Microsoft.Graph.Users.Actions
Microsoft Graph PowerShell Cmdlets
Microsoft.Graph.Users.Actions
| Add-MgUserChatMember |
Add multiple members in a single request to a team. The response provides details about which memberships could and couldn't be created. |
| Add-MgUserDriveListContentTypeCopy |
Add a copy of a [content type][contentType] from a [site][site] to a [list][list]. |
| Add-MgUserDriveListContentTypeCopyFromContentTypeHub |
Add or sync a copy of a published content type from the content type hub to a target site or a list. This method is part of the content type publishing changes to optimize the syncing of published content types to sites and lists, effectively switching from a 'push everywhere' to 'pull as needed' approach. The method allows users to pull content types directly from the content type hub to a site or list. For more information, see getCompatibleHubContentTypes and the blog post Syntex Product Updates - August 2021. |
| Add-MgUserPendingAccessReviewInstanceDecision |
Apply review decisions on an accessReviewInstance if the decisions were not applied automatically because the autoApplyDecisionsEnabled property is |
| Clear-MgUserAndBlockManagedApp |
Blocks the managed app user from app check-in. |
| Clear-MgUserChatMessageReaction |
Invoke action unsetReaction |
| Clear-MgUserChatMessageReplyReaction |
Invoke action unsetReaction |
| Clear-MgUserManagedAppRegistrationByAzureAdDeviceId |
Issues a wipe operation on an app registration with specified aad device Id. |
| Clear-MgUserManagedAppRegistrationByDeviceTag |
Issues a wipe operation on an app registration with specified device tag. |
| Clear-MgUserManagedDevice |
Wipe a device |
| Clear-MgUserPresence |
Clear a presence session of an application for a user.
If it is the user's only presence session, a successful clearPresence changes the user's presence to |
| Clear-MgUserPresenceUserPreferredPresence |
Clear the preferred availability and activity status for a user. |
| Complete-MgUserOutlookTask |
Invoke action complete |
| Complete-MgUserOutlookTaskFolderTask |
Invoke action complete |
| Complete-MgUserOutlookTaskGroupTaskFolderTask |
Invoke action complete |
| Confirm-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgUserChatPermissionGrantMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserChatPermissionGrantMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgUserDeviceMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserDeviceMemberObject |
Invoke action checkMemberObjects |
| Confirm-MgUserInformationProtectionSignature |
Invoke action verifySignature |
| Confirm-MgUserMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. |
| Confirm-MgUserMemberObject |
Invoke action checkMemberObjects |
| Copy-MgUserDriveItem |
Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name. |
| Copy-MgUserDriveListContentTypeToDefaultContentLocation |
Copy a file to a default content location in a [content type][contentType]. The file can then be added as a default file or template via a POST operation. |
| Copy-MgUserDriveRoot |
Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name. |
| Copy-MgUserMailFolder |
Copy a mailfolder and its contents to another mailfolder. |
| Copy-MgUserMailFolderChildFolder |
Copy a mailfolder and its contents to another mailfolder. |
| Copy-MgUserMailFolderChildFolderMessage |
Copy a message to a folder within the user's mailbox. |
| Copy-MgUserMailFolderMessage |
Copy a message to a folder within the user's mailbox. |
| Copy-MgUserMessage |
Copy a message to a folder within the user's mailbox. |
| Copy-MgUserOnenoteNotebook |
Copies a notebook to the Notebooks folder in the destination Documents library. The folder is created if it doesn't exist. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result. |
| Copy-MgUserOnenotePageToSection |
Copy a page to a specific section. For copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result. |
| Copy-MgUserOnenoteSectionToNotebook |
Copies a section to a specific notebook. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result. |
| Copy-MgUserOnenoteSectionToSectionGroup |
Copies a section to a specific section group. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result. |
| Disable-MgUserAuthenticationMethodSmSign |
Invoke action disableSmsSignIn |
| Disable-MgUserAuthenticationMethodSmsSignIn |
Invoke action disableSmsSignIn |
| Disable-MgUserManagedDevice |
Invoke action disable |
| Disable-MgUserManagedDeviceLostMode |
Disable lost mode |
| Enable-MgUserAuthenticationMethodSmSign |
Invoke action enableSmsSignIn |
| Enable-MgUserAuthenticationMethodSmsSignIn |
Invoke action enableSmsSignIn |
| Enable-MgUserManagedDeviceLostMode |
Enable lost mode |
| Export-MgUserPersonalData |
Submit a data policy operation request from a company administrator or an application to export an organizational user's data. This data includes the user's data stored in OneDrive and their activity reports. For more guidance about exporting data while complying with regulations, see Data Subject Requests and the GDPR and CCPA. |
| Find-MgUserManagedDevice |
Locate a device |
| Find-MgUserMeetingTime |
Suggest meeting times and locations based on organizer and attendee availability, and time or location constraints specified as parameters. If findMeetingTimes cannot return any meeting suggestions, the response would indicate a reason in the emptySuggestionsReason property. \nBased on this value, you can better adjust the parameters and call findMeetingTimes again. The algorithm used to suggest meeting times and locations undergoes fine-tuning from time to time. In scenarios like test environments where the input parameters and calendar data remain static, expect that the suggested results may differ over time. |
| Get-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberObject |
Invoke action getMemberObjects |
| Get-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberObject |
Invoke action getMemberObjects |
| Get-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberObject |
Invoke action getMemberObjects |
| Get-MgUserById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgUserCalendarSchedule |
Get the free/busy availability information for a collection of users, distributions lists, or resources (rooms or equipment) for a specified time period. |
| Get-MgUserChatPermissionGrantById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgUserChatPermissionGrantMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserChatPermissionGrantMemberObject |
Invoke action getMemberObjects |
| Get-MgUserChatPermissionGrantUserOwnedObject |
Invoke action getUserOwnedObjects |
| Get-MgUserDefaultCalendarSchedule |
Get the free/busy availability information for a collection of users, distributions lists, or resources (rooms or equipment) for a specified time period. |
| Get-MgUserDeviceById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgUserDeviceMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserDeviceMemberObject |
Invoke action getMemberObjects |
| Get-MgUserDeviceUserOwnedObject |
Invoke action getUserOwnedObjects |
| Get-MgUserJoinedGroupById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: |
| Get-MgUserJoinedGroupUserOwnedObject |
Invoke action getUserOwnedObjects |
| Get-MgUserMailTip |
Get the MailTips of one or more recipients as available to the signed-in user.
Note that by making a |
| Get-MgUserMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. |
| Get-MgUserMemberObject |
Invoke action getMemberObjects |
| Get-MgUserOnenoteNotebookFromWebUrl |
Retrieve the properties and relationships of a notebook object by using its URL path. The location can be user notebooks on Microsoft 365, group notebooks, or SharePoint site-hosted team notebooks on Microsoft 365. |
| Get-MgUserOwnedObjectByType |
Invoke action getUserOwnedObjects |
| Grant-MgUserDriveItemPermission |
Grant users access to a link represented by a [permission][]. |
| Grant-MgUserDriveRootPermission |
Grant users access to a link represented by a [permission][]. |
| Hide-MgUserChatForUser |
Hide a chat for a user. |
| Initialize-MgUserManagedDeviceEsim |
Activate eSIM on the device. |
| Initialize-MgUserServicePlan |
Activate a service plan with a given |
| Invoke-MgAcceptUserEvent |
Accept the specified event in a user calendar. |
| Invoke-MgAcceptUserEventInstance |
Accept the specified event in a user calendar. |
| Invoke-MgAcceptUserEventInstanceTentatively |
Tentatively accept the specified event in a user calendar. If the event allows proposals for new times, on responding tentative to the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times. |
| Invoke-MgAcceptUserEventTentatively |
Tentatively accept the specified event in a user calendar. If the event allows proposals for new times, on responding tentative to the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times. |
| Invoke-MgAcceptUserPendingAccessReviewInstanceRecommendation |
Allows the acceptance of recommendations on all accessReviewInstanceDecisionItem objects that have not been reviewed for an accessReviewInstance object for which the calling user is a reviewer.
Recommendations are generated if recommendationsEnabled is |
| Invoke-MgBatchUserPendingAccessReviewInstanceRecordDecision |
Enables reviewers to review all accessReviewInstanceDecisionItem objects in batches by using principalId, resourceId, or neither. |
| Invoke-MgBufferUserInformationProtectionDecrypt |
Invoke action decryptBuffer |
| Invoke-MgBufferUserInformationProtectionEncrypt |
Invoke action encryptBuffer |
| Invoke-MgBulkReprovisionUserManagedDeviceCloudPc |
Invoke action encryptBuffer |
| Invoke-MgBulkRestoreUserManagedDeviceCloudPc |
Invoke action encryptBuffer |
| Invoke-MgBulkUserManagedDeviceReprovisionCloudPc |
Invoke action bulkReprovisionCloudPc |
| Invoke-MgBulkUserManagedDeviceRestoreCloudPc |
Invoke action bulkRestoreCloudPc |
| Invoke-MgBulkUserManagedDeviceSetCloudPcReviewStatus |
Set the review status of multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices. |
| Invoke-MgCheckinUserDriveItem |
Check in a checked out driveItem resource, which makes the version of the document available to others. |
| Invoke-MgCheckinUserDriveRoot |
Check in a checked out driveItem resource, which makes the version of the document available to others. |
| Invoke-MgCheckoutUserDriveItem |
Check out a driveItem resource to prevent others from editing the document, and prevent your changes from being visible until the documented is checked in. |
| Invoke-MgCheckoutUserDriveRoot |
Check out a driveItem resource to prevent others from editing the document, and prevent your changes from being visible until the documented is checked in. |
| Invoke-MgCleanUserManagedDeviceWindowDevice |
Clean Windows device |
| Invoke-MgCloudUserManagedDevice |
Invoke action reprovisionCloudPc |
| Invoke-MgCreateOrGetUserOnlineMeeting |
Create an onlineMeeting object with a custom specified external ID. If the external ID already exists, this API will return the onlineMeeting object with that external ID. |
| Invoke-MgDeclineUserEvent |
Decline invitation to the specified event in a user calendar. If the event allows proposals for new times, on declining the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times. |
| Invoke-MgDeclineUserEventInstance |
Decline invitation to the specified event in a user calendar. If the event allows proposals for new times, on declining the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times. |
| Invoke-MgDeprovisionUserManagedDevice |
Invoke action deprovision |
| Invoke-MgDismissUserEventInstanceReminder |
Dismiss a reminder that has been triggered for an event in a user calendar. |
| Invoke-MgDismissUserEventReminder |
Dismiss a reminder that has been triggered for an event in a user calendar. |
| Invoke-MgDownloadUserManagedDeviceAppDiagnostic |
Invoke action downloadAppDiagnostics |
| Invoke-MgDownUserManagedDeviceShut |
Shut down device |
| Invoke-MgEnrollUserManagedDeviceNowAction |
Trigger comanagement enrollment action on ConfigurationManager client |
| Invoke-MgExecuteUserManagedDeviceAction |
Invoke action executeAction |
| Invoke-MgExtractUserDriveItemSensitivityLabel |
Invoke action extractSensitivityLabels |
| Invoke-MgExtractUserDriveRootSensitivityLabel |
Invoke action extractSensitivityLabels |
| Invoke-MgExtractUserInformationProtectionPolicyLabel |
Using the metadata that exists on an already-labeled piece of information, resolve the metadata to a specific sensitivity label. The contentInfo input is resolved to informationProtectionContentLabel. |
| Invoke-MgExtractUserSecurityInformationProtectionSensitivityLabelContentLabel |
Use the metadata that exists on an already-labeled piece of information to resolve the metadata to a specific sensitivity label. The contentInfo input is resolved to informationProtectionContentLabel. |
| Invoke-MgFollowUserDriveItem |
Follow a driveItem. |
| Invoke-MgFollowUserDriveRoot |
Follow a driveItem. |
| Invoke-MgForwardUserEvent |
This action allows the organizer or attendee of a meeting event to forward the \nmeeting request to a new recipient. If the meeting event is forwarded from an attendee's Microsoft 365 mailbox to another recipient, this action \nalso sends a message to notify the organizer of the forwarding, and adds the recipient to the organizer's \ncopy of the meeting event. This convenience is not available when forwarding from an Outlook.com account. |
| Invoke-MgForwardUserEventInstance |
This action allows the organizer or attendee of a meeting event to forward the \nmeeting request to a new recipient. If the meeting event is forwarded from an attendee's Microsoft 365 mailbox to another recipient, this action \nalso sends a message to notify the organizer of the forwarding, and adds the recipient to the organizer's \ncopy of the meeting event. This convenience is not available when forwarding from an Outlook.com account. |
| Invoke-MgForwardUserMailFolderChildFolderMessage |
Forward a message using either JSON or MIME format.
When using JSON format, you can:\n- Specify either a comment or the body property of the |
| Invoke-MgForwardUserMailFolderMessage |
Forward a message using either JSON or MIME format.
When using JSON format, you can:\n- Specify either a comment or the body property of the |
| Invoke-MgForwardUserMessage |
Forward a message using either JSON or MIME format.
When using JSON format, you can:\n- Specify either a comment or the body property of the |
| Invoke-MgGraphUserChat |
Unhide a chat for a user. |
| Invoke-MgHasUserDeviceEnrollmentConfigurationPayloadLink |
Invoke action hasPayloadLinks |
| Invoke-MgInitiateUserManagedDeviceMobileDeviceManagementKeyRecovery |
Perform MDM key recovery and TPM attestation |
| Invoke-MgInvalidateUserRefreshToken |
Invalidates all of the user's refresh tokens issued to applications (as well as session cookies in a user's browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation would prevent access to any of the organization's data accessed through applications on the device without the user first being required to sign in again. In fact, this operation would force the user to sign in again for all applications that they have previously consented to, independent of device. For developers, if the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application will get an error. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint, which will force the user to sign in. |
| Invoke-MgInviteUserDriveItem |
Sends a sharing invitation for a DriveItem.\nA sharing invitation provides permissions to the recipients and optionally sends an email to the recipients to notify them the item was shared. |
| Invoke-MgInviteUserDriveRoot |
Sends a sharing invitation for a DriveItem.\nA sharing invitation provides permissions to the recipients and optionally sends an email to the recipients to notify them the item was shared. |
| Invoke-MgLicenseUser |
Reprocess all group-based license assignments for the user. To learn more about group-based licensing, see What is group-based licensing in Azure Active Directory. Also see Identify and resolve license assignment problems for a group in Azure Active Directory for more details. |
| Invoke-MgLogoutUserManagedDeviceSharedAppleDeviceActiveUser |
Logout shared Apple device active user |
| Invoke-MgMarkUserChatReadForUser |
Mark a chat as read for a user. |
| Invoke-MgMarkUserChatUnreadForUser |
Mark a chat as unread for a user. |
| Invoke-MgOverrideUserManagedDeviceComplianceState |
Invoke action overrideComplianceState |
| Invoke-MgPlayUserManagedDeviceLostModeSound |
Play lost mode sound |
| Invoke-MgPreviewUserDriveItem |
Invoke action preview |
| Invoke-MgPreviewUserDriveRoot |
Invoke action preview |
| Invoke-MgReauthorizeUserDriveItemSubscription |
Invoke action reauthorize |
| Invoke-MgReauthorizeUserDriveListSubscription |
Invoke action reauthorize |
| Invoke-MgReauthorizeUserDriveRootSubscription |
Invoke action reauthorize |
| Invoke-MgRecordUserPendingAccessReviewInstanceDecision |
As a reviewer of an access review, record a decision for an accessReviewInstanceDecisionItem that is assigned to you and that matches the principal or resource IDs specified. If no IDs are specified, the decisions will apply to every accessReviewInstanceDecisionItem for which you are the reviewer. |
| Invoke-MgReenableUserManagedDevice |
Invoke action reenable |
| Invoke-MgReplyAllUserMailFolderChildFolderMessage |
Reply to all recipients of a message using either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| Invoke-MgReplyAllUserMailFolderMessage |
Reply to all recipients of a message using either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| Invoke-MgReplyAllUserMessage |
Reply to all recipients of a message using either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| Invoke-MgReplyUserMailFolderChildFolderMessage |
Reply to the sender of a message using either JSON or MIME format.
When using JSON format:\n* Specify either a comment or the body property of the |
| Invoke-MgReplyUserMailFolderMessage |
Reply to the sender of a message using either JSON or MIME format.
When using JSON format:\n* Specify either a comment or the body property of the |
| Invoke-MgReplyUserMessage |
Reply to the sender of a message using either JSON or MIME format.
When using JSON format:\n* Specify either a comment or the body property of the |
| Invoke-MgReprovisionUserCloudPc |
Reprovision a specific Cloud PC. |
| Invoke-MgReprovisionUserManagedDeviceCloudPc |
Reprovision a specific Cloud PC. |
| Invoke-MgRetireUserManagedDevice |
Retire a device |
| Invoke-MgRetryUserCloudPcPartnerAgentInstallation |
Retry installation for the partner agents which failed to install on the Cloud PC. Service side will check which agent installation failed firstly and retry. |
| Invoke-MgRotateUserManagedDeviceBitLockerKey |
Rotate BitLockerKeys |
| Invoke-MgRotateUserManagedDeviceFileVaultKey |
Invoke action rotateFileVaultKey |
| Invoke-MgScanUserManagedDeviceWindowDefender |
Invoke action windowsDefenderScan |
| Invoke-MgSignUserInformationProtectionDigest |
Invoke action signDigest |
| Invoke-MgSnoozeUserEventInstanceReminder |
Postpone a reminder for an event in a user calendar until a new time. |
| Invoke-MgSnoozeUserEventReminder |
Postpone a reminder for an event in a user calendar until a new time. |
| Invoke-MgSoftUserChatMessageDelete |
Delete a single message or a message reply in a channel or a chat. |
| Invoke-MgSoftUserChatMessageReplyDelete |
Delete a single message or a message reply in a channel or a chat. |
| Invoke-MgTranslateUserExchangeId |
Translate identifiers of Outlook-related resources between formats. |
| Invoke-MgTroubleshootUserCloudPc |
Troubleshoot a specific Cloud PC. Use this API to check the health status of the Cloud PC and the session host. |
| Invoke-MgUnfollowUserDriveItem |
Unfollow a driveItem. |
| Invoke-MgUnfollowUserDriveRoot |
Unfollow a driveItem. |
| Invoke-MgUnsubscribeUserMailFolderChildFolderMessage |
Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list.
Uses the information in the |
| Invoke-MgUnsubscribeUserMailFolderMessage |
Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list.
Uses the information in the |
| Invoke-MgUnsubscribeUserMessage |
Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list.
Uses the information in the |
| Join-MgUserDriveListContentTypeWithHubSite |
Associate a [content type][contentType] with a list of hub sites. |
| Lock-MgUserManagedDeviceRemote |
Remote lock |
| Move-MgUserMailFolder |
Move a mailfolder and its contents to another mailfolder. |
| Move-MgUserMailFolderChildFolder |
Move a mailfolder and its contents to another mailfolder. |
| Move-MgUserMailFolderChildFolderMessage |
Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message. |
| Move-MgUserMailFolderMessage |
Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message. |
| Move-MgUserManagedDeviceToOu |
Invoke action moveDevicesToOU |
| Move-MgUserMessage |
Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message. |
| New-MgUserDeviceEnrollmentConfigurationEnrollmentNotificationConfiguration |
Invoke action createEnrollmentNotificationConfiguration |
| New-MgUserDriveItemLink |
You can use createLink action to share a driveItem via a sharing link. The createLink action will create a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, the existing sharing link will be returned. DriveItem resources inherit sharing permissions from their ancestors. |
| New-MgUserDriveItemListItemLink |
Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in. |
| New-MgUserDriveItemUploadSession |
Create an upload session to allow your app to upload files up to the maximum file size. An upload session allows your app to upload ranges of the file in sequential API requests, which allows the transfer to be resumed if a connection is dropped while the upload is in progress. To upload a file using an upload session: |
| New-MgUserDriveListItemLink |
Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in. |
| New-MgUserDriveRootLink |
You can use createLink action to share a driveItem via a sharing link. The createLink action will create a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, the existing sharing link will be returned. DriveItem resources inherit sharing permissions from their ancestors. |
| New-MgUserDriveRootListItemLink |
Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in. |
| New-MgUserDriveRootUploadSession |
Create an upload session to allow your app to upload files up to the maximum file size. An upload session allows your app to upload ranges of the file in sequential API requests, which allows the transfer to be resumed if a connection is dropped while the upload is in progress. To upload a file using an upload session: |
| New-MgUserEventAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserEventInstanceAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserMailFolderChildFolderMessageAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserMailFolderChildFolderMessageForward |
Create a draft to forward an existing message, in either JSON or MIME format.
When using JSON format, you can: \n- Specify either a comment or the body property of the |
| New-MgUserMailFolderChildFolderMessageReply |
Create a draft to reply to the sender of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserMailFolderChildFolderMessageReplyAll |
Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserMailFolderMessageAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserMailFolderMessageForward |
Create a draft to forward an existing message, in either JSON or MIME format.
When using JSON format, you can: \n- Specify either a comment or the body property of the |
| New-MgUserMailFolderMessageReply |
Create a draft to reply to the sender of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserMailFolderMessageReplyAll |
Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserManagedDeviceLogCollectionRequest |
Invoke action createDeviceLogCollectionRequest |
| New-MgUserManagedDeviceLogCollectionResponseDownloadUrl |
Invoke action createDownloadUrl |
| New-MgUserManagedDeviceRemoteHelpSession |
Remote help - Create session with a specific device |
| New-MgUserManagedDeviceWindowsDefenderUpdateSignature |
Invoke action windowsDefenderUpdateSignatures |
| New-MgUserMessageAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserMessageForward |
Create a draft to forward an existing message, in either JSON or MIME format.
When using JSON format, you can: \n- Specify either a comment or the body property of the |
| New-MgUserMessageReply |
Create a draft to reply to the sender of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserMessageReplyAll |
Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format.
When using JSON format:\n- Specify either a comment or the body property of the |
| New-MgUserMobileAppTroubleshootingEventAppLogCollectionRequestDownloadUrl |
Invoke action createDownloadUrl |
| New-MgUserOutlookTaskAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserOutlookTaskFolderTaskAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserOutlookTaskGroupTaskFolderTaskAttachmentUploadSession |
Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item.
The item can be a message or event.
Use this approach to attach a file if the file size is between 3 MB and 150 MB.
To attach a file that's smaller than 3 MB, do a |
| New-MgUserTodoListTaskAttachmentUploadSession |
Create an upload session to iteratively upload ranges of a file as an attachment to a todoTask.
As part of the response, this action returns an upload URL that you can use in subsequent sequential |
| Publish-MgUserDriveListContentType |
Publishes a [contentType][] present in a content type hub site. |
| Remove-MgUserDeviceFromManagement |
Retire all devices from management for this user |
| Remove-MgUserManagedDeviceFirmwareConfigurationInterfaceManagement |
Remove device from Device Firmware Configuration Interface management |
| Remove-MgUserManagedDeviceUserFromSharedAppleDevice |
Delete user from shared Apple device |
| Rename-MgUserCloudPc |
Rename a specific Cloud PC. Use this API to update the displayName for the Cloud PC entity. |
| Rename-MgUserCloudPcUserAccountType |
Change the account type of the user on a specific Cloud PC. |
| Request-MgUserManagedDeviceRemoteAssistance |
Request remote assistance |
| Request-MgUserManagedDeviceRemoteHelpSessionAccess |
Remote help - Request Remote help session access permission for an existing session |
| Reset-MgUserAuthenticationMethodPassword |
Invoke action resetPassword |
| Reset-MgUserManagedDevicePasscode |
Reset passcode |
| Reset-MgUserPendingAccessReviewInstanceDecision |
Resets decisions of all accessReviewInstanceDecisionItem objects on an accessReviewInstance to |
| Resize-MgUserManagedDeviceCloudPc |
Upgrade or downgrade an existing Cloud PC to another configuration with a new virtual CPU (vCPU) and storage size. |
| Restart-MgUserCloudPc |
Reboot a specific Cloud PC. |
| Restart-MgUserManagedDeviceNow |
Reboot device |
| Restore-MgUserAuthenticationWindowHelloForBusinessMethodDevice |
Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This is not applicable to security groups, which are deleted permanently. A recently deleted item will remain available for up to 30 days. After 30 days, the item is permanently deleted. |
| Restore-MgUserCloudPc |
Restore a specific Cloud PC. Use this API to trigger a remote action that restores a Cloud PC device to a previous state. |
| Restore-MgUserDriveItem |
Restore a driveItem that has been deleted and is currently in the recycle bin. |
| Restore-MgUserDriveItemListItemDocumentSetVersion |
Restore a document set version. |
| Restore-MgUserDriveItemListItemVersion |
Invoke action restoreVersion |
| Restore-MgUserDriveItemVersion |
Restore a previous version of a DriveItem to be the current version. This will create a new version with the contents of the previous version, but preserves all existing versions of the file. |
| Restore-MgUserDriveListItemDocumentSetVersion |
Restore a document set version. |
| Restore-MgUserDriveListItemVersion |
Invoke action restoreVersion |
| Restore-MgUserDriveRoot |
Restore a driveItem that has been deleted and is currently in the recycle bin. |
| Restore-MgUserDriveRootListItemDocumentSetVersion |
Restore a document set version. |
| Restore-MgUserDriveRootListItemVersion |
Invoke action restoreVersion |
| Restore-MgUserDriveRootVersion |
Restore a previous version of a DriveItem to be the current version. This will create a new version with the contents of the previous version, but preserves all existing versions of the file. |
| Restore-MgUserManagedDeviceCloudPc |
Restore a Cloud PC device to a previous state with an Intune managed device ID. |
| Restore-MgUserManagedDevicePasscode |
Recover passcode |
| Revoke-MgUserDriveItemPermissionGrant |
Revoke access to a [listItem][] or [driveItem][] granted via a sharing link by removing the specified [recipient][] from the link. |
| Revoke-MgUserDriveRootPermissionGrant |
Revoke access to a [listItem][] or [driveItem][] granted via a sharing link by removing the specified [recipient][] from the link. |
| Revoke-MgUserManagedDeviceAppleVppLicense |
Revoke all Apple Vpp licenses for a device |
| Revoke-MgUserSign |
Invoke action revokeSignInSessions |
| Revoke-MgUserSignInSession |
Invoke action revokeSignInSessions |
| Send-MgUserChatActivityNotification |
Send an activity feed notification in scope of a chat. For more details about sending notifications and the requirements for doing so, see sending Teams activity notifications. |
| Send-MgUserMail |
Send the message specified in the request body using either JSON or MIME format. When using JSON format you can include an attachment and use a mention to call out another user in the new message. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft message to send later. To learn more about the steps involved in the backend before a mail is delivered to recipients, see here. |
| Send-MgUserMailFolderChildFolderMessage |
Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation. |
| Send-MgUserMailFolderMessage |
Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation. |
| Send-MgUserManagedDeviceCustomNotificationToCompanyPortal |
Invoke action sendCustomNotificationToCompanyPortal |
| Send-MgUserMessage |
Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation. |
| Send-MgUserPendingAccessReviewInstanceReminder |
Send a reminder to the reviewers of a currently active accessReviewInstance. |
| Send-MgUserTeamworkActivityNotification |
Send an activity feed notification to a user. For more details about sending notifications and the requirements for doing so, see sending Teams activity notifications. |
| Set-MgUserChatMessageReaction |
Invoke action setReaction |
| Set-MgUserChatMessageReplyReaction |
Invoke action setReaction |
| Set-MgUserDeviceEnrollmentConfiguration |
Invoke action assign |
| Set-MgUserDeviceEnrollmentConfigurationPriority |
Invoke action setPriority |
| Set-MgUserDriveItemSensitivityLabel |
Invoke action assignSensitivityLabel |
| Set-MgUserDriveRootSensitivityLabel |
Invoke action assignSensitivityLabel |
| Set-MgUserLicense |
Add or remove licenses for the user to enable or disable their use of Microsoft cloud offerings. For example, an organization can have a Microsoft 365 Enterprise E3 subscription with 100 licenses, and this request assigns one of those licenses to a specific user. You can also enable and disable specific plans associated with a subscription. To learn more about subscriptions and licenses, see this Technet article. To get the subscriptions available in the directory, perform a GET subscribedSkus request. |
| Set-MgUserManagedDeviceCloudPcReviewStatus |
Set the review status of a specific Cloud PC device. Use this API to set the review status of a Cloud PC to in review if you consider a Cloud PC as suspicious. After the review is completed, use this API again to set the Cloud PC back to a normal state. |
| Set-MgUserManagedDeviceName |
Set device name of the device. |
| Set-MgUserPresence |
Set the availability and activity status in a presence session of an application for a user. |
| Set-MgUserPresenceStatusMessage |
Set a presence status message for a user. An optional expiration date and time can be supplied. |
| Set-MgUserPresenceUserPreferredPresence |
Set the preferred availability and activity status for a user. If the preferred presence of a user is set, the user's presence is the preferred presence. Preferred presence takes effect only when there is at least one presence session of the user. Otherwise, the user's presence stays as Offline. A presence session can be created as a result of a successful setPresence operation, or if the user is signed in on a Teams client. Read more about presence sessions and their time-out and expiration. |
| Skip-MgUserManagedDeviceActivationLock |
Bypass activation lock |
| Start-MgUserManagedDeviceConfigurationManagerAction |
Trigger action on ConfigurationManager client |
| Stop-MgUserCloudPcGracePeriod |
End the grace period for a specific Cloud PC. The grace period is triggered when the Cloud PC license is removed or the provisioning policy is unassigned. It allows users to access Cloud PCs for up to seven days before de-provisioning occurs. Ending the grace period immediately deprovisions the Cloud PC without waiting the seven days. |
| Stop-MgUserEvent |
This action allows the organizer of a meeting to send a cancellation message and cancel the event. The action moves the event to the Deleted Items folder. The organizer can also cancel an occurrence of a recurring meeting \nby providing the occurrence event ID. An attendee calling this action gets an error (HTTP 400 Bad Request), with the following\nerror message: 'Your request can't be completed. You need to be an organizer to cancel a meeting.' This action differs from Delete in that Cancel is available to only the organizer, and lets\nthe organizer send a custom message to the attendees about the cancellation. |
| Stop-MgUserEventInstance |
This action allows the organizer of a meeting to send a cancellation message and cancel the event. The action moves the event to the Deleted Items folder. The organizer can also cancel an occurrence of a recurring meeting \nby providing the occurrence event ID. An attendee calling this action gets an error (HTTP 400 Bad Request), with the following\nerror message: 'Your request can't be completed. You need to be an organizer to cancel a meeting.' This action differs from Delete in that Cancel is available to only the organizer, and lets\nthe organizer send a custom message to the attendees about the cancellation. |
| Stop-MgUserManagedDeviceRemoteHelpSession |
Remote help - End ACS session, Pubsub session and delete Remote help session |
| Stop-MgUserPendingAccessReviewInstance |
Stop a currently active accessReviewInstance.
After the access review instance stops, the instance status will be |
| Stop-MgUserPendingAccessReviewInstanceStage |
Stop an access review stage that is |
| Sync-MgUserManagedDevice |
Invoke action syncDevice |
| Test-MgUserChatPermissionGrantProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. |
| Test-MgUserDeviceProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. |
| Test-MgUserDriveItemPermission |
Invoke action validatePermission |
| Test-MgUserDriveRootPermission |
Invoke action validatePermission |
| Test-MgUserInformationProtectionDataLossPreventionPolicy |
Invoke action evaluate |
| Test-MgUserInformationProtectionPolicyLabelApplication |
Compute the information protection label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set manually or explicitly by a user or service, rather than automatically based on file contents. Given contentInfo, which includes existing content metadata key/value pairs, and labelingOptions as an input, the API returns an informationProtectionAction object that contains one of more of the following: |
| Test-MgUserInformationProtectionPolicyLabelClassificationResult |
Using classification results, compute the information protection label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set automatically based on classification of the file contents, rather than labeled directly by a user or service. To evaluate based on classification results, provide contentInfo, which includes existing content metadata key/value pairs, and classification results. The API returns an informationProtectionAction that contains one of more of the following: |
| Test-MgUserInformationProtectionPolicyLabelRemoval |
Indicate to the consuming application what actions it should take to remove the label information. Given contentInfo as an input, which includes existing content metadata key/value pairs, the API returns an informationProtectionAction that contains some combination of one of more of the following: |
| Test-MgUserInformationProtectionSensitivityLabel |
Invoke action evaluate |
| Test-MgUserInformationProtectionSensitivityLabelSublabel |
Invoke action evaluate |
| Test-MgUserJoinedGroupDynamicMembership |
Evaluate whether a user or device is or would be a member of a dynamic group. The membership rule is returned along with other details that were used in the evaluation. You can complete this operation in the following ways: |
| Test-MgUserJoinedGroupProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. |
| Test-MgUserPassword |
Check a user's password against the organization's password validation policy and report whether the password is valid. Use this action to provide real-time feedback on password strength while the user types their password. |
| Test-MgUserProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. |
| Test-MgUserSecurityInformationProtectionSensitivityLabelApplication |
Compute the sensitivity label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set manually or explicitly by a user or service, rather than automatically based on file contents. Given contentInfo, which includes existing content metadata key-value pairs, and labelingOptions as an input, the API returns an informationProtectionAction object that contains one of more of the following: |
| Test-MgUserSecurityInformationProtectionSensitivityLabelClassificationResult |
Use the classification results to compute the sensitivity label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set automatically based on classification of the file contents, rather than labeled directly by a user or service. To evaluate based on classification results, provide the contentInfo, which includes existing content metadata key-value pairs, and classification results. The API returns an informationProtectionAction that contains one of more of the following: |
| Test-MgUserSecurityInformationProtectionSensitivityLabelRemoval |
Indicate to the consuming application what actions it should take to remove the label information. Given contentInfo as an input, which includes existing content metadata key-value pairs, the API returns an informationProtectionAction that contains some combination of one or more of the following: |
| Unblock-MgUserManagedApp |
Unblocks the managed app user from app check-in. |
| Undo-MgUserChatMessageReplySoftDelete |
Undo soft deletion of a single message or a message reply in a channel or a chat. |
| Undo-MgUserChatMessageSoftDelete |
Undo soft deletion of a single message or a message reply in a channel or a chat. |
| Unpublish-MgUserDriveListContentType |
Unpublish a [contentType][] from a content type hub site. |
| Update-MgUserChatInstalledApp |
Upgrade an app installation within a chat. |
| Update-MgUserManagedDeviceWindowDeviceAccount |
Invoke action updateWindowsDeviceAccount |
| Update-MgUserOnenotePageContent |
Invoke action onenotePatchContent |
| Update-MgUserPassword |
Enable the user to update their password. Any user can update their password without belonging to any administrator role. |