

+```

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+|Delegated (work or school account) | Group.ReadWrite.All and AdministrativeUnit.Read.All, Directory.ReadWrite.All |

+|Application | Group.Create and AdministrativeUnit.Read.All, Group.ReadWrite.All and AdministrativeUnit.Read.All, Directory.ReadWrite.All |

+To create a new group in an administrative unit, the calling principal must be assigned at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) at the scope of the administrative unit:

+* Groups Administrator

+* User Administrator

+When these roles are assigned to a service principal, additional permissions are required to read the directory, such as assignment to the Directory Readers role, or having Microsoft Graph application permissions, such as Directory.Read.All.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+| nativeAuthenticationApisEnabled | String | Specifies whether the native authentication APIs are enabled so that the application can use them to provide native authentication. The possible values are: `none`, `all`, and `unknownFutureValue`. For more information, see [Native Authentication](/entra/external-id/customers/concept-native-authentication).|

+<!-- { "blockType": "permissions", "name": "application_upsert" } -->

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+<!-- {

+ "blockType": "permissions",

+ "name": "applicationtemplate-get-permissions"

+}

+-->

+``` http

+GET /applicationTemplates/{applicationTemplate-id}

+GET https://graph.microsoft.com/beta/applicationTemplates/006a06ef-9160-42cd-88bf-17a7588fc844

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applicationTemplates/$entity",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET applicationTemplates('<guid>')?$select=appCategory,categories",

+ "id": "006a06ef-9160-42cd-88bf-17a7588fc844",

+ "displayName": "LinkedIn Lookup",

+ "homePageUrl": "www.linkedin.com",

+ "supportedSingleSignOnModes": [

+ "SAML",

+ "Password"

+ ],

+ "supportedProvisioningTypes": [],

+ "logoUrl": "https://images.microsoft.com",

+ "categories": [

+ "collaboration",

+ "social"

+ ],

+ "publisher": "LinkedIn",

+ "description": "LinkedIn Lookup is the easiest way to find coworkers and teams at your company. Lookup is a new people search tool that combines employees' LinkedIn profile information and Active Directory information, allowing you to quickly find and contact your coworkers, on desktop or mobile. Requires an existing Lookup company subscription.",

+ "supportedClaimConfiguration": {

+ "requiredClaims": [

+ {

+ "id": "first_name",

+ "namespace": "",

+ "source": "user",

+ "attribute": "firstname"

+ },

+ {

+ "id": "last_name",

+ "namespace": "",

+ "source": "user",

+ "attribute": "surname"

+ },

+ {

+ "id": "email_address",

+ "namespace": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/",

+ "source": "user",

+ "attribute": "mail"

+ }

+ "groupMembershipClaims": "securityGroup",

+ "nameIdPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

+ },

+ "informationalUrls": {

+ "singleSignOnDocumentationUrl": "https://go.microsoft.com/fwlink/?linkid=847714",

+ "provisioningDocumentationUrl": null,

+ "appSignUpUrl": null

+ },

+ "configurationUris": [

+ {

+ "usage": "redirectUri",

+ "examples": [

+ "https://www.linkedin.com/checkpoint/enterprise/<SUBDOMAIN>"

+ ],

+ "values": [

+ "https://www.linkedin.com/checkpoint/enterprise/*"

+ ],

+ "isRequired": false,

+ "appliesToSingleSignOnMode": "saml"

+ },

+ {

+ "usage": "identifierUri",

+ "examples": null,

+ "values": [

+ "linkedinlookup/primary",

+ "https://www.linkedin.com/lookup/*"

+ ],

+ "isRequired": true,

+ "appliesToSingleSignOnMode": "saml"

+ ]

+POST /applicationTemplates/{applicationTemplate-id}/instantiate

+<!-- {

+ "blockType": "permissions",

+ "name": "applicationtemplate-list-permissions"

+}

+-->

+ "@odata.type": "Collection(microsoft.graph.applicationTemplate)"

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#applicationTemplates",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET applicationTemplates?$select=appCategory,categories",

+ "value": [

+ {

+ "id": "006a06ef-9160-42cd-88bf-17a7588fc844",

+ "displayName": "LinkedIn Lookup",

+ "homePageUrl": "www.linkedin.com",

+ "supportedSingleSignOnModes": [

+ "SAML",

+ "Password"

+ ],

+ "supportedProvisioningTypes": [],

+ "logoUrl": "https://images.microsoft.com",

+ "categories": [

+ "collaboration",

+ "social"

+ ],

+ "publisher": "LinkedIn",

+ "description": "LinkedIn Lookup is the easiest way to find coworkers and teams at your company. Lookup is a new people search tool that combines employees' LinkedIn profile information and Active Directory information, allowing you to quickly find and contact your coworkers, on desktop or mobile. Requires an existing Lookup company subscription.",

+ "supportedClaimConfiguration": {

+ "requiredClaims": [

+ {

+ "id": "first_name",

+ "namespace": "",

+ "source": "user",

+ "attribute": "firstname"

+ },

+ {

+ "id": "last_name",

+ "namespace": "",

+ "source": "user",

+ "attribute": "surname"

+ },

+ {

+ "id": "email_address",

+ "namespace": "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/",

+ "source": "user",

+ "attribute": "mail"

+ }

+ ],

+ "groupMembershipClaims": "securityGroup",

+ "nameIdPolicyFormat": "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress"

+ },

+ "informationalUrls": {

+ "singleSignOnDocumentationUrl": "https://go.microsoft.com/fwlink/?linkid=847714",

+ "provisioningDocumentationUrl": null,

+ "appSignUpUrl": null

+ },

+ "configurationUris": [

+ {

+ "usage": "redirectUri",

+ "examples": [

+ "https://www.linkedin.com/checkpoint/enterprise/<SUBDOMAIN>"

+ ],

+ "values": [

+ "https://www.linkedin.com/checkpoint/enterprise/*"

+ ],

+ "isRequired": false,

+ "appliesToSingleSignOnMode": "saml"

+ },

+ "usage": "identifierUri",

+ "examples": null,

+ "values": [

+ "linkedinlookup/primary",

+ "https://www.linkedin.com/lookup/*"

+ ],

+ "isRequired": true,

+ "appliesToSingleSignOnMode": "saml"

+ ]

+ }

+ ]

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$count=true

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&{property} eq '{property-value}'

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&{property} eq '{property-value}' &$top=5

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$filter={property} eq '{property-value}'

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$filter={property} eq '{property-value}'&$top=5

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$orderby={property}

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$skipToken={skipToken}

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$top=1

+GET /security/attackSimulation/payloads?$filter=source eq 'Tenant'&$select={property}

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+description: "Read the properties of a user's authentication method states, such as their sign-in preferences (system-preferred MFA) and per-user MFA state."

+- A user's [signInPreferences (system-preferred MFA)](../resources/signInPreferences.md)

+- A user's [strongAuthenticationRequirements (per-user MFA)](../resources/strongauthenticationrequirements.md)

+### Permissions to read system-preferred MFA

+### Permissions to read per-user MFA state

+#### Permissions acting on self

+<!-- { "blockType": "permissions", "name": "authentication_get_2" } -->

+#### Permissions acting on others

+<!-- { "blockType": "permissions", "name": "authentication_get_3" } -->

+To retrieve the sign-in preferences (system-preferred MFA) for a user:

+To retrieve the per-user multifactor authentication state for the signed-in user:

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /me/authentication/requirements

+```

+### Example 1: Get a user's system-preferred MFA method

+ Title: "Create fido2AuthenticationMethod"

+description: "Create a new fido2AuthenticationMethod object."

+ms.localizationpriority: medium

+# Create fido2AuthenticationMethod

+Namespace: microsoft.graph

+Create a new [fido2AuthenticationMethod](../resources/fido2authenticationmethod.md) object.

+> [!NOTE]

+> Self-service operations aren't currently supported.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- {

+ "blockType": "permissions",

+ "name": "authentication-post-fido2methods-permissions"

+}

+-->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /users/{id}/authentication/fido2methods

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [fido2AuthenticationMethod](../resources/fido2authenticationmethod.md) object.

+You can specify the following properties when creating a **fido2AuthenticationMethod**.

+|Property|Type|Description|

+|:|:|:|

+|displayName|String|Custom name given to the registered fido2AuthenticationMethod|

+|publicKeyCredential|[webauthnPublicKeyCredential](../resources/webauthnpublickeycredential.md)|Contains the WebAuthn public key credential information being registered|

+> [!NOTE]

+> The publicKeyCredential|[webAuthnPublicKeyCredential](../resources/webAuthnpublickeycredential.md) is a write-only property and is not returned in GET requests.

+Currently, only attestation formats of "packed" or "None" are supported at this time.

+## Response

+If successful, this method returns a `201 Created` response code and a [fido2AuthenticationMethod](../resources/fido2authenticationmethod.md) object in the response body.

+## Examples

+### Request

+The following example shows a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_fido2authenticationmethod_from_"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/users/{id}/authentication/fido2Methods

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.fido2AuthenticationMethod",

+ "displayName": "Red Key",

+ "publicKeyCredential": {

+ "id": "pgIfj2fnom8rJdb4_h1gKqDkq-gxHFksI-m2aR5T-PNNycBfENAM4ksEBvoXky6d",

+ "response": {

+ "clientDataJSON": "VGhpcyBpcyB0aGUgY2xpZW50RGF0YUpTT04gZW5jb2RlZCB0byBiZSB3ZWJzYWZlIHdoaWNoIHdpbGwgYmUgc2VudCB0byBFbnRyYSBJRA",

+ "attestationObject": "VGhpcyBpcyB0aGUgYXR0ZXN0YXRpb25PYmplY3QgZW5jb2RlZCB0byBiZSB3ZWJzYWZlIHdoaWNoIHdpbGwgYmUgc2VudCB0byBFbnRyYSBJRA"

+ }

+ }

+}

+```

+### Response

+The following example shows the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.fido2AuthenticationMethod"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "@odata.type": "#microsoft.graph.fido2AuthenticationMethod",

+ "id": "73ecec75-b546-cd6a-d74d-8bb81e58d4a7",

+ "displayName": "Red Key",

+ "createdDateTime": "2020-08-10T06:44:09Z",

+ "aaGuid": "2fc0579f-8113-47ea-b116-555a8db9202a",

+ "model": "NFC Key",

+ "attestationCertificates": [

+ "dbe793efdf1945e2df25d93653a1e8a3268a9075"

+ ],

+ "attestationLevel": "attested"

+}

+```

+> [!NOTE]

+> Ensure proper base64URL encoding and decoding of the publicKeyCredential.id is performed before you use the response data to create a passkey on a FIDO2 security key.

+description: "Update the properties of a user's authentication states, such as their sign-in preferences (system-preferred MFA) and per-user MFA state."

+- A user's [signInPreferences (system-preferred MFA)](../resources/signInPreferences.md)

+- A user's [strongAuthenticationRequirements (per-user MFA)](../resources/strongauthenticationrequirements.md)

+### Permissions to update system-preferred MFA

+### Permissions to update per-user MFA state

+#### Permissions acting on self

+<!-- { "blockType": "permissions", "name": "authentication_get_2" } -->

+#### Permissions acting on others

+<!-- { "blockType": "permissions", "name": "authentication_get_3" } -->

+To update the sign-in preferences (system-preferred MFA) for a user:

+To update the per-user multifactor authentication state for the signed-in user:

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /me/authentication/requirements

+```

+### Example 1: Update a user's system-preferred MFA method

+To reset a user's password in in Azure AD B2C, use the [Update user](../api/user-update.md) API operation and update the **passwordProfile** > **forceChangePasswordNextSignIn** object.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies/$entity",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET policies/authenticationStrengthPolicies('<guid>')?$select=allowedCombinations,createdDateTime",

+ "id": "5790842a-5bab-44c2-9cf1-b38d675b70ea",

+ "createdDateTime": "2024-07-10T20:27:42.5264618Z",

+ "modifiedDateTime": "2024-07-10T23:49:43.883679Z",

+ "displayName": "Auth Strength policy name",

+ "description": "",

+ "policyType": "custom",

+ "requirementsSatisfied": "mfa",

+ "allowedCombinations": [

+ "fido2"

+ ],

+ "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations",

+ "combinationConfigurations": [

+ {

+ "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",

+ "id": "42235320-c8db-4d8c-9344-8f1ce87f734b",

+ "appliesToCombinations": [

+ "fido2"

+ ],

+ "allowedAAGUIDs": [

+ "de1e552d-db1d-4423-a619-566b625cdc84",

+ "90a3ccdf-635c-4729-a248-9b709135078f"

+ ]

+ }

+ ]

+ "displayName": "Example",

+ "requirementsSatisfied": "mfa",

+ "allowedCombinations": [

+ "fido2"

+ ],

+ "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies('5790842a-5bab-44c2-9cf1-b38d675b70ea')/combinationConfigurations",

+ "combinationConfigurations": [

+ {

+ "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",

+ "id": "42235320-c8db-4d8c-9344-8f1ce87f734b",

+ "appliesToCombinations": [

+ "fido2"

+ ],

+ "allowedAAGUIDs": [

+ "de1e552d-db1d-4423-a619-566b625cdc84",

+ "90a3ccdf-635c-4729-a248-9b709135078f"

+ ]

+ }

+ ]

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies/$entity",

+ "id": "7daf2132-6a2d-4e78-a699-b823babf4436",

+ "createdDateTime": "2024-07-23T17:10:58.1492045Z",

+ "modifiedDateTime": "2024-07-23T17:10:58.1492045Z",

+ "displayName": "Example",

+ "description": "",

+ "policyType": "custom",

+ "requirementsSatisfied": "mfa",

+ "allowedCombinations": [

+ "fido2"

+ ],

+ "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/authenticationStrengthPolicies('7daf2132-6a2d-4e78-a699-b823babf4436')/combinationConfigurations",

+ "combinationConfigurations": [

+ {

+ "@odata.type": "#microsoft.graph.fido2CombinationConfiguration",

+ "id": "c0fdf2f9-3b3f-4bbf-988c-17606ea4b4e4",

+ "appliesToCombinations": [

+ "fido2"

+ ],

+ "allowedAAGUIDs": [

+ "de1e552d-db1d-4423-a619-566b625cdc84",

+ "90a3ccdf-635c-4729-a248-9b709135078f"

+ ]

+ }

+ ]

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+In the request body, supply an empty JSON object `{}` for this method.

+Content-type: application/json

+{

+}

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+<!-- { "blockType": "ignored", "name": "callrecording_get" } -->

+|Permission type|Least privileged permissions|Higher privileged permissions|

+|:|:|:|

+|Delegated (work or school account)|OnlineMeetingRecording.Read.All|Not available.|

+|Delegated (personal Microsoft account)|Not supported.|Not supported.|

+|Application|OnlineMeetingRecording.Read.All, OnlineMeetingRecording.Read.Chat|Not available|

+<!-- { "blockType": "ignored" } -->

+<!-- { "blockType": "ignored" } -->

+### Example 3: Get a callRecording from a corresponding transcript using contentCorrelationId

+The following example shows how to get a single recording of an online meeting corresponding to a transcript using the **contentCorrelationId** property.

+#### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_callRecording_using_contentCorrelationId",

+ "sampleKeys": ["MSoxMjczYTAxNi0yMDFkLTRmOTUtODA4My0xYjdmOTliM2VkZWIqMCoqMTk6bWVldGluZ19OV1EwWm1GbFpEY3RORFJqTmkwMFlXRm1MV0U1WXpBdE9UZzJNMk0yTm1Nd1pERTNAdGhyZWFkLnYy"]

+}

+-->

+``` http

+GET https://graph.microsoft.com/betFkLTRmOTUtODA4My0xYjdmOTliM2VkZWIqMCoqMTk6bWVldGluZ19OV1EwWm1GbFpEY3RORFJqTmkwMFlXRm1MV0U1WXpBdE9UZzJNMk0yTm1Nd1pERTNAdGhyZWFkLnYy/recordings?$filter=contentcorrelationId+eq+'e87c8cf8-50f7-4252-8b9c-ad08ac0fa88d-0'

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+#### Response

+The following example shows the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.callRecording"

+}

+-->

+```http

+HTTP/1.1 200 OK

+Content-type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/betFkLTRmOTUtODA4My0xYjdmOTliM2VkZWIqMCoqMTk6bWVldGluZ19OV1EwWm1GbFpEY3RORFJqTmkwMFlXRm1MV0U1WXpBdE9UZzJNMk0yTm1Nd1pERTNAdGhyZWFkLnYy')/recordings",

+ "@odata.count": 1,

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET me/onlineMeetings('<key>')/recordings?$select=callId,content",

+ "value": [

+ {

+ "id": "VjIjIzExMjczYTAxNi0yMDFkLTRmOTUtODA4My0xYjdmOTliM2VkZWIyNDMyYjU3Yi0wYWJkLTQzZGItYWE3Yi0xNmVhZGQxMTVkMzQwNDAwMDAwMDgyMDBFMDAwNzRDNUI3MTAxQTgyRTAwODAwMDAwMDAwNDA3ZjYyNjg0ZmQ0ZGEwMTAwMDAwMDAwMDAwMDAwMDAxMDAwMDAwMDRiZWQ5YTIzZGMyZmZmNDY4OTc4OTg0NjU2ZjI3MjE5IyM5YzM3ZDZhMS1mNGJmLTRjZWMtOTFmYS0xNDc1MGUwNzFhMTg=",

+ "meetingId": "MSoxMjczYTAxNi0yMDFkLTRmOTUtODA4My0xYjdmOTliM2VkZWIqMCoqMTk6bWVldGluZ19OV1EwWm1GbFpEY3RORFJqTmkwMFlXRm1MV0U1WXpBdE9UZzJNMk0yTm1Nd1pERTNAdGhyZWFkLnYy",

+ "callId": "26c38520-e74d-4391-8188-cb458d413825",

+ "contentCorrelationId": "e87c8cf8-50f7-4252-8b9c-ad08ac0fa88d-0",

+ "createdDateTime": "2024-07-12T11:37:59.0113199Z",

+ "endDateTime": "2024-07-12T11:38:11.3313199Z",

+ "recordingContentUrl": "https://graph.microsoft.com/betRiZWQ5YTIzZGMyZmZmNDY4OTc4OTg0NjU2ZjI3MjE5IyM5YzM3ZDZhMS1mNGJmLTRjZWMtOTFmYS0xNDc1MGUwNzFhMTg=/content",

+ "meetingOrganizer": {

+ "application": null,

+ "device": null,

+ "user": {

+ "@odata.type": "#microsoft.graph.teamworkUserIdentity",

+ "id": "1273a016-201d-4f95-8083-1b7f99b3edeb",

+ "displayName": null,

+ "userIdentityType": "aadUser",

+ "tenantId": "2432b57b-0abd-43db-aa7b-16eadd115d34"

+ }

+ }

+ }

+ ]

+}

+```

+<!-- { "blockType": "ignored", "name": "calltranscript_get" } -->

+| Permission type| Least privileged permissions|Higher privileged permissions|

+| :| :| : |

+|Delegated (work or school account)| OnlineMeetingTranscript.Read.All| Not available.|

+|Delegated (personal Microsoft account)|Not supported.|Not supported.|

+|Application|OnlineMeetingTranscript.Read.All, OnlineMeetingTranscript.Read.Chat|Not available.|

+description: "Archive a channel in a team."

+You can delete an archived channel or add and remove members from it. If you archive a team, its channels are also archived.

+Archiving is an asynchronous operation; a channel is archived after the asynchronous archiving operation completes successfully, which might occur after the response returns.

+A channel without an owner or that belongs to a [group](../resources/group.md) that has no owner, can't be archived.

+To restore a channel from its archived state, use the [channel: unarchive](channel-unarchive.md) method. A channel canΓÇÖt be archived or unarchived if its team is archived.

+> **Note**: This API supports admin permissions. Users with the Global Administrator or Microsoft Teams service admin roles can access teams that they aren't members of.

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Content-Type | application/json. Optional. |

+In the request body, you can optionally provide a JSON object with the following parameter.

+| Parameter | Type |Description|

+|:|:--|:-|

+|shouldSetSpoSiteReadOnlyForMembers|Boolean|Defines whether to set permissions for channel members to read-only on the SharePoint Online site associated with the team. If you set it to `false` or omit the parameter, this step is skipped.|

+The following example shows the request body with **shouldSetSpoSiteReadOnlyForMembers** set to `true`.

+```json

+ "shouldSetSpoSiteReadOnlyForMembers": true

+If archiving is started successfully, this method returns a `202 Accepted` response code. The response contains a `Location` header that specifies the location of the [teamsAsyncOperation](../resources/teamsasyncoperation.md) that was created to handle the archiving of the channel in a team. Check the status of the archiving operation by making a GET request to this location.

+ "name": "archive_channel",

+ "sampleKeys": ["16dc05c0-2259-4540-a970-3580ff459721", "19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2"]

+POST https://graph.microsoft.com/beta/teams/16dc05c0-2259-4540-a970-3580ff459721/channels/19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2/archive

+Location: /teams/16dc05c0-2259-4540-a970-3580ff459721/operations/b7ee702a-d87f-4cc6-82b9-e731c16d3aba

+The following example shows a request to archive a channel that fails because the team is archived; the team must be active to archive or unarchive a channel.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "archive_channel_on_archived_team",

+ "sampleKeys": ["16dc05c0-2259-4540-a970-3580ff459721", "19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2"]

+}-->

+POST https://graph.microsoft.com/beta/teams/16dc05c0-2259-4540-a970-3580ff459721/channels/19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2/archive

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+#### Response

+The following example shows the `400 Bad Request` response code with a corresponding error message.

+<!-- {

+ "blockType": "response",

+ "name": "archive_channel_on_archived_team",

+ "@odata.type": "microsoft.graph.publicError",

+ "truncated": true

+}-->

+This API supports admin permissions. Users with the Global Administrator or Microsoft Teams service admin roles can access teams that they aren't a member of.

+This API supports admin permissions. Users with the Global Administrator or Microsoft Teams service admin roles can access teams that they aren't a member of.

+description: "Restore an archived channel in a team."

+Restore an archived [channel](../resources/channel.md). Unarchiving restores the ability for users to send messages and edit the channel. Channels are archived via the [channel: archive](channel-archive.md) method.

+Unarchiving is an asynchronous operation; a channel is unarchived when the asynchronous unarchiving operation completes successfully, which might occur after this method responds.

+> **Note**: An archived channel that belongs to an archived team cannot be unarchived. Unarchive the team before you unarchive the channel; otherwise, the request fails.

+> **Note**: This API supports admin permissions. Users with the Global Administrator or Microsoft Teams service admin roles can access teams that they aren't a member of.

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+If unarchiving is started successfully, this method returns a `202 Accepted` response code. The response contains a `Location` header that specifies the location of the [teamsAsyncOperation](../resources/teamsasyncoperation.md) that was created to handle the unarchiving of the channel in a team. Check the status of the unarchiving operation by making a GET request to this location.

+## Examples

+ "name": "unarchive_channel",

+ "sampleKeys": ["16dc05c0-2259-4540-a970-3580ff459721", "19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2"]

+POST https://graph.microsoft.com/beta/teams/16dc05c0-2259-4540-a970-3580ff459721/channels/19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2/unarchive

+Location: /teams/16dc05c0-2259-4540-a970-3580ff459721/operations/b7ee702a-d87f-4cc6-82b9-e731c16d3aba

+The following example shows a request to unarchive a channel that fails because the team is archived; the team must be active to archive or unarchive a channel.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "unarchive_channel_on_archived_team",

+ "sampleKeys": ["16dc05c0-2259-4540-a970-3580ff459721", "19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2"]

+}-->

+POST https://graph.microsoft.com/beta/teams/16dc05c0-2259-4540-a970-3580ff459721/channels/19:v32db348d9264477abcf18ffa2cf76dc@thread.tacv2/unarchive

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+The following example shows the `400 Bad Request` response code with a corresponding error message.

+<!-- {

+ "blockType": "response",

+ "name": "unarchive_channel_on_archived_team",

+ "@odata.type": "microsoft.graph.publicError",

+ "truncated": true

+}-->

+### Request

+### Response

+The following example shows the response.

+>**Note:** The response object shown here might be shortened for readability.

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|429|Too many requests|The request rate limit has been exceeded. Wait for the time specified in the `Retry-After` header and try again.|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|429|Too many requests|The request rate limit has been exceeded. Wait for the time specified in the `Retry-After` header and try again.|

+ "statusDetails": null,

+ "statusDetail": null

+ "statusDetails": null,

+ "statusDetail": null

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/cloudPCs/40cee9d2-03fb-4066-8d35-dbdf2875c33f?$select=id,displayName,imageDisplayName,lastModifiedDateTime,lastRemoteActionResult,lastLoginResult,connectivityResult,allotmentDisplayName,deviceRegionName

+ "allotmentDisplayName": null,

+ "deviceRegionName": "eastus2"

+### Example 4: List Cloud PCs filtered by disaster recovery capability type

+The following example shows how to list Cloud PCs filtered by disaster recovery capability type and select specific parameters.

+#### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "get_cloudpc_disasterrecoverycapability"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/cloudPCs?$select=id,displayName,disasterRecoveryCapability&$filter=disasterRecoveryCapability/capabilityType eq 'failover'

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+#### Response

+The following example shows the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "name": "get_cloudpc_disasterrecoverycapability",

+ "@odata.type": "microsoft.graph.cloudPC"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#deviceManagement/virtualEndpoint/cloudPCs(id,displayName,disasterRecoveryCapability)",

+ "value": [

+ {

+ "id": "662009bc-7732-4f6f-8726-25883518b33e",

+ "displayName": "Demo-0",

+ "disasterRecoveryCapability": {

+ "primaryRegion": "eastus",

+ "secondaryRegion": "westus",

+ "capabilityType": "failover"

+ }

+ },

+ {

+ "id": "ac74ae8b-85f7-4272-88cc-5419267403ed",

+ "displayName": "Demo-1",

+ "disasterRecoveryCapability": {

+ "primaryRegion": "eastus",

+ "secondaryRegion": "westus",

+ "capabilityType": "failover"

+ }

+ }

+ ]

+}

+```

+If successful, this method returns a `200 OK` response code and a collection of [cloudPC](../resources/cloudpc.md) objects in the response body.

+ "name": "cloudpc.getProvisionedCloudPCs",

+ "truncated": true

+ "deviceRegionName": "eastus2",

+ "deviceRegionName": "eastus2",

+ Title: "cloudPC: retrieveCloudPcRemoteActionResults"

+description: "Retrieve remote action results and check the status of a specific remote action performed on the associated Cloud PC device."

+ms.localizationpriority: medium

+# cloudPC: retrieveCloudPcRemoteActionResults

+Namespace: microsoft.graph

+Retrieve [remote action results](../resources/cloudpcremoteactionresult.md) and check the status of a specific remote action performed on the associated Cloud PC device.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "cloudpc-retrievecloudpcremoteactionresults" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/virtualEndpoint/cloudPCs/{id}/retrieveCloudPcRemoteActionResults

+```

+## Request headers

+| Name | Description |

+| : | : |

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+## Request body

+Don't supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [cloudPcRemoteActionResult](../resources/cloudpcremoteactionresult.md) objects in the response body.

+## Examples

+### Request

+The following example shows a request.

+<!-- {

+ "blockType": "request",

+ "name": "cloudpc_retrievecloudpcremoteactionresults"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/cloudPCs/46ed3acc-70f8-4978-a5ba-62945ecc5e4c/retrieveCloudPcRemoteActionResults

+```

+### Response

+The following example shows the response.

+> **Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.cloudPcRemoteActionResult)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.cloudPcRemoteActionResult)",

+ "value": [

+ {

+ "actionName": "CloudPcPowerOn",

+ "actionState": "done",

+ "startDateTime": "2024-05-28T06:12:47.4100777Z",

+ "lastUpdatedDateTime": "2024-05-28T06:13:45.2270925Z",

+ "cloudPcId": "46ed3acc-70f8-4978-a5ba-62945ecc5e4c",

+ "managedDeviceId": null,

+ "statusDetail": null,

+ "statusDetails": null

+ }

+ ]

+}

+```

+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/bulkActions/0d76d02b-e0a0-4f58-baff-d1718cc2d144

+ "@odata.type": "#microsoft.graph.cloudPcBulkPowerOn",

+ "displayName": "BulkPowerOn on 2024-6-14 17:05:43 GMT-0300 (French Guiana Time)",

+ "id": "0d76d02b-e0a0-4f58-baff-d1718cc2d144",

+ "a38fdc98-0861-4de6-9892-0c793dad36d4"

+ "scheduledDuringMaintenanceWindow": false,

+ "createdDateTime": "2024-06-14T20:05:44.5239567Z",

+ "status": "succeeded",

+ "initiatedByUserPrincipalName": "johnd@contoso.com",

+ "failedCount": 0,

+ "inProgressCount": 0,

+ "notSupportedCount": 0,

+ "pendingCount": 0,

+ "successfulCount": 1

+ }

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|reportName|cloudPcReportName|The report name. The possible values are: `remoteConnectionHistoricalReports`, `dailyAggregatedRemoteConnectionReports`, `totalAggregatedRemoteConnectionReports`, `sharedUseLicenseUsageReport`, `sharedUseLicenseUsageRealTimeReport`, `unknownFutureValue`, `noLicenseAvailableConnectivityFailureReport`, `frontlineLicenseUsageReport`, `frontlineLicenseUsageRealTimeReport`, `remoteConnectionQualityReports`, `inaccessibleCloudPcReports`, `crossRegionDisasterRecoveryReport`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `noLicenseAvailableConnectivityFailureReport`, `frontlineLicenseUsageReport`, `frontlineLicenseUsageRealTimeReport`, `remoteConnectionQualityReports`, `inaccessibleCloudPcReports`, `crossRegionDisasterRecoveryReport`.|

+ Title: "cloudPcReports: retrieveCrossRegionDisasterRecoveryReport"

+description: "Retrieve the Windows 365 cross-region disaster recovery report, including CloudPcId, UserId, DeviceId, CloudPCDeviceDisplayName, UserPrincipalName, IsCrossRegionEnabled, CrossRegionHealthStatus, LicenseType, DisasterRecoveryStatus, CurrentRestorePointDateTime, and ActivationExpirationDateTime."

+ms.localizationpriority: medium

+# cloudPcReports: retrieveCrossregionDisasterRecoveryReport

+Namespace: microsoft.graph

+Retrieve the Windows 365 cross-region disaster recovery report, including CloudPcId, UserId, DeviceId, CloudPCDeviceDisplayName, UserPrincipalName, IsCrossRegionEnabled, CrossRegionHealthStatus, LicenseType, DisasterRecoveryStatus, CurrentRestorePointDateTime, and ActivationExpirationDateTime.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "cloudpcreports_retrievecrossregiondisasterrecoveryreport" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/virtualEndpoint/reports/retrieveCrossRegionDisasterRecoveryReport

+```

+## Request headers

+|Name|Description|

+|:|:|

+| Authorization | Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts). |

+| Content-Type | application/json. Required. |

+## Request body

+In the request body, supply a JSON representation of the parameters.

+The following table shows the parameters that you can use with this action.

+| Parameter | Type | Description |

+| : | :- | :- |

+| filter | String | OData `$filter` syntax. The supported filters are: `and`, `or`, `lt`, `le`, `gt`, `ge`, and `eq`. |

+| groupBy | String collection | Specifies how to group the reports. If used, must have the same content as the **select** parameter. |

+| orderBy | String collection | Specifies how to sort the reports. |

+| search | String | Specifies a String to search. |

+| select | String collection | OData `$select` syntax. The selected columns of the reports. |

+| skip | Int32 | The number of records to skip. |

+| top | Int32 | The number of top records to return. |

+## Response

+If successful, this action returns a `200 OK` response code and a Stream in the response body.

+## Examples

+### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "cloudpcreportsthis.retrievecrossregiondisasterrecoveryreport"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/reports/retrievecrossregiondisasterrecoveryreport

+Content-Type: application/json

+Content-length: 199

+{

+ "filter": "DisasterRecoveryStatus eq 'Active outage'",

+ "select": [

+ "Id",

+ "CloudPcId",

+ "UserId",

+ "UserSettingId",

+ "DeviceId",

+ "CloudPCDeviceDisplayName",

+ "UserPrincipalName",

+ "IsCrossRegionEnabled",

+ "CrossRegionHealthStatus",

+ "LicenseType",

+ "DisasterRecoveryStatus",

+ "CurrentRestorePointDateTime",

+ "ActivationExpirationDateTime"

+ ],

+ "skip": 0,

+ "top": 50

+}

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+### Response

+The following example shows the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Edm.Stream"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/octet-stream

+{

+ "TotalRowCount": 1,

+ "Schema": [

+ {

+ "Column": "Id",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "CloudPcId",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "UserId",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "UserSettingId",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "DeviceId",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "CloudPcDeviceDisplayName",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "UserPrincipalName",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "IsCrossRegionEnabled",

+ "PropertyType": "Boolean"

+ },

+ {

+ "Column": "CrossRegionHealthStatus",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "LicenseType",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "DisasterRecoveryStatus",

+ "PropertyType": "String"

+ },

+ {

+ "Column": "CurrentRestorePointDateTime",

+ "PropertyType": "DateTime"

+ },

+ {

+ "Column": "ActivationExpirationDateTime",

+ "PropertyType": "DateTime"

+ }

+ ],

+ "Values": [

+ [

+ "7768debd-7955-4b32-a654-a02894bce953",

+ "69360332-619a-4b38-af5d-91ecef72f789",

+ "c939b389-979f-4687-945d-d1220b3d4d24",

+ "k739b389-979f-4j87-945d-d3220b3d4o24",

+ "9330ff50-0a1b-4038-8fe8-3c4a67ec4dc5",

+ "CPC-Cross-JG79E",

+ "john.doe@contoso.com",

+ true,

+ "Unhealthy:'ANC unhealthy', 'Network mismatch'",

+ "Cross Region",

+ "Active outage",

+ "2023-10-16 03:05:14.131 AM",

+ "2023-10-19 07:05:14.131 AM"

+ ]

+ ]

+}

+```

+ Title: "Delete community"

+description: "Delete a community in Viva Engage."

+ms.localizationpriority: medium

+# Delete community

+Namespace: microsoft.graph

+Delete a Viva Engage [community](../resources/community.md) along with all associated Microsoft 365 content, including the connected Microsoft 365 group, OneNote notebook, and Planner plans. For more information, see [What happens if I delete a Viva Engage community connected to Microsoft 365 groups](/viva/engage/engage-microsoft-365-groups#q-what-happens-if-i-delete-a-viva-engage-community-connected-to-microsoft-365-groups).

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "community_delete" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /employeeExperience/communities/{communityId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+## Request body

+Don't supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "delete_community",

+ "sampleKeys": ["eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiI4MzIxMjc1In0"]

+}

+-->

+``` http

+DELETE https://graph.microsoft.com/beta/employeeExperience/communities/eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiI4MzIxMjc1In0

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [Python](#tab/python)

+### Response

+The following example shows the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Update community"

+description: "Update the properties of an existing Viva Engage community."

+ms.localizationpriority: medium

+# Update community

+Namespace: microsoft.graph

+Update the properties of an existing Viva Engage [community](../resources/community.md).

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "community_update" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /employeeExperience/communities/{communityId}

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Content-Type|application/json. Required.|

+## Request body

+|Property|Type|Description|

+|:|:|:|

+| description | String | The description of the community. Maximum length is 1024 characters. |

+| displayName | String | The name of the community. Maximum length is 255 characters. |

+| privacy | [communityPrivacy](../resources/community.md#communityprivacy-values) | Defines the privacy level of the community. The possible values are: `public`, `private`, `unknownFutureValue`. |

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Examples

+### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "update_community",

+ "sampleKeys": ["eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiI4MzIxMjc1In0"]

+}

+-->

+``` http

+PATCH https://graph.microsoft.com/beta/employeeExperience/communities/eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiI4MzIxMjc1In0

+Content-Type: application/json

+{

+ "displayName": "Financial Advice for Software Engineers",

+ "description": "A community where financial advisors who represent customers from software engineering profession can discuss advice and suggestions for their clients.",

+ "privacy": "public"

+}

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [Python](#tab/python)

+### Response

+The following example shows the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true

+}

+-->

+``` http

+HTTP/1.1 204 No Content

+```

+GET https://graph.microsoft.com/beta/identity/conditionalAccess/policies/10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies/$entity",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identity/conditionalAccess/policies('<guid>')?$select=conditions,createdDateTime",

+ "id": "10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67",

+ "templateId": null,

+ "displayName": "CA008: Require password change for high-risk users",

+ "createdDateTime": "2021-11-02T14:26:29.1005248Z",

+ "modifiedDateTime": "2024-01-30T23:11:08.549481Z",

+ "state": "enabled",

+ "partialEnablementStrategy": null,

+ "userRiskLevels": [

+ "high"

+ "signInRiskLevels": [],

+ "all"

+ "platforms": null,

+ "locations": null,

+ "times": null,

+ "deviceStates": null,

+ "devices": null,

+ "clientApplications": null,

+ "excludeApplications": [],

+ "includeUserActions": [],

+ "includeAuthenticationContextClassReferences": [],

+ "applicationFilter": null

+ "All"

+ "excludeUsers": [],

+ "excludeGroups": [

+ "eedad040-3722-4bcb-bde5-bc7c857f4983"

+ "includeRoles": [],

+ "excludeRoles": [],

+ "includeGuestsOrExternalUsers": null,

+ "excludeGuestsOrExternalUsers": null

+ "operator": "AND",

+ "passwordChange"

+ "termsOfUse": [],

+ "authenticationStrength@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies('10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67')/grantControls/authenticationStrength/$entity",

+ "authenticationStrength": {

+ "id": "00000000-0000-0000-0000-000000000002",

+ "createdDateTime": "2021-12-01T08:00:00Z",

+ "modifiedDateTime": "2021-12-01T08:00:00Z",

+ "displayName": "Multifactor authentication",

+ "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",

+ "policyType": "builtIn",

+ "requirementsSatisfied": "mfa",

+ "allowedCombinations": [

+ "windowsHelloForBusiness",

+ "fido2",

+ "x509CertificateMultiFactor",

+ "deviceBasedPush",

+ "temporaryAccessPassOneTime",

+ "temporaryAccessPassMultiUse",

+ "password,microsoftAuthenticatorPush",

+ "password,softwareOath",

+ "password,hardwareOath",

+ "password,sms",

+ "password,voice",

+ "federatedMultiFactor",

+ "microsoftAuthenticatorPush,federatedSingleFactor",

+ "softwareOath,federatedSingleFactor",

+ "hardwareOath,federatedSingleFactor",

+ "sms,federatedSingleFactor",

+ "voice,federatedSingleFactor"

+ ],

+ "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#identity/conditionalAccess/policies('10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67')/grantControls/authenticationStrength/combinationConfigurations",

+ "combinationConfigurations": []

+ }

+ "disableResilienceDefaults": null,

+ "cloudAppSecurity": null,

+ "continuousAccessEvaluation": null,

+ "secureSignInSession": null,

+ "value": null,

+ "type": null,

+ "authenticationType": "primaryAndSecondaryAuthentication",

+ "frequencyInterval": "everyTime",

+ "id": "2b31ac51-b855-40a5-a986-0a4ed23e9008",

+ "templateId": null,

+ "displayName": "CA001: Require multi-factor authentication for admins",

+ "createdDateTime": "2021-11-02T14:17:09.1686157Z",

+ "modifiedDateTime": "2024-01-03T20:07:59.0369305Z",

+ "state": "enabled",

+ "userRiskLevels": [],

+ "servicePrincipalRiskLevels": [],

+ "insiderRiskLevels": null,

+ "clientApplications": null,

+ "All"

+ "includeUserActions": [],

+ "includeAuthenticationContextClassReferences": [],

+ "applicationFilter": null

+ "includeUsers": [],

+ "excludeGroups": [

+ "eedad040-3722-4bcb-bde5-bc7c857f4983"

+ ],

+ "includeRoles": [

+ "62e90394-69f5-4237-9190-012177145e10",

+ "194ae4cb-b126-40b2-bd5b-6091b380977d",

+ "f28a1f50-f6e7-4571-818b-6a12f2af6b6c",

+ "29232cdf-9323-42fd-ade2-1d097af3e4de",

+ "b1be1c3e-b65d-4f19-8427-f6fa0d97feb9",

+ "729827e3-9c14-49f7-bb1b-9608f156bbb8",

+ "b0f54661-2d74-4c50-afa3-1ec803f12efe",

+ "fe930be7-5e62-47db-91af-98c3a49a38b1",

+ "c4e39bd9-1100-46d3-8c65-fb160da0071f",

+ "9b895d92-2cd3-44c7-9d02-a6ac2d5ea5c3",

+ "158c047a-c907-4556-b7ef-446551a6b5f7",

+ "966707d0-3269-4727-9be2-8c3a10f19b9d",

+ "7be44c8a-adaf-4e2a-84d6-ab2649e08a13",

+ "e8611ab8-c189-46e8-94e1-60213ab1f814",

+ "f2ef992c-3afb-46b9-b7cf-a126ee74c451"

+ ],

+ "excludeRoles": [],

+ "includeGuestsOrExternalUsers": null,

+ "excludeGuestsOrExternalUsers": null

+ "mfa"

+ "authenticationStrength@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/conditionalAccessPolicies('2b31ac51-b855-40a5-a986-0a4ed23e9008')/grantControls/authenticationStrength/$entity",

+ "id": "10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67",

+ "templateId": null,

+ "displayName": "CA008: Require password change for high-risk users",

+ "createdDateTime": "2021-11-02T14:26:29.1005248Z",

+ "modifiedDateTime": "2024-01-30T23:11:08.549481Z",

+ "state": "enabled",

+ "userRiskLevels": [

+ "high"

+ ],

+ "servicePrincipalRiskLevels": [],

+ "insiderRiskLevels": null,

+ "clientApplications": null,

+ "All"

+ "includeUserActions": [],

+ "includeAuthenticationContextClassReferences": [],

+ "applicationFilter": null

+ "All"

+ "excludeGroups": [

+ "eedad040-3722-4bcb-bde5-bc7c857f4983"

+ ],

+ "excludeRoles": [],

+ "includeGuestsOrExternalUsers": null,

+ "excludeGuestsOrExternalUsers": null

+ "operator": "AND",

+ "passwordChange"

+ "termsOfUse": [],

+ "authenticationStrength@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/conditionalAccessPolicies('10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67')/grantControls/authenticationStrength/$entity",

+ "authenticationStrength": {

+ "id": "00000000-0000-0000-0000-000000000002",

+ "createdDateTime": "2021-12-01T08:00:00Z",

+ "modifiedDateTime": "2021-12-01T08:00:00Z",

+ "displayName": "Multifactor authentication",

+ "description": "Combinations of methods that satisfy strong authentication, such as a password + SMS",

+ "policyType": "builtIn",

+ "requirementsSatisfied": "mfa",

+ "allowedCombinations": [

+ "windowsHelloForBusiness",

+ "fido2",

+ "x509CertificateMultiFactor",

+ "deviceBasedPush",

+ "temporaryAccessPassOneTime",

+ "temporaryAccessPassMultiUse",

+ "password,microsoftAuthenticatorPush",

+ "password,softwareOath",

+ "password,hardwareOath",

+ "password,sms",

+ "password,voice",

+ "federatedMultiFactor",

+ "microsoftAuthenticatorPush,federatedSingleFactor",

+ "softwareOath,federatedSingleFactor",

+ "hardwareOath,federatedSingleFactor",

+ "sms,federatedSingleFactor",

+ "voice,federatedSingleFactor"

+ ],

+ "combinationConfigurations@odata.context": "https://graph.microsoft.com/beta/$metadata#policies/conditionalAccessPolicies('10ef4fe6-5e51-4f5e-b5a2-8fed19d0be67')/grantControls/authenticationStrength/combinationConfigurations",

+ "combinationConfigurations": []

+ }

+ },

+ "sessionControls": {

+ "disableResilienceDefaults": null,

+ "applicationEnforcedRestrictions": null,

+ "cloudAppSecurity": null,

+ "persistentBrowser": null,

+ "signInFrequency": {

+ "value": null,

+ "type": null,

+ "authenticationType": "primaryAndSecondaryAuthentication",

+ "frequencyInterval": "everyTime",

+ "isEnabled": true

+ }

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ "displayName": "John Doe",

+ "email": "johnd@contoso.com",

+ "acronym": "JD",

+ "displayName": "John Doe",

+ "email": "johnd@contoso.com",

+ "acronym": "JD",

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+> [!NOTE]

+> Sometimes it takes time to reflect the addition of a member after they're added. Users can use [change notifications](../resources/change-notifications-api-overview.md) to subscribe to notifications for membership changes in a particular team.

+The following example shows the response.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+| tenantRestrictions |[crossTenantAccessPolicyTenantRestrictions](../resources/crosstenantaccesspolicytenantrestrictions.md) | Defines the default tenant restrictions configuration for users in your organization who access an external organization on your network or devices. |

+| tenantRestrictions |[crossTenantAccessPolicyTenantRestrictions](../resources/crosstenantaccesspolicytenantrestrictions.md) | Defines the default tenant restrictions configuration for users in your organization who access an external organization on your network or devices. |

+The following example shows how to configure tenant restrictions settings.

+The following example shows a request.

+ "tenantRestrictions": {

+ "usersAndGroups": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "AllUsers",

+ "targetType": "user"

+ ]

+ },

+ "applications": {

+ "accessType": "allowed",

+ "targets": [

+ {

+ "target": "Office365",

+ "targetType": "application"

+ }

+ ]

+ }

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+This API returns up to 11,000 group IDs. If more than 11,000 results are available, it returns a `400 Bad Request` error with the `Directory_ResultSizeLimitExceeded` error code. If you get the `Directory_ResultSizeLimitExceeded` error code, use the [List group transitive memberOf](../api/group-list-transitivememberof.md) API instead.

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+# [HTTP](#tab/http)

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [PowerShell](#tab/powershell)

+# [Python](#tab/python)

+ Title: "driveItem: discardCheckout"

+description: "Discard a previously checked out driveItem."

+ms.localizationpriority: medium

+# driveItem: discardCheckout

+Namespace: microsoft.graph

+Discard the check out of a [driveItem](../resources/driveitem.md). This action releases a **driveItem** resource that was previously [checked out](driveitem-checkout.md). Any changes made to the item while it was checked out are discarded.

+The same user that performed the checkout must discard it. Another alternative is to use application permissions.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- {

+ "blockType": "permissions",

+ "name": "driveitem-discardcheckout-permissions"

+}

+-->

+## HTTP request

+``` http

+POST /drive/root/discardCheckout

+POST /drives/{drivesId}/root/discardCheckout

+POST /shares/{sharesId}/root/discardCheckout

+POST /drive/items/{driveItemId}/discardCheckout

+POST /shares/{sharesId}/driveItem/discardCheckout

+POST /drive/bundles/{driveItemId}/discardCheckout

+POST /drive/special/{driveItemId}/discardCheckout

+POST /drive/following/{driveItemId}/discardCheckout

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+## Request body

+Don't supply a request body for this method.

+## Response

+If successful, this action returns a `204 No Content` response code.

+## Examples

+### Request

+The following example shows a discard checkout request on a file identified by `{item-id}`.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "driveitemthis.discardcheckout"

+}

+-->

+``` http

+POST https://graph.microsoft.com/beta/drives/{drive-id}/items/{item-id}/discardCheckout

+```

+# [JavaScript](#tab/javascript)

+### Response

+The following example shows the response.

+<!-- { "blockType": "response" } -->

+```http

+HTTP/1.1 204 No content

+```

+description: "Move a driveItem to a new parent folder."

+ Title: "driveItem: move"

+# driveItem: move

+Move a [driveItem](../resources/driveitem.md) to a new parent.

+To move a **driveItem** to a new parent item, your app requests an update to the **parentReference** of the **driveItem** to move. The move is a special type of [Update](driveitem-update.md) operation.

+When a **driveItem** is moved within the same site or container, all existing sharing links continue to work. If the **driveItem** is moved to a different site or container, existing sharing links no longer work.

+## Request headers

+|Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| if-match | String | If this request header is included and the eTag (or cTag) provided doesn't match the current eTag on the folder, a `412 Precondition Failed` response is returned. Optional.|

+Existing properties that aren't included in the request body maintain their previous values or the properties are recalculated based on changes to other property values.

+For optimal performance, include only the values that change and omit the unchanged ones.

+> [!NOTE]

+> When items are moved to the root of a drive, your application must use the actual ID of the root folder as the parent reference instead of the `"id: root"` syntax.

+If successful, this method returns a `200 OK` response code and an updated [driveItem](../resources/driveitem.md) resource in the response body.

+For information about how errors are returned, see [Error responses][error-response].

+## Examples

+### Request

+The following example moves an item specified by `{item-id}` into a folder in the user's drive with the ID `new-parent-folder-id`.

+Permanently delete a [driveItem](../resources/driveitem.md) by using its ID. If you delete items using this method, they're permanently removed and aren't sent to the recycle bin, unlike the [Delete driveItem](../api/driveitem-delete.md) API, which sends the item to the recycle bin. Therefore, permanently deleted drive items can't be restored afterward.

+ Title: "Create permission on a driveItem"

+description: "Create a new permission for a driveItem."

+ms.localizationpriority: medium

+# Create permission on a driveItem

+Namespace: microsoft.graph

+Create a new [permission](../resources/permission.md) object on a [driveItem](../resources/permission.md).

+>**Note:** You can only use this method to create a new application permission. If you want to create a new user permission in a drive item, see [invite](./driveitem-invite.md).

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "driveitem_post_permissions" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /drives/{drive-id}/items/{item-id}/permissions

+POST /groups/{group-id}/drive/items/{item-id}/permissions

+POST /me/drive/items/{item-id}/permissions

+POST /sites/{siteId}/drive/items/{itemId}/permissions

+POST /users/{userId}/drive/items/{itemId}/permissions

+```

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Content-Type|application/json. Required.|

+## Request body

+In the request body, supply a JSON representation of the [permission](../resources/permission.md) object.

+## Response

+If successful, this method returns a `201 Created` response code and a [permission](../resources/permission.md) object in the response body.

+## Examples

+### Request

+The following example shows a request.

+<!-- {

+ "blockType": "request",

+ "name": "create_permission_from_"

+}

+-->

+### Response

+The following example shows the response.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.permission"

+}

+-->

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+{

+ "id": "1",

+ "@deprecated.GrantedToIdentities": "GrantedToIdentities has been deprecated. Refer to GrantedToIdentitiesV2",

+ "roles": [

+ "write"

+ ],

+ "grantedToIdentities": [

+ {

+ "application": {

+ "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",

+ "displayName": "Contoso Time Manager App"

+ }

+ }

+ ],

+ "grantedToIdentitiesV2": [

+ {

+ "application": {

+ "id": "89ea5c94-7736-4e25-95ad-3fa95f62b66e",

+ "displayName": "Contoso Time Manager App"

+ }

+ }

+ ]

+}

+```

+<!-- {

+ "type": "#page.annotation",

+ "section": "documentation",

+ "tocPath": "Items/Permissions/Create driveitem permissions"

+} -->

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+DELETE https://graph.microsoft.com/beta/education/classes/f1e03281-acd7-4fb0-84c3-902b3d30104c/assignments/0b30b986-7457-45e2-b87a-53df3ac7657d/rubric/$ref

+GET https://graph.microsoft.com/beta/education/classes/f1e03281-acd7-4fb0-84c3-902b3d30104c/assignments/09e2e94f-c701-45f5-98a8-cb5000195d2b/rubric

+ "@odata.type": "microsoft.graph.educationRubric"

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/classes('f1e03281-acd7-4fb0-84c3-902b3d30104c')/assignments('09e2e94f-c701-45f5-98a8-cb5000195d2b')/rubric/$entity",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET education/classes('<guid>')/assignments('<guid>')/rubric?$select=createdBy,createdDateTime",

+ "displayName": "Rubric4896",

+ "createdDateTime": "2024-07-11T11:20:54.1905879Z",

+ "lastModifiedDateTime": "2024-07-11T11:20:54.2012531Z",

+ "id": "3214c3c7-fb76-4b58-831f-82bd28b68dfd",

+ "content": "This is the rubric we use on postman testing",

+ "qualities": [

+ "qualityId": "53bd0640-8210-450f-b74c-a2cc50a9b120",

+ "displayName": null,

+ "weight": 33.33,

+ "content": "First quality",

+ "criteria": [

+ {

+ "description": {

+ "content": "First quality is excellent",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is good",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is poor",

+ "contentType": "text"

+ }

+ }

+ ]

+ "qualityId": "2ebd6515-4b48-45ea-bfc2-2b8b8938ac26",

+ "displayName": null,

+ "weight": 33.33,

+ "content": "Second quality",

+ "content": "Second quality is excellent",

+ "content": "Second quality is good",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Second quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Second quality is poor",

+ "qualityId": "a4a338b7-96f0-4600-a85a-4a3b606d5960",

+ "displayName": null,

+ "weight": 33.33,

+ "content": "Third quality",

+ "content": "Third quality is excellent",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Third quality is good",

+ "content": "Third quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "This quality is poor",

+ "levels": [

+ {

+ "levelId": "83a40aa7-f34a-44ad-a337-143997bcdc44",

+ "displayName": "Excellent",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 4

+ }

+ },

+ {

+ "levelId": "ba3ea5ed-33f8-4e04-8a6b-ac67c3a39d65",

+ "displayName": "Good",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 3

+ }

+ },

+ {

+ "levelId": "61763a58-d253-4a53-a017-92c01f6441f8",

+ "displayName": "Fair",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 2

+ }

+ },

+ {

+ "levelId": "afc660ea-1040-4420-a27e-dbbf118aaa6c",

+ "displayName": "Poor",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 1

+ }

+ }

+ ],

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": null,

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": null,

+ "displayName": null

+ }

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+DELETE https://graph.microsoft.com/beta/education/me/rubrics/767f2532-1fdd-41a5-85de-1f641e7bb9fc

+The following example shows a request.

+GET https://graph.microsoft.com/beta/education/me/rubrics/199816a3-bd27-4134-bffa-b3928e8ab3a5

+The following example shows the response.

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/me/rubrics/$entity",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET education/me/rubrics('<guid>')?$select=createdBy,createdDateTime",

+ "displayName": "Rubric6468",

+ "createdDateTime": "2024-07-11T14:03:36.5435838Z",

+ "lastModifiedDateTime": "2024-07-11T14:03:55.6961018Z",

+ "id": "199816a3-bd27-4134-bffa-b3928e8ab3a5",

+ "description": {

+ "content": "New Rubric",

+ "qualities": [

+ {

+ "qualityId": "93b651aa-1167-43dd-9971-fab0e242b396",

+ "displayName": null,

+ "weight": 33.33,

+ "description": {

+ "content": "First quality",

+ "contentType": "text"

+ },

+ "criteria": [

+ {

+ "description": {

+ "content": "First quality is excellent",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is good",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "First quality is poor",

+ "contentType": "text"

+ }

+ }

+ ]

+ },

+ "qualityId": "89e767f0-f66a-42f6-94f5-5b084bb17dad",

+ "displayName": null,

+ "weight": 33.33,

+ "description": {

+ "content": "Second quality",

+ "contentType": "text"

+ },

+ "criteria": [

+ {

+ "description": {

+ "content": "Second quality is excellent",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Second quality is good",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Second quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Second quality is poor",

+ "contentType": "text"

+ }

+ }

+ ]

+ "qualityId": "6c0e77ee-6bf5-4639-9602-3075d4774aa9",

+ "displayName": null,

+ "weight": 33.33,

+ "description": {

+ "content": "Third quality",

+ "contentType": "text"

+ },

+ "criteria": [

+ {

+ "description": {

+ "content": "Third quality is excellent",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Third quality is good",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "Third quality is fair",

+ "contentType": "text"

+ }

+ },

+ {

+ "description": {

+ "content": "This quality is poor",

+ "contentType": "text"

+ }

+ }

+ ]

+ ],

+ "levels": [

+ {

+ "levelId": "df3a03e2-a222-4515-aaaf-adbba692917d",

+ "displayName": "Excellent",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 4

+ }

+ },

+ "levelId": "a2f90a11-a565-4904-aaa2-c2be1c0c71f9",

+ "displayName": "Good",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 3

+ }

+ "levelId": "53023e26-1f8e-437a-a1fa-163683e0619a",

+ "displayName": "Fair",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 2

+ }

+ },

+ {

+ "levelId": "7afc81dc-8ecf-4889-aa59-5bfe20c8e755",

+ "displayName": "Poor",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 1

+ }

+ }

+ ],

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 100

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "fffafb29-e8bc-4de3-8106-be76ed2ad499",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "96134727-5b49-4f67-9a6b-68e133681d2a",

+ "displayName": null

+Updating a rubric attached to an assignment (`PATCH /education/classes/{id}/assignments/{id}/rubric`) is only possible before the assignment is published, and what is updated is actually the original rubric that exists under `/education/users/{id}/rubrics`. After the assignment is published, an immutable copy of the rubric is made that is attached to that specific assignment. That rubric can be retrieved using [GET /education/classes/{id}/assignments/{id}/rubric](educationrubric-get.md), but it can't be updated.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+PATCH https://graph.microsoft.com/beta/education/me/rubrics/5f650796-a600-4d20-87ef-c46ae34da3bb

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/me/rubrics/$entity",

+ "createdDateTime": "2024-07-17T00:21:14.4479093Z",

+ "lastModifiedDateTime": "2024-07-17T14:57:13.1807857Z",

+ "id": "5f650796-a600-4d20-87ef-c46ae34da3bb",

+ "content": "New Rubric",

+ "qualityId": "bdde7fc5-9a0b-4db7-9103-aeb6d4d20fbd",

+ "displayName": null,

+ "weight": 33.33,

+ "content": "First quality",

+ "content": "First quality is excellent",

+ "content": "First quality is good",

+ },

+ "content": "First quality is fair",

+ "content": "First quality is poor",

+ }

+ ],

+ "levels": [

+ {

+ "levelId": "f0b16138-3ab2-4712-bbe0-b0a2653017a1",

+ "displayName": "Excellent",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 4

+ }

+ },

+ {

+ "levelId": "f5b1cc98-a22e-44d6-8e20-a29fb7de4860",

+ "displayName": "Good",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 3

+ }

+ },

+ {

+ "levelId": "352dfa9f-0ad3-42c5-a7b7-843dc78d83f9",

+ "displayName": "Fair",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 2

+ }

+ },

+ {

+ "levelId": "b1d9ac8f-fb57-4172-9863-4a4994bc31fa",

+ "displayName": "Poor",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 1

+ }

+ }

+ ],

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 100

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "fffafb29-e8bc-4de3-8106-be76ed2ad499",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "fffafb29-e8bc-4de3-8106-be76ed2ad499",

+ "displayName": null

+ }

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+ Title: "Get educationSynchronizationErrors (deprecated)"

+# Get educationSynchronizationErrors (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Delete a educationSynchronizationProfile (deprecated)"

+# Delete a educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Get an educationSynchronizationProfile (deprecated)"

+# Get an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "List educationSynchronizationProfiles (deprecated)"

+# List educationSynchronizationProfiles (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Pause sync on an educationSynchronizationProfile (deprecated)"

+# Pause sync on an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Create an educationSynchronizationProfile (deprecated)"

+# Create an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Update an educationSynchronizationProfile (deprecated)"

+# Update an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Reset sync on an educationSynchronizationProfile (deprecated)"

+# Reset sync on an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Resume sync on an educationSynchronizationProfile (deprecated)"

+# Resume sync on an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Start sync after uploading files to an educationSynchronizationProfile (deprecated)"

+# Start sync after uploading files to an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+The following example shows the response.

+<!-- uuid: 8fcb5dbc-d5aa-4681-8e31-b001d5168d79

+ Title: "educationSynchronizationProfile: uploadUrl (deprecated)"

+# educationSynchronizationProfile: uploadUrl (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ Title: "Get the status of an educationSynchronizationProfile (deprecated)"

+# Get the status of an educationSynchronizationProfile (deprecated)

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+ "@odata.type": "Collection(microsoft.graph.educationRubric)"

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#education/me/rubrics",

+ "@odata.nextLink": "https://graph.microsoft.com/beta/education/me/rubrics?$skiptoken=MyZRVkZCUVVGQlFVRkVXakJCUVVGQlFVRkJRWGxCUVVGQmVYbGlhbFJxYmpsWE1EWmxhbWN2YjBoR1l6bE5RVDA5",

+ "@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET education/me/rubrics?$select=createdBy,createdDateTime",

+ "value": [

+ "displayName": "Example Credit Rubric after display name patch",

+ "createdDateTime": "2024-07-17T00:21:14.4479093Z",

+ "lastModifiedDateTime": "2024-07-17T15:00:08.5062776Z",

+ "id": "5f650796-a600-4d20-87ef-c46ae34da3bb",

+ "description": {

+ "content": "New Rubric",

+ "contentType": "text"

+ "qualities": [

+ "qualityId": "bdde7fc5-9a0b-4db7-9103-aeb6d4d20fbd",

+ "displayName": null,

+ "weight": 33.33,

+ "description": {

+ "content": "First quality",

+ "contentType": "text"

+ "criteria": [

+ "description": {

+ "content": "First quality is excellent",

+ "contentType": "text"

+ "description": {

+ "content": "First quality is good",

+ "contentType": "text"

+ },

+ "description": {

+ "content": "First quality is fair",

+ "contentType": "text"

+ "description": {

+ "content": "First quality is poor",

+ "contentType": "text"

+ }

+ ],

+ "levels": [

+ {

+ "levelId": "f0b16138-3ab2-4712-bbe0-b0a2653017a1",

+ "displayName": "Excellent",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 4

+ }

+ },

+ {

+ "levelId": "f5b1cc98-a22e-44d6-8e20-a29fb7de4860",

+ "displayName": "Good",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 3

+ }

+ },

+ {

+ "levelId": "352dfa9f-0ad3-42c5-a7b7-843dc78d83f9",

+ "displayName": "Fair",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 2

+ }

+ },

+ {

+ "levelId": "b1d9ac8f-fb57-4172-9863-4a4994bc31fa",

+ "displayName": "Poor",

+ "description": {

+ "content": "",

+ "contentType": "text"

+ },

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 1

+ }

+ }

+ ],

+ "grading": {

+ "@odata.type": "#microsoft.graph.educationAssignmentPointsGradeType",

+ "maxPoints": 100

+ },

+ "createdBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "fffafb29-e8bc-4de3-8106-be76ed2ad499",

+ "displayName": null

+ }

+ },

+ "lastModifiedBy": {

+ "application": null,

+ "device": null,

+ "user": {

+ "id": "fffafb29-e8bc-4de3-8106-be76ed2ad499",

+ "displayName": null

+ }

+ Title: "List communities"

+description: "Get a list of the Viva Engage community objects and their properties."

+ms.localizationpriority: medium

+# List communities

+Namespace: microsoft.graph

+Get a list of the Viva Engage [community](../resources/community.md) objects and their properties.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- { "blockType": "permissions", "name": "employeeexperience_list_communities" } -->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /employeeExperience/communities

+```

+## Optional query parameters

+This method supports the `$top`, `$select`, and `$expand` [OData query parameters](/graph/query-parameters) to help customize the response. It also supports the `$orderby` parameter for the **displayName** property.

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+## Request body

+Don't supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [community](../resources/community.md) objects in the response body.

+## Examples

+### Example 1: Get a list of communities

+The following example shows how to get a list of Viva Engage communities.

+#### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_community"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/employeeExperience/communities

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [Python](#tab/python)

+#### Response

+The following example shows the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.community)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#employeeExperience/communities",

+ "value": [

+ {

+ "id": "eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTEzMjYyODk5MjAifQ",

+ "displayName": "All Company",

+ "description": "This is the default group for everyone in the network",

+ "privacy": "public",

+ "groupId": "195d9ecd-f80e-4bab-af95-176eba253dfa"

+ },

+ {

+ "id": "eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTE0NzY2Mzc2OTYifQ",

+ "displayName": "TestCommunity5",

+ "description": "Test community created via API",

+ "privacy": "public",

+ "groupId": "0bed8b86-5026-4a93-ac7d-56750cc099f1"

+ }

+ ]

+}

+```

+### Example 2: Get a list of communities with pagination

+The following example shows how to get a list of Viva Engage communities using the `$top` query parameter to set the page size of results.

+#### Request

+The following example shows a request.

+# [HTTP](#tab/http)

+<!-- {

+ "blockType": "request",

+ "name": "list_community_top"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/employeeExperience/communities?$top=2

+```

+# [C#](#tab/csharp)

+# [CLI](#tab/cli)

+# [Go](#tab/go)

+# [Java](#tab/java)

+# [JavaScript](#tab/javascript)

+# [PHP](#tab/php)

+# [Python](#tab/python)

+#### Response

+If the number of communities exceeds 20 or you use the `$top` query parameter to set the page size of results, multiple query requests might be necessary to retrieve all results. In this scenario, the API continues to return a reference to the next page of results in the **@odata.nextLink** property with each response until no more pages remain to be retrieved.

+The following example shows the response that includes the **@odata.nextLink** property.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "Collection(microsoft.graph.community)"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#employeeExperience/communities",

+ "@odata.nextLink": "https://graph.microsoft.com/beta/employeeExperience/communities?$skiptoken=UVWlYzI7VjE7MTE2NDUzNDU3OTIwOzIwO0RlbW8tdGVzdC01OztEaXNwbGF5TmFtZTtmYWXYZTs",

+ "value": [

+ {

+ "id": "eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTEzMjYyODk5MjAifQ",

+ "displayName": "All Company",

+ "description": "This is the default group for everyone in the network",

+ "privacy": "public",

+ "groupId": "195d9ecd-f80e-4bab-af95-176eba253dfa"

+ },

+ {

+ "id": "eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTE0NzY2Mzc2OTYifQ",

+ "displayName": "TestCommunity5",

+ "description": "Test community created via API",

+ "privacy": "public",

+ "groupId": "0bed8b86-5026-4a93-ac7d-56750cc099f1"

+ }

+ ]

+}

+```

+### Example 5: Create a policy and specify the stages to trigger predefined access package custom extensions

+In the following example, the predefined **accessPackageCustomWorkflowExtension** object is triggered by the creation or approval of an access package assignment request. The identifier in the **customExtension** property corresponds to the ID of the **accessPackageCustomWorkflowExtension** object.

+#### Request

+The following example shows a request.

+The following example shows the response. The **customExtensionStageSettings** object isn't returned by default. To retrieve this object, use the [GET accessPackageAssignmentPolicy](../api/accesspackageassignmentpolicy-get.md) method with `$expand`. For more information, see [Example 3: Retrieve the custom extension stage settings for a policy](../api/accesspackageassignmentpolicy-get.md#example-3-retrieve-the-custom-extension-stage-settings-for-a-policy).

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed. The following properties can be updated.

+# Delete externalMeetingRegistrant (deprecated)

+> [!CAUTION]

+> The external meeting registrant API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+# List externalMeetingRegistrants (deprecated)

+> [!CAUTION]

+> The external meeting registrant API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+# Create externalMeetingRegistrant (deprecated)

+> [!CAUTION]

+> The external meeting registrant API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+# Delete externalMeetingRegistration (deprecated)

+> [!CAUTION]

+> The external meeting registration API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+# Get externalMeetingRegistration (deprecated)

+> [!CAUTION]

+> The external meeting registration API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+# Create externalMeetingRegistration (deprecated)

+> [!CAUTION]

+> The external meeting registration API is deprecated and will stop returning data on **December 31, 2024**. Please use the new [webinar APIs](../resources/virtualeventwebinar.md). For more information, see [Deprecation of the Microsoft Graph meeting registration beta APIs](https://devblogs.microsoft.com/microsoft365dev/deprecation-of-the-microsoft-graph-meeting-registration-beta-apis/).

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+Create a new [federatedIdentityCredential](../resources/federatedidentitycredential.md) object for an application if it doesn't exist, or update the properties of an existing [federatedIdentityCredential](../resources/federatedidentitycredential.md) object. By [configuring a trust relationship](/azure/active-directory/develop/workload-identity-federation-create-trust) between your Microsoft Entra application registration and the identity provider for your compute platform, you can use tokens issued by that platform to authenticate with Microsoft identity platform and call APIs in the Microsoft ecosystem. Maximum of 20 objects can be added to an application.

+<!-- { "blockType": "permissions", "name": "federatedidentitycredential-upsert" } -->

+ Title: "fido2AuthenticationMethod: creationOptions"

+description: "Retrieve creation options required to generate and register an Entra ID compatible passkey."

+ms.localizationpriority: medium

+# fido2AuthenticationMethod: creationOptions

+Namespace: microsoft.graph

+Retrieve creation options required to generate and register a Microsoft Entra ID-compatible passkey. Self-service operations aren't supported.

+## Permissions

+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

+<!-- {

+ "blockType": "permissions",

+ "name": "fido2authenticationmethod-creationoptions-permissions"

+}

+-->

+## HTTP request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /users/{usersId}/authentication/fido2Methods/creationOptions

+```

+## Function parameters

+The following table lists the parameters that are required when you call this function.

+|Parameter|Type|Description|

+|:|:|:|

+|challengeTimeoutInMinutes|Int32|Override the timeout of the server-generated challenge returned in the request. The default value is 5 minutes; this value can be overridden to between 5 - 43200 minutes.|

+## Request headers

+|Name|Description|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+## Request body

+Don't supply a request body for this method.

+## Response

+If successful, this function returns a `200 OK` response code and a [webauthnCredentialCreationOptions](../resources/webauthncredentialcreationoptions.md) in the response body.

+## Examples

+### Request

+The following example shows a request.

+<!-- {

+ "blockType": "request",

+ "name": "fido2authenticationmethodthis.creationoptions"

+}

+-->

+``` http

+GET https://graph.microsoft.com/beta/users/{usersId}/authentication/fido2Methods/creationOptions(challengeTimeoutInMinutes=10)

+```

+### Response

+The following example shows the response.

+>**Note:** The response object shown here might be shortened for readability.

+<!-- {

+ "blockType": "response",

+ "truncated": true,

+ "@odata.type": "microsoft.graph.webauthnCredentialCreationOptions"

+}

+-->

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+{

+ "value": {

+ "@odata.type": "microsoft.graph.webauthnCredentialCreationOptions"

+ }

+}

+```

+Add the group to the list of the current user's favorite groups. The group shows up in Outlook and Teams favorites. Supported for Microsoft 365 groups only.

+| removeLicenses | Guid collection | A collection of skuIds that identify the licenses to remove. Required. |

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+POST /groups/{group-id}/members/

+| Content-type | application/json. Required. |

+When using the `/groups/{group-id}/members/$ref` syntax, supply a JSON object that contains an **@odata.id** property with a reference by ID to a supported group member object type.

+When using the `/groups/{group-id}/members` syntax, supply a JSON object that contains a **members@odata.bind** property with one or more references by IDs to a supported group member object type.

+If using the **directoryObjects** reference, that is, `https://graph.microsoft.com/v1.0/directoryObjects/{id}`, the object type must still be a supported group member object type.

+If successful, this method returns a `204 No Content` response code. It returns a `400 Bad Request` response code when the object is already a member of the group or is unsupported as a group member. It returns a `404 Not Found` response code when the object being added doesn't exist.

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+<!-- { "blockType": "permissions", "name": "group_upsert" } -->

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+In the request body, supply the values for relevant fields that should be updated. Existing properties that aren't included in the request body maintain their previous values or are recalculated based on changes to other property values. For best performance, don't include existing values that haven't changed.

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+# [PowerShell](#tab/powershell)

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+# [PowerShell](#tab/powershell)

+<!-- { "blockType": "permissions", "name": "industrydata_referencedefinition_delete" } -->

+<!-- { "blockType": "permissions", "name": "industrydata_referencedefinition_post" } -->

+<!-- { "blockType": "permissions", "name": "industrydata_referencedefinition_update" } -->

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+| Authorization | string |Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|enrollmentTokenUsageCount|Int32|Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000|

+|enrollmentTokenUsageCount|Int32|Total number of AOSP devices that have enrolled using the current token. Valid values 0 to 20000|

+Read properties and relationships of the [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md) object in the response body.

+Update the properties of a [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md) object.

+In the request body, supply a JSON representation for the [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md) object.

+The following table shows the properties that are required when you create the [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceAppManagement](../resources/intune-apps-deviceappmanagement.md) object in the response body.

+Read properties and relationships of the [deviceManagement](../resources/intune-apps-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-apps-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-apps-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-apps-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-apps-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-apps-devicemanagement.md) object in the response body.

+Create a new [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object.

+If successful, this method returns a `201 Created` response code and a [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object in the response body.

+Deletes a [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md).

+Read properties and relationships of the [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object.

+If successful, this method returns a `200 OK` response code and [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object in the response body.

+List properties and relationships of the [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) objects.

+If successful, this method returns a `200 OK` response code and a collection of [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) objects in the response body.

+Update the properties of a [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object.

+In the request body, supply a JSON representation for the [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object.

+The following table shows the properties that are required when you create the [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md).

+If successful, this method returns a `200 OK` response code and an updated [iosLobAppProvisioningConfiguration](../resources/intune-apps-ioslobappprovisioningconfiguration.md) object in the response body.

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+Read properties and relationships of the [mobileApp](../resources/intune-apps-mobileapp.md) object.

+If successful, this method returns a `200 OK` response code and [mobileApp](../resources/intune-apps-mobileapp.md) object in the response body.

+```

+List properties and relationships of the [mobileApp](../resources/intune-apps-mobileapp.md) objects.

+If successful, this method returns a `200 OK` response code and a collection of [mobileApp](../resources/intune-apps-mobileapp.md) objects in the response body.

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+```

+Read properties and relationships of the [deviceManagement](../resources/intune-auditing-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-auditing-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-auditing-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-auditing-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-auditing-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-auditing-devicemanagement.md) object in the response body.

+Read properties and relationships of the [deviceAppManagement](../resources/intune-books-deviceappmanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceAppManagement](../resources/intune-books-deviceappmanagement.md) object in the response body.

+Update the properties of a [deviceAppManagement](../resources/intune-books-deviceappmanagement.md) object.

+In the request body, supply a JSON representation for the [deviceAppManagement](../resources/intune-books-deviceappmanagement.md) object.

+The following table shows the properties that are required when you create the [deviceAppManagement](../resources/intune-books-deviceappmanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceAppManagement](../resources/intune-books-deviceappmanagement.md) object in the response body.

+Read properties and relationships of the [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-chromebooksync-devicemanagement.md) object in the response body.

+Read properties and relationships of the [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-cloudpkigraphservice-devicemanagement.md) object in the response body.

+Read properties and relationships of the [deviceManagement](../resources/intune-companyterms-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-companyterms-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-companyterms-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-companyterms-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-companyterms-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-companyterms-devicemanagement.md) object in the response body.

+```

+```

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-androiddeviceownercertificateprofilebase.md)|

+```

+```

+```

+```

+```

+```

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidForWorkCertificateProfileBase](../resources/intune-deviceconfig-androidforworkcertificateprofilebase.md)|

+```

+```

+```

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidCertificateProfileBase](../resources/intune-deviceconfig-androidcertificateprofilebase.md)|

+```

+```

+```

+```

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [androidWorkProfileCertificateProfileBase](../resources/intune-deviceconfig-androidworkprofilecertificateprofilebase.md)|

+```

+```

+```

+```

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md)|

+|subjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Certificate Subject Name Format. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md). Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements. Inherited from [aospDeviceOwnerCertificateProfileBase](../resources/intune-deviceconfig-aospdeviceownercertificateprofilebase.md)|

+```

+```

+```

+Read properties and relationships of the [deviceCompliancePolicy](../resources/intune-deviceconfig-devicecompliancepolicy.md) object.

+If successful, this method returns a `200 OK` response code and [deviceCompliancePolicy](../resources/intune-deviceconfig-devicecompliancepolicy.md) object in the response body.

+List properties and relationships of the [deviceCompliancePolicy](../resources/intune-deviceconfig-devicecompliancepolicy.md) objects.

+If successful, this method returns a `200 OK` response code and a collection of [deviceCompliancePolicy](../resources/intune-deviceconfig-devicecompliancepolicy.md) objects in the response body.

+Read properties and relationships of the [deviceConfiguration](../resources/intune-deviceconfig-deviceconfiguration.md) object.

+If successful, this method returns a `200 OK` response code and [deviceConfiguration](../resources/intune-deviceconfig-deviceconfiguration.md) object in the response body.

+```

+List properties and relationships of the [deviceConfiguration](../resources/intune-deviceconfig-deviceconfiguration.md) objects.

+If successful, this method returns a `200 OK` response code and a collection of [deviceConfiguration](../resources/intune-deviceconfig-deviceconfiguration.md) objects in the response body.

+Read properties and relationships of the [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md) object in the response body.

+Update the properties of a [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md) object.

+In the request body, supply a JSON representation for the [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md) object.

+The following table shows the properties that are required when you create the [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagement](../resources/intune-deviceconfig-devicemanagement.md) object in the response body.

+Read properties and relationships of the [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md) object.

+If successful, this method returns a `200 OK` response code and [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md) object in the response body.

+```

+Update the properties of a [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md) object.

+In the request body, supply a JSON representation for the [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md) object.

+The following table shows the properties that are required when you create the [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md).

+If successful, this method returns a `200 OK` response code and an updated [deviceManagementDerivedCredentialSettings](../resources/intune-deviceconfig-devicemanagementderivedcredentialsettings.md) object in the response body.

+```

+ Title: "Create hardwarePasswordDetail"

+description: "Create a new hardwarePasswordDetail object."

+localization_priority: Normal

+# Create hardwarePasswordDetail

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Create a new [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+POST /deviceManagement/hardwarePasswordDetails

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the hardwarePasswordDetail object.

+The following table shows the properties that are required when you create the hardwarePasswordDetail.

+|Property|Type|Description|

+|:|:|:|

+|id|String|The unique identifier for the managed device. This ID is assigned at enrollment time. This is different than the Entra device ID, this one is for the managedDevice object itself. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|serialNumber|String|The device serial number as defined by the device manufacturer. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|currentPassword|String|The current device's BIOS password. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|previousPasswords|String collection|The list of all the previous device BIOS passwords. Supports: $filter, $select, $top, $skip. This property is read-only.|

+## Response

+If successful, this method returns a `201 Created` response code and a [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+POST https://graph.microsoft.com/beta/deviceManagement/hardwarePasswordDetails

+Content-type: application/json

+Content-length: 218

+{

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 201 Created

+Content-Type: application/json

+Content-Length: 267

+{

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "id": "e3ef8349-8349-e3ef-4983-efe34983efe3",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+}

+```

+ Title: "Delete hardwarePasswordDetail"

+description: "Deletes a hardwarePasswordDetail."

+localization_priority: Normal

+# Delete hardwarePasswordDetail

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Deletes a [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md).

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+DELETE /deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `204 No Content` response code.

+## Example

+### Request

+Here is an example of the request.

+``` http

+DELETE https://graph.microsoft.com/beta/deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 204 No Content

+```

+ Title: "Get hardwarePasswordDetail"

+description: "Read properties and relationships of the hardwarePasswordDetail object."

+localization_priority: Normal

+# Get hardwarePasswordDetail

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Read properties and relationships of the [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+```

+## Optional query parameters

+This method supports the [OData Query Parameters](/graph/query-parameters) to help customize the response.

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 300

+{

+ "value": {

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "id": "e3ef8349-8349-e3ef-4983-efe34983efe3",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+ }

+}

+```

+ Title: "List hardwarePasswordDetails"

+description: "List properties and relationships of the hardwarePasswordDetail objects."

+localization_priority: Normal

+# List hardwarePasswordDetails

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+List properties and relationships of the [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) objects.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.Read.All, DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+GET /deviceManagement/hardwarePasswordDetails

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Accept|application/json|

+## Request body

+Do not supply a request body for this method.

+## Response

+If successful, this method returns a `200 OK` response code and a collection of [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) objects in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+GET https://graph.microsoft.com/beta/deviceManagement/hardwarePasswordDetails

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 328

+{

+ "value": [

+ {

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "id": "e3ef8349-8349-e3ef-4983-efe34983efe3",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+ }

+ ]

+}

+```

+ Title: "Update hardwarePasswordDetail"

+description: "Update the properties of a hardwarePasswordDetail object."

+localization_priority: Normal

+# Update hardwarePasswordDetail

+Namespace: microsoft.graph

+> **Important:** Microsoft Graph APIs under the /beta version are subject to change; production use is not supported.

+> **Note:** The Microsoft Graph API for Intune requires an [active Intune license](https://go.microsoft.com/fwlink/?linkid=839381) for the tenant.

+Update the properties of a [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object.

+## Permissions

+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).

+|Permission type|Permissions (from least to most privileged)|

+|:|:|

+|Delegated (work or school account)|DeviceManagementConfiguration.ReadWrite.All|

+|Delegated (personal Microsoft account)|Not supported.|

+|Application|DeviceManagementConfiguration.ReadWrite.All|

+## HTTP Request

+<!-- {

+ "blockType": "ignored"

+}

+-->

+``` http

+PATCH /deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+```

+## Request headers

+|Header|Value|

+|:|:|

+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

+|Accept|application/json|

+## Request body

+In the request body, supply a JSON representation for the [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object.

+The following table shows the properties that are required when you create the [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md).

+|Property|Type|Description|

+|:|:|:|

+|id|String|The unique identifier for the managed device. This ID is assigned at enrollment time. This is different than the Entra device ID, this one is for the managedDevice object itself. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|serialNumber|String|The device serial number as defined by the device manufacturer. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|currentPassword|String|The current device's BIOS password. Supports: $filter, $select, $top, $OrderBy, $skip. This property is read-only.|

+|previousPasswords|String collection|The list of all the previous device BIOS passwords. Supports: $filter, $select, $top, $skip. This property is read-only.|

+## Response

+If successful, this method returns a `200 OK` response code and an updated [hardwarePasswordDetail](../resources/intune-deviceconfig-hardwarepassworddetail.md) object in the response body.

+## Example

+### Request

+Here is an example of the request.

+``` http

+PATCH https://graph.microsoft.com/beta/deviceManagement/hardwarePasswordDetails/{hardwarePasswordDetailId}

+Content-type: application/json

+Content-length: 218

+{

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+}

+```

+### Response

+Here is an example of the response. Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

+``` http

+HTTP/1.1 200 OK

+Content-Type: application/json

+Content-Length: 267

+{

+ "@odata.type": "#microsoft.graph.hardwarePasswordDetail",

+ "id": "e3ef8349-8349-e3ef-4983-efe34983efe3",

+ "serialNumber": "Serial Number value",

+ "currentPassword": "Current Password value",

+ "previousPasswords": [

+ "Previous Passwords value"

+ ]

+}

+```

+|id|String|A unique string Id that is based on associated Intune Device Id. This property is read-only.|

+|serialNumber|String|Associated device's serial number . This property is read-only.|

+|currentPassword|String|Current device password. This property is read-only.|

+|previousPasswords|String collection|List of previous device passwords. This property is read-only.|

+|id|String|A unique string Id that is based on associated Intune Device Id. This property is read-only.|

+|serialNumber|String|Associated device's serial number . This property is read-only.|

+|currentPassword|String|Current device password. This property is read-only.|

+|previousPasswords|String collection|List of previous device passwords. This property is read-only.|

+```

+```

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.|

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.|

+```

+```

+```

+```

+```

+```

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the channel used to deploy the configuration profile. Available choices are DeviceChannel, UserChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the channel used to deploy the configuration profile. Available choices are DeviceChannel, UserChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Inherited from [macOSWiFiConfiguration](../resources/intune-deviceconfig-macoswificonfiguration.md). Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1897

+ "deploymentChannel": "userChannel",

+Content-Length: 2069

+ "deploymentChannel": "userChannel",

+Content-Length: 2190

+ "deploymentChannel": "userChannel",

+Content-Length: 2306

+ "deploymentChannel": "userChannel",

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Inherited from [macOSWiFiConfiguration](../resources/intune-deviceconfig-macoswificonfiguration.md). Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1897

+ "deploymentChannel": "userChannel",

+Content-Length: 2069

+ "deploymentChannel": "userChannel",

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1336

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+Content-Length: 1508

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+Content-Length: 1605

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+Content-Length: 1697

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1336

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+Content-Length: 1508

+ "intendedPurpose": "smimeEncryption",

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1896

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2068

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2191

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2309

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1896

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2068

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.|

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 2032

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2204

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2347

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2485

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+|extendedKeyUsages|[extendedKeyUsage](../resources/intune-deviceconfig-extendedkeyusage.md) collection|Extended Key Usage (EKU) settings. This collection can contain a maximum of 500 elements.|

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 2032

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 2204

+ "allowAllAppsAccess": true,

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1177

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1349

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+```

+```

+Content-Length: 1438

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+```

+Content-Length: 1522

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+```

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1177

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1349

+ "certFileName": "Cert File Name value",

+ "deploymentChannel": "userChannel"

+```

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 3061

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 3233

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 3460

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 3682

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 3061

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+Content-Length: 3233

+ "optInToDeviceIdSharing": true,

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1489

+ "deploymentChannel": "userChannel",

+Content-Length: 1661

+ "deploymentChannel": "userChannel",

+Content-Length: 1766

+ "deploymentChannel": "userChannel",

+Content-Length: 1866

+ "deploymentChannel": "userChannel",

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1489

+ "deploymentChannel": "userChannel",

+Content-Length: 1661

+ "deploymentChannel": "userChannel",

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1538

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1710

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1815

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1915

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+|deploymentChannel|[appleDeploymentChannel](../resources/intune-deviceconfig-appledeploymentchannel.md)|Indicates the deployment channel type used to deploy the configuration profile. Possible values are deviceChannel, userChannel. Possible values are: `deviceChannel`, `userChannel`, `unknownFutureValue`.|

+Content-length: 1538

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+Content-Length: 1710

+ "enableOuterIdentityPrivacy": "Enable Outer Identity Privacy value",

+ "deploymentChannel": "userChannel"

+|certificateRevokeStatus|[certificateRevocationStatus](../resources/intune-deviceconfig-certificaterevocationstatus.md)|Revoke status. Possible values are: `none`, `pending`, `issued`, `failed`, `revoked`.|

+|certificateRevokeStatus|[certificateRevocationStatus](../resources/intune-deviceconfig-certificaterevocationstatus.md)|Revoke status. Possible values are: `none`, `pending`, `issued`, `failed`, `revoked`.|

+|certificateIssuanceState|[certificateIssuanceStates](../resources/intune-deviceconfig-certificateissuancestates.md)|Issuance State. Possible values are: `unknown`, `challengeIssued`, `challengeIssueFailed`, `requestCreationFailed`, `requestSubmitFailed`, `challengeValidationSucceeded`, `challengeValidationFailed`, `issueFailed`, `issuePending`, `issued`, `responseProcessingFailed`, `responsePending`, `enrollmentSucceeded`, `enrollmentNotNeeded`, `revoked`, `removedFromCollection`, `renewVerified`, `installFailed`, `installed`, `deleteFailed`, `deleted`, `renewalRequested`, `requested`.|

+|certificateSubjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Subject name format. Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|certificateRevokeStatus|[certificateRevocationStatus](../resources/intune-deviceconfig-certificaterevocationstatus.md)|Revoke status. Possible values are: `none`, `pending`, `issued`, `failed`, `revoked`.|

+```

+```

+```

+```

+|certificateIssuanceState|[certificateIssuanceStates](../resources/intune-deviceconfig-certificateissuancestates.md)|Issuance State. Possible values are: `unknown`, `challengeIssued`, `challengeIssueFailed`, `requestCreationFailed`, `requestSubmitFailed`, `challengeValidationSucceeded`, `challengeValidationFailed`, `issueFailed`, `issuePending`, `issued`, `responseProcessingFailed`, `responsePending`, `enrollmentSucceeded`, `enrollmentNotNeeded`, `revoked`, `removedFromCollection`, `renewVerified`, `installFailed`, `installed`, `deleteFailed`, `deleted`, `renewalRequested`, `requested`.|

+|certificateSubjectNameFormat|[subjectNameFormat](../resources/intune-deviceconfig-subjectnameformat.md)|Subject name format. Possible values are: `commonName`, `commonNameIncludingEmail`, `commonNameAsEmail`, `custom`, `commonNameAsIMEI`, `commonNameAsSerialNumber`, `commonNameAsAadDeviceId`, `commonNameAsIntuneDeviceId`, `commonNameAsDurableDeviceId`.|

+|certificateRevokeStatus|[certificateRevocationStatus](../resources/intune-deviceconfig-certificaterevocationstatus.md)|Revoke status. Possible values are: `none`, `pending`, `issued`, `failed`, `revoked`.|

+```

+If successful, this function returns a `200 OK` response code and a [report](../resources/intune-deviceconfig-report.md) in the response body.

+If successful, this function returns a `200 OK` response code and a [report](../resources/intune-deviceconfig-report.md) in the response body.

+Read properties and relationships of the [reportRoot](../resources/intune-deviceconfig-reportroot.md) object.

+If successful, this method returns a `200 OK` response code and [reportRoot](../resources/intune-deviceconfig-reportroot.md) object in the response body.

+Update the properties of a [reportRoot](../resources/intune-deviceconfig-reportroot.md) object.

+In the request body, supply a JSON representation for the [reportRoot](../resources/intune-deviceconfig-reportroot.md) object.

+The following table shows the properties that are required when you create the [reportRoot](../resources/intune-deviceconfig-reportroot.md).

+If successful, this method returns a `200 OK` response code and an updated [reportRoot](../resources/intune-deviceconfig-reportroot.md) object in the response body.

+```