What's new in Microsoft Graph

See highlights of what's new in the recent two months in Microsoft Graph, what's added earlier, and how you can share your ideas. For a detailed list of API-level updates, see the API changelog.

Important

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to generally available (GA) status. Do not use preview features in production apps.

March 2023: New and generally available

Compliance | Records management

Use the Microsoft Purview records management API to help organizations manage the retention and deletion of data to meet legal obligations and compliance regulations.

Identity and access | Directory management

Get newly created, updated, or deleted directory objects without performing a full read of the entire set of Active Directory objects in an organization.

Teamwork and communications | Messaging

To export Teams content, you can list teams that have been deleted, and get 1:1 chats, group chats, meeting chats, and channel messages of a deleted team. For more information, see Export content with the Microsoft Teams export APIs.

March 2023: New in preview only

Device and app management | Cloud PC

Getting launch information about a signed-in user's connecting to a Cloud PC now includes whether the Cloud PC supports switch functionality, and reason if it doesn't, such as not meeting requirements for the version of the operating system, CPU, or RAM.

Files

When sharing an item on OneDrive for Business with other users, include the option to notify those users by email.

Identity and access | Identity and sign-in

In addition to approving authentication push notifications on Microsoft Authenticator, specified users, groups, or administrative units can approve authentication push notifications on a supported Microsoft 365 app (Outlook mobile app). Administrators can get or update the companionAppAllowedState property of the feature settings of a Microsoft Authenticator authentication method configuration policy. When enabling this capability, administrators can set the Microsoft 365 app name in the clientAppName property for the Microsoft Authenticator authentication method registered to the user.

Industry data ETL

Use the debut industry data API, which is a multi-vertical, cross-industry, ETL (Extract-Transform-Load) platform, to combine data from multiple sources into a single Azure Data Lake data store, normalize the data, and export it in outbound flows. Get statistics after the data is processed. You can also use the API to assist with monitoring and troubleshooting.

Reports | Azure AD activity reports

• View in an Azure AD activity report if any sign-in activity in your directory is triggered by a match of a condition about Microsoft admin portals, that is satisfied in a rule in the applied conditional access policy.
• View in an Azure AD activity report the result of enforcing a custom authentication strength in an applied conditional access policy.

Sites and lists

When sharing an item on SharePoint with other users, include the option to notify those users by email.

February 2023: New and generally available

Identity and access | Directory management

• Following the Zero Trust cybersecurity model, Microsoft partners can use granular delegated admin privileges (GDAP) to carry out administrative tasks with least-privileged access to their customer tenants, to avoid potential security exposures. Instead of requesting Global Administrator role as in the past, partners request specific roles for customer tenant administration for a definite amount of time, and their customers must explicitly grant the least-privileged access to them.
• Get or update the configuration and features of on-premises directory synchronization set up for an organization, including configuration to prevent accidental deletion.

Identity and access | Governance

As part of a policy for access package assignment, you can specify or get the required regex pattern for a requestor to answer an access package question.

Identity and access | Identity and sign-in

Specify in a cross-tenant access policy to enable B2B collaboration across Azure clouds, for example, between tenants in Azure Commercial and Azure Government clouds, and between Azure Commercial and Azure China clouds.

Search | Query

Use application permissions and search all shared or private content on SharePoint sites that belong to the app owner in a specified region.

Security | Attack simulation and training

• Get information about an automated attack simulation for a tenant.
• Get a list of automated runs of attack simulation for a tenant.

Teamwork and communications | Calls and online meetings

Support a user to participate in an online meeting in the role of a coorganizer.

Teamwork and communications | Messaging

Support an Azure Communication Services user to participate in a team, channel, or chat.

To-do tasks

Use a single POST operation to attach a file up to 3MB to a to-do task, or create an upload session to iteratively upload portions of a file up to 25 MB total size to attach it to a task.

February 2023: New in preview only

Applications | Synchronization

When calling the synchronization API, take advantage of more granular permissions designed for reading or writing synchronization data, by using the new permission, Synchronization.Read.All, instead of the higher privileged permission, Directory.Read.All, and Synchronization.ReadWrite.All instead of Directory.Read.All.

Calendar

Request a lower privileged delegated or application permission, Calendar.ReadBasic or Calendars.ReadBasic.All, for most read operations for events in calendars, with or without a signed-in user present. These permissions allow an app to read events of all calendars, except for properties such as body, attachments, and extensions. For the exact list of operations that support these permissions, see the February updates for Calendar.

Device and app management | Cloud PC

• Enable or disable single sign-on as part of a Cloud PC provisioning policy and of the tenant-wide organization settings for Cloud PC. When single sign-on is enabled, Windows 365 users can use single sign-on to authenticate to Azure Active Directory (Azure AD) with passwordless options (for example, FIDO keys) to access their Cloud PCs.
• Organizations with frontline workers can provision Cloud PCs as a shared type and subscribe to a shared-use service plan for Cloud PCs.
• Allow a customer to select from a list of supported region groups when provisioning a Cloud PC, so to put that Cloud PC in one of the regions belonging to that group based on resource status.

Device and app management | Device updates

Use the Windows Update for Business deployment service to manage Windows 11 feature updates and driver updates. When enrolled devices are scanned for updates, the deployment service identifies applicable, better drivers for each device. The service collects such driver information in a catalog for approval, and schedules approved catalog content for deployment.

Identity and access | Directory management

Debut of pronouns support for organizations - use pronouns settings to programmatically manage the support of pronouns in an organization. Find out about how administrators can enable or disable pronouns in the Microsoft 365 admin center, and the availability timeline for pronouns on profile cards on the Microsoft 365 roadmap.

Identity and access | Directory management

Use the recommendation resource as personalized and actionable insights to implement Azure Active Directory best practices. Recommendations help to ensure your tenant is in a secure and healthy state and maximize the value of the features available in Azure AD. For more information about how recommendations work in Azure AD for administrators, see What are Azure Active Directory recommendations.

Identity and access | Governance

List the users who are in the scope of the execution conditions of a workflow.

Security | Attack simulation and training

• Create or delete an attack simulation campaign for a tenant. Prior to this update, apps can only get information about an existing simulation campaign.
• Get information about an attack simulation training. Get further details such as the content and coachmarks.

Teamwork and communications | Calls and online meetings

Identify the reasons for shared content or video from an online meeting participant being restricted.

Teamwork and communications | Messaging

Support an Azure Communication Services user to participate in a team, channel, or chat.

Want to stay in the loop?

Here are some ways we can engage:

• Are there scenarios you'd like Microsoft Graph to support? Suggest and vote for new features at Microsoft Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features in the following order:

  1. Debut in preview status. Any related REST API updates are in the beta endpoint (https://graph.microsoft.com/beta).

  2. Promoted to general availability (GA) status, if sufficient feedback indicates viability. Any related REST API updates are added to the v1.0 endpoint (https://graph.microsoft.com/v1.0).

• Be an active member in the Microsoft Graph community! Join the weekly Microsoft 365 platform community call.

• Sign up for the Microsoft 365 developer program, get a free Microsoft 365 subscription, and start developing!

See also

• Check out the Microsoft Graph developer blog periodically for release announcements and helpful resources.
• Browse details of Microsoft Graph API additions, and API behavior updates in the changelog.
• Find highlights of earlier releases.
• Learn more about versioning, support, and breaking change policies for Microsoft Graph.