Update user

Namespace: microsoft.graph

Update the properties of a user object. Not all properties can be updated by Member or Guest users with their default permissions without Administrator roles. Compare member and guest default permissions to see properties they can manage.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type	Permissions (from least to most privileged)
Delegated (work or school account)	User.ReadWrite, User.ManageIdentities.All, User.EnableDisableAccount.All, User.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account)	User.ReadWrite
Application	User.ManageIdentities.All, User.EnableDisableAccount.All, User.ReadWrite.All, Directory.ReadWrite.All

Note

• To update sensitive user properties, such as accountEnabled, mobilePhone, and otherMails for users with privilged administrator roles, the app must be assigned the Directory.AccessAsUser.All delegated permission, and the calling user must have a higher privileged administrator role as indicated in Who can perform sensitive actions.
• Your personal Microsoft account must be tied to an Azure AD tenant to update your profile with the User.ReadWrite delegated permission on a personal Microsoft account.
• Updating the identities property requires the User.ManageIdentities.All permission. Also, adding a B2C local account to an existing user object is not allowed, unless the user object already contains a local account identity.

HTTP request

PATCH /users/{id | userPrincipalName}

Request headers

Header	Value
Authorization	Bearer {token}. Required.
Content-Type	application/json

Request body

In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

Property	Type	Description
aboutMe	String	A freeform text entry field for the user to describe themselves.
accountEnabled	Boolean	true if the account is enabled; otherwise, false. This property is required when a user is created. A global administrator assigned the Directory.AccessAsUser.All delegated permission can update the accountEnabled status of all administrators in the tenant.
ageGroup	ageGroup	Sets the age group of the user. Allowed values: null, Minor, NotAdult and Adult. Refer to the legal age group property definitions for further information.
birthday	DateTimeOffset	The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z
businessPhones	String collection	The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property.
city	String	The city in which the user is located.
companyName	String	The company name which the user is associated. This property can be useful for describing the company that an external user comes from. The maximum length is 64 characters.
consentProvidedForMinor	consentProvidedForMinor	Sets whether consent has been obtained for minors. Allowed values: null, Granted, Denied and NotRequired. Refer to the legal age group property definitions for further information.
country	String	The country/region in which the user is located; for example, US or UK.
department	String	The name for the department in which the user works.
displayName	String	The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates.
employeeId	String	The employee identifier assigned to the user by the organization. The maximum length is 16 characters.
employeeType	String	Captures enterprise worker type. For example, Employee, Contractor, Consultant, or Vendor. Returned only on $select.
givenName	String	The given name (first name) of the user.
employeeHireDate	DateTimeOffset	The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z
employeeLeaveDateTime	DateTimeOffset	The date and time when the user left or will leave the organization. The timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. For delegated scenarios, the calling user must have the Global Administrator role and the calling app assigned the User.Read.All and User-LifeCycleInfo.ReadWrite.All delegated permissions.
interests	String collection	A list for the user to describe their interests.
jobTitle	String	The user’s job title.
mail	String	The SMTP address for the user, for example, jeff@contoso.onmicrosoft.com. Changes to this property will also update the user's proxyAddresses collection to include the value as a SMTP address. For Azure AD B2C accounts, this property can be updated up to only ten times with unique SMTP addresses. Cannot be updated to null.
mailNickname	String	The mail alias for the user. This property must be specified when a user is created.
mobilePhone	String	The primary cellular telephone number for the user.
mySite	String	The URL for the user's personal site.
officeLocation	String	The office location in the user's place of business.
onPremisesExtensionAttributes	onPremisesExtensionAttributes	Contains extensionAttributes 1-15 for the user. Note that the individual extension attributes are neither selectable nor filterable. For an onPremisesSyncEnabled user, the source of authority for this set of properties is the on-premises and is read-only and is read-only. These extension attributes are also known as Exchange custom attributes 1-15.
onPremisesImmutableId	String	This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user’s userPrincipalName (UPN) property. Important: The $ and _ characters cannot be used when specifying this property.
otherMails	String collection	A list of additional email addresses for the user; for example: ["bob@contoso.com", "Robert@fabrikam.com"].
passwordPolicies	String	Specifies password policies for the user. This value is an enumeration with one possible value being DisableStrongPassword, which allows weaker passwords than the default policy to be specified. DisablePasswordExpiration can also be specified. The two may be specified together; for example: DisablePasswordExpiration, DisableStrongPassword.
passwordProfile	PasswordProfile	Specifies the password profile for the user. The profile contains the user’s password. The password in the profile must satisfy minimum requirements as specified by the passwordPolicies property. By default, a strong password is required. As a best practice, always set the forceChangePasswordNextSignIn to true. This cannot be used for federated users. In delegated access, the calling app must be assigned the Directory.AccessAsUser.All delegated permission on behalf of the signed-in user. In application-only access, the calling app must be assigned the User.ReadWrite.All application permission and at least the User Administrator Azure AD role.
pastProjects	String collection	A list for the user to enumerate their past projects.
postalCode	String	The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.
preferredLanguage	String	The preferred language for the user. Should follow ISO 639-1 Code; for example en-US.
responsibilities	String collection	A list for the user to enumerate their responsibilities.
schools	String collection	A list for the user to enumerate the schools they have attended.
skills	String collection	A list for the user to enumerate their skills.
state	String	The state or province in the user's address.
streetAddress	String	The street address of the user's place of business.
surname	String	The user's surname (family name or last name).
usageLocation	String	A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: US, JP, and GB. Not nullable.
userPrincipalName	String	The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant's collection of verified domains. The verified domains for the tenant can be accessed from the verifiedDomains property of organization. NOTE: This property cannot contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, ' . - _ ! # ^ ~. For the complete list of allowed characters, see username policies.
userType	String	A string value that can be used to classify user types in your directory, such as Member and Guest.

Note

• The following properties cannot be updated by an app with only application permissions: aboutMe, birthday, employeeHireDate, interests, mySite, pastProjects, responsibilities, schools, and skills.
• To update the following properties, you must specify them in their own PATCH request, without including the other properties listed in the table above: aboutMe, birthday, interests, mySite, pastProjects, responsibilities, schools, and skills.

Manage extensions and associated data

Use this API to manage the directory, schema, and open extensions and their data for users, as follows:

• Add, update and store data in the extensions for an existing user
• For directory and schema extensions, remove any stored data by setting the value of the custom extension property to null. For open extensions, use the Delete open extension API.

Response

If successful, this method returns a 204 No Content response code.

Example

Example 1: Update properties of the signed-in user

Request

The following example shows a request.

HTTP

PATCH https://graph.microsoft.com/v1.0/me
Content-type: application/json

{
  "businessPhones": [
    "+1 425 555 0109"
  ],
  "officeLocation": "18/2111"
}

C#

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new User
{
	BusinessPhones = new List<string>
	{
		"+1 425 555 0109",
	},
	OfficeLocation = "18/2111",
};
var result = await graphClient.Me.PatchAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const user = {
  businessPhones: [
    '+1 425 555 0109'
  ],
  officeLocation: '18/2111'
};

await client.api('/me')
	.update(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

User user = new User();
LinkedList<String> businessPhonesList = new LinkedList<String>();
businessPhonesList.add("+1 425 555 0109");
user.businessPhones = businessPhonesList;
user.officeLocation = "18/2111";

graphClient.me()
	.buildRequest()
	.patch(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewUser()
businessPhones := []string {
	"+1 425 555 0109",

}
requestBody.SetBusinessPhones(businessPhones)
officeLocation := "18/2111"
requestBody.SetOfficeLocation(&officeLocation) 

result, err := graphClient.Me().Patch(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Users

$params = @{
	BusinessPhones = @(
		"+1 425 555 0109"
	)
	OfficeLocation = "18/2111"
}

# A UPN can also be used as -UserId.
Update-MgUser -UserId $userId -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new User();
$requestBody->setBusinessPhones(['+1 425 555 0109', ]);

$requestBody->setOfficeLocation('18/2111');



$requestResult = $graphServiceClient->me()->patch($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

The following example shows the response.

HTTP/1.1 204 No Content

Example 2: Update properties of the specified user

Request

The following example shows a request.

HTTP

PATCH https://graph.microsoft.com/v1.0/users/{id}
Content-type: application/json

{
  "businessPhones": [
    "+1 425 555 0109"
  ],
  "officeLocation": "18/2111"
}

C#

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new User
{
	BusinessPhones = new List<string>
	{
		"+1 425 555 0109",
	},
	OfficeLocation = "18/2111",
};
var result = await graphClient.Users["{user-id}"].PatchAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const user = {
  businessPhones: [
    '+1 425 555 0109'
  ],
  officeLocation: '18/2111'
};

await client.api('/users/{id}')
	.update(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

User user = new User();
LinkedList<String> businessPhonesList = new LinkedList<String>();
businessPhonesList.add("+1 425 555 0109");
user.businessPhones = businessPhonesList;
user.officeLocation = "18/2111";

graphClient.users("{id}")
	.buildRequest()
	.patch(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewUser()
businessPhones := []string {
	"+1 425 555 0109",

}
requestBody.SetBusinessPhones(businessPhones)
officeLocation := "18/2111"
requestBody.SetOfficeLocation(&officeLocation) 

result, err := graphClient.UsersById("user-id").Patch(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Users

$params = @{
	BusinessPhones = @(
		"+1 425 555 0109"
	)
	OfficeLocation = "18/2111"
}

Update-MgUser -UserId $userId -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new User();
$requestBody->setBusinessPhones(['+1 425 555 0109', ]);

$requestBody->setOfficeLocation('18/2111');



$requestResult = $graphServiceClient->usersById('user-id')->patch($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

The following example shows the response.

HTTP/1.1 204 No Content

Example 3: Update the passwordProfile of a user to reset their password

The following example shows a request to reset the password of another user. As a best practice, always set the forceChangePasswordNextSignIn to true.

Request

HTTP

PATCH https://graph.microsoft.com/v1.0/users/{id}
Content-type: application/json

{
  "passwordProfile": {
    "forceChangePasswordNextSignIn": false,
    "password": "xWwvJ]6NMw+bWH-d"
  }
}

C#

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new User
{
	PasswordProfile = new PasswordProfile
	{
		ForceChangePasswordNextSignIn = false,
		Password = "xWwvJ]6NMw+bWH-d",
	},
};
var result = await graphClient.Users["{user-id}"].PatchAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const user = {
  passwordProfile: {
    forceChangePasswordNextSignIn: false,
    password: 'xWwvJ]6NMw+bWH-d'
  }
};

await client.api('/users/{id}')
	.update(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

GraphServiceClient graphClient = GraphServiceClient.builder().authenticationProvider( authProvider ).buildClient();

User user = new User();
PasswordProfile passwordProfile = new PasswordProfile();
passwordProfile.forceChangePasswordNextSignIn = false;
passwordProfile.password = "xWwvJ]6NMw+bWH-d";
user.passwordProfile = passwordProfile;

graphClient.users("{id}")
	.buildRequest()
	.patch(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewUser()
passwordProfile := graphmodels.NewPasswordProfile()
forceChangePasswordNextSignIn := false
passwordProfile.SetForceChangePasswordNextSignIn(&forceChangePasswordNextSignIn) 
password := "xWwvJ]6NMw+bWH-d"
passwordProfile.SetPassword(&password) 
requestBody.SetPasswordProfile(passwordProfile)

result, err := graphClient.UsersById("user-id").Patch(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Users

$params = @{
	PasswordProfile = @{
		ForceChangePasswordNextSignIn = $false
		Password = "xWwvJ]6NMw+bWH-d"
	}
}

Update-MgUser -UserId $userId -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new User();
$passwordProfile = new PasswordProfile();
$passwordProfile->setForceChangePasswordNextSignIn(false);

$passwordProfile->setPassword('xWwvJ]6NMw+bWH-d');


$requestBody->setPasswordProfile($passwordProfile);


$requestResult = $graphServiceClient->usersById('user-id')->patch($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Response

HTTP/1.1 204 No Content

Example 4: Add or update the values of a schema extension for a user

You can update or assign a value to a single property or all properties in the extension.

Request

HTTP

PATCH https://graph.microsoft.com/v1.0/users/4562bcc8-c436-4f95-b7c0-4f8ce89dca5e
Content-type: application/json

{
    "ext55gb1l09_msLearnCourses": {
        "courseType": "Admin"
    }
}

C#

var graphClient = new GraphServiceClient(requestAdapter);

var requestBody = new User
{
	AdditionalData = new Dictionary<string, object>
	{
		{
			"ext55gb1l09_msLearnCourses" , new 
			{
				CourseType = "Admin",
			}
		},
	},
};
var result = await graphClient.Users["{user-id}"].PatchAsync(requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

JavaScript

const options = {
	authProvider,
};

const client = Client.init(options);

const user = {
    ext55gb1l09_msLearnCourses: {
        courseType: 'Admin'
    }
};

await client.api('/users/4562bcc8-c436-4f95-b7c0-4f8ce89dca5e')
	.update(user);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Java

Snippet not available

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

Go

//THE GO SDK IS IN PREVIEW. NON-PRODUCTION USE ONLY
graphClient := msgraphsdk.NewGraphServiceClientWithCredentials(cred, scopes)

requestBody := graphmodels.NewUser()
additionalData := map[string]interface{}{
ext55gb1l09_msLearnCourses := graphmodels.New()
courseType := "Admin"
ext55gb1l09_msLearnCourses.SetCourseType(&courseType) 
	requestBody.SetExt55gb1l09_msLearnCourses(ext55gb1l09_msLearnCourses)
}
requestBody.SetAdditionalData(additionalData)

result, err := graphClient.UsersById("user-id").Patch(context.Background(), requestBody, nil)

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PowerShell

Import-Module Microsoft.Graph.Users

$params = @{
}

Update-MgUser -UserId $userId -BodyParameter $params

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

PHP

<?php

// THIS SNIPPET IS A PREVIEW FOR THE KIOTA BASED SDK. NON-PRODUCTION USE ONLY
$graphServiceClient = new GraphServiceClient($requestAdapter);

$requestBody = new User();
$additionalData = [
'ext55gb1l09_msLearnCourses' => $requestBody = new Ext55gb1l09_msLearnCourses();
$		requestBody->setCourseType('Admin');


$requestBody->setExt55gb1l09_msLearnCourses($ext55gb1l09_msLearnCourses);

];
$requestBody->setAdditionalData($additionalData);




$requestResult = $graphServiceClient->usersById('user-id')->patch($requestBody);

For details about how to add the SDK to your project and create an authProvider instance, see the SDK documentation.

To remove the value of the schema extension from the user object, set the ext55gb1l09_msLearnCourses property to null.

Response

HTTP/1.1 204 No Content

See also

• Add custom data to resources using extensions
• Add custom data to users using open extensions (preview)
• Add custom data to groups using schema extensions (preview)