Microsoft.Graph.Users.Actions

Microsoft Graph PowerShell Cmdlets

Microsoft.Graph.Users.Actions

Add-MgUserChatMember

Add multiple members in a single request to a team. The response provides details about which memberships could and couldn't be created.

Add-MgUserDriveListContentTypeCopy

Add a copy of a [content type][contentType] from a [site][site] to a [list][list].

Add-MgUserDriveListContentTypeCopyFromContentTypeHub

Add or sync a copy of a published content type from the content type hub to a target site or a list. This method is part of the content type publishing changes to optimize the syncing of published content types to sites and lists, effectively switching from a 'push everywhere' to 'pull as needed' approach. The method allows users to pull content types directly from the content type hub to a site or list. For more information, see getCompatibleHubContentTypes and the blog post Syntex Product Updates - August 2021.

Add-MgUserPendingAccessReviewInstanceDecision

Apply review decisions on an accessReviewInstance if the decisions were not applied automatically because the autoApplyDecisionsEnabled property is false in the review's accessReviewScheduleSettings. The status of the accessReviewInstance must be Completed to call this method.

Clear-MgUserAndBlockManagedApp

Blocks the managed app user from app check-in.

Clear-MgUserChatMessageReaction

Invoke action unsetReaction

Clear-MgUserChatMessageReplyReaction

Invoke action unsetReaction

Clear-MgUserManagedAppRegistrationByAzureAdDeviceId

Issues a wipe operation on an app registration with specified aad device Id.

Clear-MgUserManagedAppRegistrationByDeviceTag

Issues a wipe operation on an app registration with specified device tag.

Clear-MgUserManagedDevice

Wipe a device

Clear-MgUserPresence

Clear a presence session of an application for a user. If it is the user's only presence session, a successful clearPresence changes the user's presence to Offline/Offline. Read more about presence sessions and their time-out and expiration.

Clear-MgUserPresenceUserPreferredPresence

Clear the preferred availability and activity status for a user.

Complete-MgUserOutlookTask

Invoke action complete

Complete-MgUserOutlookTaskFolderTask

Invoke action complete

Complete-MgUserOutlookTaskGroupTaskFolderTask

Invoke action complete

Confirm-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberObject

Invoke action checkMemberObjects

Confirm-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberObject

Invoke action checkMemberObjects

Confirm-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberObject

Invoke action checkMemberObjects

Confirm-MgUserChatPermissionGrantMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserChatPermissionGrantMemberObject

Invoke action checkMemberObjects

Confirm-MgUserDeviceMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserDeviceMemberObject

Invoke action checkMemberObjects

Confirm-MgUserInformationProtectionSignature

Invoke action verifySignature

Confirm-MgUserMemberGroup

Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Azure AD. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.

Confirm-MgUserMemberObject

Invoke action checkMemberObjects

Copy-MgUserDriveItem

Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name.

Copy-MgUserDriveListContentTypeToDefaultContentLocation

Copy a file to a default content location in a [content type][contentType]. The file can then be added as a default file or template via a POST operation.

Copy-MgUserDriveRoot

Asynchronously creates a copy of an [driveItem][item-resource] (including any children), under a new parent item or with a new name.

Copy-MgUserMailFolder

Copy a mailfolder and its contents to another mailfolder.

Copy-MgUserMailFolderChildFolder

Copy a mailfolder and its contents to another mailfolder.

Copy-MgUserMailFolderChildFolderMessage

Copy a message to a folder within the user's mailbox.

Copy-MgUserMailFolderMessage

Copy a message to a folder within the user's mailbox.

Copy-MgUserMessage

Copy a message to a folder within the user's mailbox.

Copy-MgUserOnenoteNotebook

Copies a notebook to the Notebooks folder in the destination Documents library. The folder is created if it doesn't exist. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result.

Copy-MgUserOnenotePageToSection

Copy a page to a specific section. For copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result.

Copy-MgUserOnenoteSectionToNotebook

Copies a section to a specific notebook. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result.

Copy-MgUserOnenoteSectionToSectionGroup

Copies a section to a specific section group. For Copy operations, you follow an asynchronous calling pattern: First call the Copy action, and then poll the operation endpoint for the result.

Disable-MgUserAuthenticationMethodSmSign

Invoke action disableSmsSignIn

Disable-MgUserAuthenticationMethodSmsSignIn

Invoke action disableSmsSignIn

Disable-MgUserManagedDevice

Invoke action disable

Disable-MgUserManagedDeviceLostMode

Disable lost mode

Enable-MgUserAuthenticationMethodSmSign

Invoke action enableSmsSignIn

Enable-MgUserAuthenticationMethodSmsSignIn

Invoke action enableSmsSignIn

Enable-MgUserManagedDeviceLostMode

Enable lost mode

Export-MgUserPersonalData

Submit a data policy operation request from a company administrator or an application to export an organizational user's data. This data includes the user's data stored in OneDrive and their activity reports. For more guidance about exporting data while complying with regulations, see Data Subject Requests and the GDPR and CCPA.

Find-MgUserManagedDevice

Locate a device

Find-MgUserMeetingTime

Suggest meeting times and locations based on organizer and attendee availability, and time or location constraints specified as parameters. If findMeetingTimes cannot return any meeting suggestions, the response would indicate a reason in the emptySuggestionsReason property. \nBased on this value, you can better adjust the parameters and call findMeetingTimes again. The algorithm used to suggest meeting times and locations undergoes fine-tuning from time to time. In scenarios like test environments where the input parameters and calendar data remain static, expect that the suggested results may differ over time.

Get-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserAuthenticationMicrosoftAuthenticatorMethodDeviceMemberObject

Invoke action getMemberObjects

Get-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserAuthenticationPasswordlessMicrosoftAuthenticatorMethodDeviceMemberObject

Invoke action getMemberObjects

Get-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserAuthenticationWindowHelloForBusinessMethodDeviceMemberObject

Invoke action getMemberObjects

Get-MgUserById

Return the directory objects specified in a list of IDs. Some common uses for this function are to:

Get-MgUserCalendarSchedule

Get the free/busy availability information for a collection of users, distributions lists, or resources (rooms or equipment) for a specified time period.

Get-MgUserChatPermissionGrantById

Return the directory objects specified in a list of IDs. Some common uses for this function are to:

Get-MgUserChatPermissionGrantMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserChatPermissionGrantMemberObject

Invoke action getMemberObjects

Get-MgUserChatPermissionGrantUserOwnedObject

Invoke action getUserOwnedObjects

Get-MgUserDefaultCalendarSchedule

Get the free/busy availability information for a collection of users, distributions lists, or resources (rooms or equipment) for a specified time period.

Get-MgUserDeviceById

Return the directory objects specified in a list of IDs. Some common uses for this function are to:

Get-MgUserDeviceMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserDeviceMemberObject

Invoke action getMemberObjects

Get-MgUserDeviceUserOwnedObject

Invoke action getUserOwnedObjects

Get-MgUserJoinedGroupById

Return the directory objects specified in a list of IDs. Some common uses for this function are to:

Get-MgUserJoinedGroupUserOwnedObject

Invoke action getUserOwnedObjects

Get-MgUserMailTip

Get the MailTips of one or more recipients as available to the signed-in user. Note that by making a POST call to the getMailTips action, you can request specific types of MailTips to \nbe returned for more than one recipient at one time. The requested MailTips are returned in a mailTips collection.

Get-MgUserMemberGroup

Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive.

Get-MgUserMemberObject

Invoke action getMemberObjects

Get-MgUserOnenoteNotebookFromWebUrl

Retrieve the properties and relationships of a notebook object by using its URL path. The location can be user notebooks on Microsoft 365, group notebooks, or SharePoint site-hosted team notebooks on Microsoft 365.

Get-MgUserOwnedObjectByType

Invoke action getUserOwnedObjects

Grant-MgUserDriveItemPermission

Grant users access to a link represented by a [permission][].

Grant-MgUserDriveRootPermission

Grant users access to a link represented by a [permission][].

Hide-MgUserChatForUser

Hide a chat for a user.

Initialize-MgUserManagedDeviceEsim

Activate eSIM on the device.

Initialize-MgUserServicePlan

Activate a service plan with a given servicePlanId and skuId for a given user.

Invoke-MgAcceptUserEvent

Accept the specified event in a user calendar.

Invoke-MgAcceptUserEventInstance

Accept the specified event in a user calendar.

Invoke-MgAcceptUserEventInstanceTentatively

Tentatively accept the specified event in a user calendar. If the event allows proposals for new times, on responding tentative to the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times.

Invoke-MgAcceptUserEventTentatively

Tentatively accept the specified event in a user calendar. If the event allows proposals for new times, on responding tentative to the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times.

Invoke-MgAcceptUserPendingAccessReviewInstanceRecommendation

Allows the acceptance of recommendations on all accessReviewInstanceDecisionItem objects that have not been reviewed for an accessReviewInstance object for which the calling user is a reviewer. Recommendations are generated if recommendationsEnabled is true on the accessReviewScheduleDefinition object. If there is not a recommendation on an accessReviewInstanceDecisionItem object no decision will be recorded.

Invoke-MgBatchUserPendingAccessReviewInstanceRecordDecision

Enables reviewers to review all accessReviewInstanceDecisionItem objects in batches by using principalId, resourceId, or neither.

Invoke-MgBufferUserInformationProtectionDecrypt

Invoke action decryptBuffer

Invoke-MgBufferUserInformationProtectionEncrypt

Invoke action encryptBuffer

Invoke-MgBulkReprovisionUserManagedDeviceCloudPc

Invoke action encryptBuffer

Invoke-MgBulkRestoreUserManagedDeviceCloudPc

Invoke action encryptBuffer

Invoke-MgBulkUserManagedDeviceReprovisionCloudPc

Invoke action bulkReprovisionCloudPc

Invoke-MgBulkUserManagedDeviceRestoreCloudPc

Invoke action bulkRestoreCloudPc

Invoke-MgBulkUserManagedDeviceSetCloudPcReviewStatus

Set the review status of multiple Cloud PC devices with a single request that includes the IDs of Intune managed devices.

Invoke-MgCheckinUserDriveItem

Check in a checked out driveItem resource, which makes the version of the document available to others.

Invoke-MgCheckinUserDriveRoot

Check in a checked out driveItem resource, which makes the version of the document available to others.

Invoke-MgCheckoutUserDriveItem

Check out a driveItem resource to prevent others from editing the document, and prevent your changes from being visible until the documented is checked in.

Invoke-MgCheckoutUserDriveRoot

Check out a driveItem resource to prevent others from editing the document, and prevent your changes from being visible until the documented is checked in.

Invoke-MgCleanUserManagedDeviceWindowDevice

Clean Windows device

Invoke-MgCloudUserManagedDevice

Invoke action reprovisionCloudPc

Invoke-MgCreateOrGetUserOnlineMeeting

Create an onlineMeeting object with a custom specified external ID. If the external ID already exists, this API will return the onlineMeeting object with that external ID.

Invoke-MgDeclineUserEvent

Decline invitation to the specified event in a user calendar. If the event allows proposals for new times, on declining the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times.

Invoke-MgDeclineUserEventInstance

Decline invitation to the specified event in a user calendar. If the event allows proposals for new times, on declining the event, an invitee can choose to suggest an alternative time by including the proposedNewTime parameter. For more information on how to propose a time, and how to receive and accept a new time proposal, see Propose new meeting times.

Invoke-MgDeprovisionUserManagedDevice

Invoke action deprovision

Invoke-MgDismissUserEventInstanceReminder

Dismiss a reminder that has been triggered for an event in a user calendar.

Invoke-MgDismissUserEventReminder

Dismiss a reminder that has been triggered for an event in a user calendar.

Invoke-MgDownloadUserManagedDeviceAppDiagnostic

Invoke action downloadAppDiagnostics

Invoke-MgDownUserManagedDeviceShut

Shut down device

Invoke-MgEnrollUserManagedDeviceNowAction

Trigger comanagement enrollment action on ConfigurationManager client

Invoke-MgExecuteUserManagedDeviceAction

Invoke action executeAction

Invoke-MgExtractUserDriveItemSensitivityLabel

Invoke action extractSensitivityLabels

Invoke-MgExtractUserDriveRootSensitivityLabel

Invoke action extractSensitivityLabels

Invoke-MgExtractUserInformationProtectionPolicyLabel

Using the metadata that exists on an already-labeled piece of information, resolve the metadata to a specific sensitivity label. The contentInfo input is resolved to informationProtectionContentLabel.

Invoke-MgExtractUserSecurityInformationProtectionSensitivityLabelContentLabel

Use the metadata that exists on an already-labeled piece of information to resolve the metadata to a specific sensitivity label. The contentInfo input is resolved to informationProtectionContentLabel.

Invoke-MgFollowUserDriveItem

Follow a driveItem.

Invoke-MgFollowUserDriveRoot

Follow a driveItem.

Invoke-MgForwardUserEvent

This action allows the organizer or attendee of a meeting event to forward the \nmeeting request to a new recipient. If the meeting event is forwarded from an attendee's Microsoft 365 mailbox to another recipient, this action \nalso sends a message to notify the organizer of the forwarding, and adds the recipient to the organizer's \ncopy of the meeting event. This convenience is not available when forwarding from an Outlook.com account.

Invoke-MgForwardUserEventInstance

This action allows the organizer or attendee of a meeting event to forward the \nmeeting request to a new recipient. If the meeting event is forwarded from an attendee's Microsoft 365 mailbox to another recipient, this action \nalso sends a message to notify the organizer of the forwarding, and adds the recipient to the organizer's \ncopy of the meeting event. This convenience is not available when forwarding from an Outlook.com account.

Invoke-MgForwardUserMailFolderChildFolderMessage

Forward a message using either JSON or MIME format. When using JSON format, you can:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to forward a message, and send it later.

Invoke-MgForwardUserMailFolderMessage

Forward a message using either JSON or MIME format. When using JSON format, you can:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to forward a message, and send it later.

Invoke-MgForwardUserMessage

Forward a message using either JSON or MIME format. When using JSON format, you can:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to forward a message, and send it later.

Invoke-MgGraphUserChat

Unhide a chat for a user.

Invoke-MgHasUserDeviceEnrollmentConfigurationPayloadLink

Invoke action hasPayloadLinks

Invoke-MgInitiateUserManagedDeviceMobileDeviceManagementKeyRecovery

Perform MDM key recovery and TPM attestation

Invoke-MgInvalidateUserRefreshToken

Invalidates all of the user's refresh tokens issued to applications (as well as session cookies in a user's browser), by resetting the refreshTokensValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation would prevent access to any of the organization's data accessed through applications on the device without the user first being required to sign in again. In fact, this operation would force the user to sign in again for all applications that they have previously consented to, independent of device. For developers, if the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application will get an error. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint, which will force the user to sign in.

Invoke-MgInviteUserDriveItem

Sends a sharing invitation for a DriveItem.\nA sharing invitation provides permissions to the recipients and optionally sends an email to the recipients to notify them the item was shared.

Invoke-MgInviteUserDriveRoot

Sends a sharing invitation for a DriveItem.\nA sharing invitation provides permissions to the recipients and optionally sends an email to the recipients to notify them the item was shared.

Invoke-MgLicenseUser

Reprocess all group-based license assignments for the user. To learn more about group-based licensing, see What is group-based licensing in Azure Active Directory. Also see Identify and resolve license assignment problems for a group in Azure Active Directory for more details.

Invoke-MgLogoutUserManagedDeviceSharedAppleDeviceActiveUser

Logout shared Apple device active user

Invoke-MgMarkUserChatReadForUser

Mark a chat as read for a user.

Invoke-MgMarkUserChatUnreadForUser

Mark a chat as unread for a user.

Invoke-MgOverrideUserManagedDeviceComplianceState

Invoke action overrideComplianceState

Invoke-MgPlayUserManagedDeviceLostModeSound

Play lost mode sound

Invoke-MgPreviewUserDriveItem

Invoke action preview

Invoke-MgPreviewUserDriveRoot

Invoke action preview

Invoke-MgReauthorizeUserDriveItemSubscription

Invoke action reauthorize

Invoke-MgReauthorizeUserDriveListSubscription

Invoke action reauthorize

Invoke-MgReauthorizeUserDriveRootSubscription

Invoke action reauthorize

Invoke-MgRecordUserPendingAccessReviewInstanceDecision

As a reviewer of an access review, record a decision for an accessReviewInstanceDecisionItem that is assigned to you and that matches the principal or resource IDs specified. If no IDs are specified, the decisions will apply to every accessReviewInstanceDecisionItem for which you are the reviewer.

Invoke-MgReenableUserManagedDevice

Invoke action reenable

Invoke-MgReplyAllUserMailFolderChildFolderMessage

Reply to all recipients of a message using either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply-all to a message, and send it later.

Invoke-MgReplyAllUserMailFolderMessage

Reply to all recipients of a message using either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply-all to a message, and send it later.

Invoke-MgReplyAllUserMessage

Reply to all recipients of a message using either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply-all to a message, and send it later.

Invoke-MgReplyUserMailFolderChildFolderMessage

Reply to the sender of a message using either JSON or MIME format. When using JSON format:\n* Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n* If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply to a message, and send it later.

Invoke-MgReplyUserMailFolderMessage

Reply to the sender of a message using either JSON or MIME format. When using JSON format:\n* Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n* If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply to a message, and send it later.

Invoke-MgReplyUserMessage

Reply to the sender of a message using either JSON or MIME format. When using JSON format:\n* Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n* If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), send the reply to the recipients in replyTo and not the recipient in the from property. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft to reply to a message, and send it later.

Invoke-MgReprovisionUserCloudPc

Reprovision a specific Cloud PC.

Invoke-MgReprovisionUserManagedDeviceCloudPc

Reprovision a specific Cloud PC.

Invoke-MgRetireUserManagedDevice

Retire a device

Invoke-MgRetryUserCloudPcPartnerAgentInstallation

Retry installation for the partner agents which failed to install on the Cloud PC. Service side will check which agent installation failed firstly and retry.

Invoke-MgRotateUserManagedDeviceBitLockerKey

Rotate BitLockerKeys

Invoke-MgRotateUserManagedDeviceFileVaultKey

Invoke action rotateFileVaultKey

Invoke-MgScanUserManagedDeviceWindowDefender

Invoke action windowsDefenderScan

Invoke-MgSignUserInformationProtectionDigest

Invoke action signDigest

Invoke-MgSnoozeUserEventInstanceReminder

Postpone a reminder for an event in a user calendar until a new time.

Invoke-MgSnoozeUserEventReminder

Postpone a reminder for an event in a user calendar until a new time.

Invoke-MgSoftUserChatMessageDelete

Delete a single message or a message reply in a channel or a chat.

Invoke-MgSoftUserChatMessageReplyDelete

Delete a single message or a message reply in a channel or a chat.

Invoke-MgTranslateUserExchangeId

Translate identifiers of Outlook-related resources between formats.

Invoke-MgTroubleshootUserCloudPc

Troubleshoot a specific Cloud PC. Use this API to check the health status of the Cloud PC and the session host.

Invoke-MgUnfollowUserDriveItem

Unfollow a driveItem.

Invoke-MgUnfollowUserDriveRoot

Unfollow a driveItem.

Invoke-MgUnsubscribeUserMailFolderChildFolderMessage

Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list. Uses the information in the List-Unsubscribe header. Message senders can use mailing lists in a user-friendly way by including an option for recipients to opt out. They can do so by specifying the List-Unsubscribe header in each message following RFC-2369. Note In particular, for the unsubscribe action to work, the sender must specify mailto: and not URL-based unsubscribe information. Setting that header would also set the unsubscribeEnabled property of the message instance to true, and the unsubscribeData property to the header data. If the unsubscribeEnabled property of a message is true, you can use the unsubscribe action to unsubscribe the user from similar future messages as managed by the message sender. A successful unsubscribe action moves the message to the Deleted Items folder. The actual exclusion of the user from future mail distribution is managed by the sender.

Invoke-MgUnsubscribeUserMailFolderMessage

Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list. Uses the information in the List-Unsubscribe header. Message senders can use mailing lists in a user-friendly way by including an option for recipients to opt out. They can do so by specifying the List-Unsubscribe header in each message following RFC-2369. Note In particular, for the unsubscribe action to work, the sender must specify mailto: and not URL-based unsubscribe information. Setting that header would also set the unsubscribeEnabled property of the message instance to true, and the unsubscribeData property to the header data. If the unsubscribeEnabled property of a message is true, you can use the unsubscribe action to unsubscribe the user from similar future messages as managed by the message sender. A successful unsubscribe action moves the message to the Deleted Items folder. The actual exclusion of the user from future mail distribution is managed by the sender.

Invoke-MgUnsubscribeUserMessage

Submits a email request on behalf of the signed-in user to unsubscribe from an email distribution list. Uses the information in the List-Unsubscribe header. Message senders can use mailing lists in a user-friendly way by including an option for recipients to opt out. They can do so by specifying the List-Unsubscribe header in each message following RFC-2369. Note In particular, for the unsubscribe action to work, the sender must specify mailto: and not URL-based unsubscribe information. Setting that header would also set the unsubscribeEnabled property of the message instance to true, and the unsubscribeData property to the header data. If the unsubscribeEnabled property of a message is true, you can use the unsubscribe action to unsubscribe the user from similar future messages as managed by the message sender. A successful unsubscribe action moves the message to the Deleted Items folder. The actual exclusion of the user from future mail distribution is managed by the sender.

Join-MgUserDriveListContentTypeWithHubSite

Associate a [content type][contentType] with a list of hub sites.

Lock-MgUserManagedDeviceRemote

Remote lock

Move-MgUserMailFolder

Move a mailfolder and its contents to another mailfolder.

Move-MgUserMailFolderChildFolder

Move a mailfolder and its contents to another mailfolder.

Move-MgUserMailFolderChildFolderMessage

Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message.

Move-MgUserMailFolderMessage

Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message.

Move-MgUserManagedDeviceToOu

Invoke action moveDevicesToOU

Move-MgUserMessage

Move a message to another folder within the specified user's mailbox. This creates a new copy of the message in the destination folder and removes the original message.

New-MgUserDeviceEnrollmentConfigurationEnrollmentNotificationConfiguration

Invoke action createEnrollmentNotificationConfiguration

New-MgUserDriveItemLink

You can use createLink action to share a driveItem via a sharing link. The createLink action will create a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, the existing sharing link will be returned. DriveItem resources inherit sharing permissions from their ancestors.

New-MgUserDriveItemListItemLink

Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in.

New-MgUserDriveItemUploadSession

Create an upload session to allow your app to upload files up to the maximum file size. An upload session allows your app to upload ranges of the file in sequential API requests, which allows the transfer to be resumed if a connection is dropped while the upload is in progress. To upload a file using an upload session:

New-MgUserDriveListItemLink

Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in.

New-MgUserDriveRootLink

You can use createLink action to share a driveItem via a sharing link. The createLink action will create a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, the existing sharing link will be returned. DriveItem resources inherit sharing permissions from their ancestors.

New-MgUserDriveRootListItemLink

Create a sharing link for a listItem. The createLink action creates a new sharing link if the specified link type doesn't already exist for the calling application.\nIf a sharing link of the specified type already exists for the app, this action will return the existing sharing link. listItem resources inherit sharing permissions from the list the item resides in.

New-MgUserDriveRootUploadSession

Create an upload session to allow your app to upload files up to the maximum file size. An upload session allows your app to upload ranges of the file in sequential API requests, which allows the transfer to be resumed if a connection is dropped while the upload is in progress. To upload a file using an upload session:

New-MgUserEventAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserEventInstanceAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserMailFolderChildFolderMessageAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserMailFolderChildFolderMessageForward

Create a draft to forward an existing message, in either JSON or MIME format. When using JSON format, you can: \n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error.\n- Update the draft later to add content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, forward a message in a single operation.

New-MgUserMailFolderChildFolderMessageReply

Create a draft to reply to the sender of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If replyTo is specified in the original message, per Internet Message Format (RFC 2822), you should send the reply to the recipients in replyTo, and not the recipients in from.\n- You can update the draft later to add reply content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply to a message in a single operation.

New-MgUserMailFolderChildFolderMessageReplyAll

Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), you should send the reply to the recipients in the replyTo and toRecipients properties, and not the recipients in the from and toRecipients properties. \n- You can update the draft message later. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply-all to a message in a single action.

New-MgUserMailFolderMessageAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserMailFolderMessageForward

Create a draft to forward an existing message, in either JSON or MIME format. When using JSON format, you can: \n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error.\n- Update the draft later to add content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, forward a message in a single operation.

New-MgUserMailFolderMessageReply

Create a draft to reply to the sender of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If replyTo is specified in the original message, per Internet Message Format (RFC 2822), you should send the reply to the recipients in replyTo, and not the recipients in from.\n- You can update the draft later to add reply content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply to a message in a single operation.

New-MgUserMailFolderMessageReplyAll

Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), you should send the reply to the recipients in the replyTo and toRecipients properties, and not the recipients in the from and toRecipients properties. \n- You can update the draft message later. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply-all to a message in a single action.

New-MgUserManagedDeviceLogCollectionRequest

Invoke action createDeviceLogCollectionRequest

New-MgUserManagedDeviceLogCollectionResponseDownloadUrl

Invoke action createDownloadUrl

New-MgUserManagedDeviceRemoteHelpSession

Remote help - Create session with a specific device

New-MgUserManagedDeviceWindowsDefenderUpdateSignature

Invoke action windowsDefenderUpdateSignatures

New-MgUserMessageAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserMessageForward

Create a draft to forward an existing message, in either JSON or MIME format. When using JSON format, you can: \n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- Specify either the toRecipients parameter or the toRecipients property of the message parameter. Specifying both or specifying neither will return an HTTP 400 Bad Request error.\n- Update the draft later to add content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, forward a message in a single operation.

New-MgUserMessageReply

Create a draft to reply to the sender of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If replyTo is specified in the original message, per Internet Message Format (RFC 2822), you should send the reply to the recipients in replyTo, and not the recipients in from.\n- You can update the draft later to add reply content to the body or change other message properties. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply to a message in a single operation.

New-MgUserMessageReplyAll

Create a draft to reply to the sender and all recipients of a message in either JSON or MIME format. When using JSON format:\n- Specify either a comment or the body property of the message parameter. Specifying both will return an HTTP 400 Bad Request error.\n- If the original message specifies a recipient in the replyTo property, per Internet Message Format (RFC 2822), you should send the reply to the recipients in the replyTo and toRecipients properties, and not the recipients in the from and toRecipients properties. \n- You can update the draft message later. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. Send the draft message in a subsequent operation. Alternatively, reply-all to a message in a single action.

New-MgUserMobileAppTroubleshootingEventAppLogCollectionRequestDownloadUrl

Invoke action createDownloadUrl

New-MgUserOutlookTaskAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserOutlookTaskFolderTaskAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserOutlookTaskGroupTaskFolderTaskAttachmentUploadSession

Create an upload session that allows an app to iteratively upload ranges of a file, so as to attach the file to an Outlook item. The item can be a message or event. Use this approach to attach a file if the file size is between 3 MB and 150 MB. To attach a file that's smaller than 3 MB, do a POST operation on the attachments navigation property of the Outlook item; see how to do this for a message or for an event. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. Request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows transfer to be resumed, in case the network connection is dropped during upload. The following are the steps to attach a file to an Outlook item using an upload session: See attach large files to Outlook messages or events for an example.

New-MgUserTodoListTaskAttachmentUploadSession

Create an upload session to iteratively upload ranges of a file as an attachment to a todoTask. As part of the response, this action returns an upload URL that you can use in subsequent sequential PUT queries. The request headers for each PUT operation let you specify the exact range of bytes to be uploaded. This allows the transfer to be resumed, in case the network connection is dropped during the upload. The following are the steps to attach a file to a Microsoft To Do task using an upload session: For an example that describes the end-to-end attachment process, see attach files to a To Do task.

Publish-MgUserDriveListContentType

Publishes a [contentType][] present in a content type hub site.

Remove-MgUserDeviceFromManagement

Retire all devices from management for this user

Remove-MgUserManagedDeviceFirmwareConfigurationInterfaceManagement

Remove device from Device Firmware Configuration Interface management

Remove-MgUserManagedDeviceUserFromSharedAppleDevice

Delete user from shared Apple device

Rename-MgUserCloudPc

Rename a specific Cloud PC. Use this API to update the displayName for the Cloud PC entity.

Rename-MgUserCloudPcUserAccountType

Change the account type of the user on a specific Cloud PC.

Request-MgUserManagedDeviceRemoteAssistance

Request remote assistance

Request-MgUserManagedDeviceRemoteHelpSessionAccess

Remote help - Request Remote help session access permission for an existing session

Reset-MgUserAuthenticationMethodPassword

Invoke action resetPassword

Reset-MgUserManagedDevicePasscode

Reset passcode

Reset-MgUserPendingAccessReviewInstanceDecision

Resets decisions of all accessReviewInstanceDecisionItem objects on an accessReviewInstance to notReviewed.

Resize-MgUserManagedDeviceCloudPc

Upgrade or downgrade an existing Cloud PC to another configuration with a new virtual CPU (vCPU) and storage size.

Restart-MgUserCloudPc

Reboot a specific Cloud PC.

Restart-MgUserManagedDeviceNow

Reboot device

Restore-MgUserAuthenticationWindowHelloForBusinessMethodDevice

Restore a recently deleted application, group, servicePrincipal, administrative unit, or user object from deleted items. If an item was accidentally deleted, you can fully restore the item. This is not applicable to security groups, which are deleted permanently. A recently deleted item will remain available for up to 30 days. After 30 days, the item is permanently deleted.

Restore-MgUserCloudPc

Restore a specific Cloud PC. Use this API to trigger a remote action that restores a Cloud PC device to a previous state.

Restore-MgUserDriveItem

Restore a driveItem that has been deleted and is currently in the recycle bin.

Restore-MgUserDriveItemListItemDocumentSetVersion

Restore a document set version.

Restore-MgUserDriveItemListItemVersion

Invoke action restoreVersion

Restore-MgUserDriveItemVersion

Restore a previous version of a DriveItem to be the current version. This will create a new version with the contents of the previous version, but preserves all existing versions of the file.

Restore-MgUserDriveListItemDocumentSetVersion

Restore a document set version.

Restore-MgUserDriveListItemVersion

Invoke action restoreVersion

Restore-MgUserDriveRoot

Restore a driveItem that has been deleted and is currently in the recycle bin.

Restore-MgUserDriveRootListItemDocumentSetVersion

Restore a document set version.

Restore-MgUserDriveRootListItemVersion

Invoke action restoreVersion

Restore-MgUserDriveRootVersion

Restore a previous version of a DriveItem to be the current version. This will create a new version with the contents of the previous version, but preserves all existing versions of the file.

Restore-MgUserManagedDeviceCloudPc

Restore a Cloud PC device to a previous state with an Intune managed device ID.

Restore-MgUserManagedDevicePasscode

Recover passcode

Revoke-MgUserDriveItemPermissionGrant

Revoke access to a [listItem][] or [driveItem][] granted via a sharing link by removing the specified [recipient][] from the link.

Revoke-MgUserDriveRootPermissionGrant

Revoke access to a [listItem][] or [driveItem][] granted via a sharing link by removing the specified [recipient][] from the link.

Revoke-MgUserManagedDeviceAppleVppLicense

Revoke all Apple Vpp licenses for a device

Revoke-MgUserSign

Invoke action revokeSignInSessions

Revoke-MgUserSignInSession

Invoke action revokeSignInSessions

Send-MgUserChatActivityNotification

Send an activity feed notification in scope of a chat. For more details about sending notifications and the requirements for doing so, see sending Teams activity notifications.

Send-MgUserMail

Send the message specified in the request body using either JSON or MIME format. When using JSON format you can include an attachment and use a mention to call out another user in the new message. When using MIME format:\n- Provide the applicable Internet message headers and the MIME content, all encoded in base64 format in the request body.\n- Add any attachments and S/MIME properties to the MIME content. This method saves the message in the Sent Items folder. Alternatively, create a draft message to send later. To learn more about the steps involved in the backend before a mail is delivered to recipients, see here.

Send-MgUserMailFolderChildFolderMessage

Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation.

Send-MgUserMailFolderMessage

Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation.

Send-MgUserManagedDeviceCustomNotificationToCompanyPortal

Invoke action sendCustomNotificationToCompanyPortal

Send-MgUserMessage

Send an existing draft message. The draft message can be a new message draft, reply draft, reply-all draft, or a forward draft. This method saves the message in the Sent Items folder. Alternatively, send a new message in a single operation.

Send-MgUserPendingAccessReviewInstanceReminder

Send a reminder to the reviewers of a currently active accessReviewInstance.

Send-MgUserTeamworkActivityNotification

Send an activity feed notification to a user. For more details about sending notifications and the requirements for doing so, see sending Teams activity notifications.

Set-MgUserChatMessageReaction

Invoke action setReaction

Set-MgUserChatMessageReplyReaction

Invoke action setReaction

Set-MgUserDeviceEnrollmentConfiguration

Invoke action assign

Set-MgUserDeviceEnrollmentConfigurationPriority

Invoke action setPriority

Set-MgUserDriveItemSensitivityLabel

Invoke action assignSensitivityLabel

Set-MgUserDriveRootSensitivityLabel

Invoke action assignSensitivityLabel

Set-MgUserLicense

Add or remove licenses for the user to enable or disable their use of Microsoft cloud offerings. For example, an organization can have a Microsoft 365 Enterprise E3 subscription with 100 licenses, and this request assigns one of those licenses to a specific user. You can also enable and disable specific plans associated with a subscription. To learn more about subscriptions and licenses, see this Technet article. To get the subscriptions available in the directory, perform a GET subscribedSkus request.

Set-MgUserManagedDeviceCloudPcReviewStatus

Set the review status of a specific Cloud PC device. Use this API to set the review status of a Cloud PC to in review if you consider a Cloud PC as suspicious. After the review is completed, use this API again to set the Cloud PC back to a normal state.

Set-MgUserManagedDeviceName

Set device name of the device.

Set-MgUserPresence

Set the availability and activity status in a presence session of an application for a user.

Set-MgUserPresenceStatusMessage

Set a presence status message for a user. An optional expiration date and time can be supplied.

Set-MgUserPresenceUserPreferredPresence

Set the preferred availability and activity status for a user. If the preferred presence of a user is set, the user's presence is the preferred presence. Preferred presence takes effect only when there is at least one presence session of the user. Otherwise, the user's presence stays as Offline. A presence session can be created as a result of a successful setPresence operation, or if the user is signed in on a Teams client. Read more about presence sessions and their time-out and expiration.

Skip-MgUserManagedDeviceActivationLock

Bypass activation lock

Start-MgUserManagedDeviceConfigurationManagerAction

Trigger action on ConfigurationManager client

Stop-MgUserCloudPcGracePeriod

End the grace period for a specific Cloud PC. The grace period is triggered when the Cloud PC license is removed or the provisioning policy is unassigned. It allows users to access Cloud PCs for up to seven days before de-provisioning occurs. Ending the grace period immediately deprovisions the Cloud PC without waiting the seven days.

Stop-MgUserEvent

This action allows the organizer of a meeting to send a cancellation message and cancel the event. The action moves the event to the Deleted Items folder. The organizer can also cancel an occurrence of a recurring meeting \nby providing the occurrence event ID. An attendee calling this action gets an error (HTTP 400 Bad Request), with the following\nerror message: 'Your request can't be completed. You need to be an organizer to cancel a meeting.' This action differs from Delete in that Cancel is available to only the organizer, and lets\nthe organizer send a custom message to the attendees about the cancellation.

Stop-MgUserEventInstance

This action allows the organizer of a meeting to send a cancellation message and cancel the event. The action moves the event to the Deleted Items folder. The organizer can also cancel an occurrence of a recurring meeting \nby providing the occurrence event ID. An attendee calling this action gets an error (HTTP 400 Bad Request), with the following\nerror message: 'Your request can't be completed. You need to be an organizer to cancel a meeting.' This action differs from Delete in that Cancel is available to only the organizer, and lets\nthe organizer send a custom message to the attendees about the cancellation.

Stop-MgUserManagedDeviceRemoteHelpSession

Remote help - End ACS session, Pubsub session and delete Remote help session

Stop-MgUserPendingAccessReviewInstance

Stop a currently active accessReviewInstance. After the access review instance stops, the instance status will be Completed, the reviewers can no longer give input, and the access review decisions can be applied. Stopping an instance will not effect future instances. To prevent a recurring access review from starting future instances, update the schedule definition to change its scheduled end date.

Stop-MgUserPendingAccessReviewInstanceStage

Stop an access review stage that is inProgress. After the access review stage stops, the stage status will be Completed and the reviewers can no longer give input. If there are subsequent stages that depend on the completed stage, the next stage will be created. The accessReviewInstanceDecisionItem objects will always reflect the last decisions recorded across all stages at that given time, regardless of the status of the stages.

Sync-MgUserManagedDevice

Invoke action syncDevice

Test-MgUserChatPermissionGrantProperty

Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy.

Test-MgUserDeviceProperty

Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy.

Test-MgUserDriveItemPermission

Invoke action validatePermission

Test-MgUserDriveRootPermission

Invoke action validatePermission

Test-MgUserInformationProtectionDataLossPreventionPolicy

Invoke action evaluate

Test-MgUserInformationProtectionPolicyLabelApplication

Compute the information protection label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set manually or explicitly by a user or service, rather than automatically based on file contents. Given contentInfo, which includes existing content metadata key/value pairs, and labelingOptions as an input, the API returns an informationProtectionAction object that contains one of more of the following:

Test-MgUserInformationProtectionPolicyLabelClassificationResult

Using classification results, compute the information protection label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set automatically based on classification of the file contents, rather than labeled directly by a user or service. To evaluate based on classification results, provide contentInfo, which includes existing content metadata key/value pairs, and classification results. The API returns an informationProtectionAction that contains one of more of the following:

Test-MgUserInformationProtectionPolicyLabelRemoval

Indicate to the consuming application what actions it should take to remove the label information. Given contentInfo as an input, which includes existing content metadata key/value pairs, the API returns an informationProtectionAction that contains some combination of one of more of the following:

Test-MgUserInformationProtectionSensitivityLabel

Invoke action evaluate

Test-MgUserInformationProtectionSensitivityLabelSublabel

Invoke action evaluate

Test-MgUserJoinedGroupDynamicMembership

Evaluate whether a user or device is or would be a member of a dynamic group. The membership rule is returned along with other details that were used in the evaluation. You can complete this operation in the following ways:

Test-MgUserJoinedGroupProperty

Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy.

Test-MgUserPassword

Check a user's password against the organization's password validation policy and report whether the password is valid. Use this action to provide real-time feedback on password strength while the user types their password.

Test-MgUserProperty

Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: \n1. Validate the prefix and suffix naming policy\n2. Validate the custom banned words policy\n3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy.

Test-MgUserSecurityInformationProtectionSensitivityLabelApplication

Compute the sensitivity label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set manually or explicitly by a user or service, rather than automatically based on file contents. Given contentInfo, which includes existing content metadata key-value pairs, and labelingOptions as an input, the API returns an informationProtectionAction object that contains one of more of the following:

Test-MgUserSecurityInformationProtectionSensitivityLabelClassificationResult

Use the classification results to compute the sensitivity label that should be applied and return the set of actions that must be taken to correctly label the information. This API is useful when a label should be set automatically based on classification of the file contents, rather than labeled directly by a user or service. To evaluate based on classification results, provide the contentInfo, which includes existing content metadata key-value pairs, and classification results. The API returns an informationProtectionAction that contains one of more of the following:

Test-MgUserSecurityInformationProtectionSensitivityLabelRemoval

Indicate to the consuming application what actions it should take to remove the label information. Given contentInfo as an input, which includes existing content metadata key-value pairs, the API returns an informationProtectionAction that contains some combination of one or more of the following:

Unblock-MgUserManagedApp

Unblocks the managed app user from app check-in.

Undo-MgUserChatMessageReplySoftDelete

Undo soft deletion of a single message or a message reply in a channel or a chat.

Undo-MgUserChatMessageSoftDelete

Undo soft deletion of a single message or a message reply in a channel or a chat.

Unpublish-MgUserDriveListContentType

Unpublish a [contentType][] from a content type hub site.

Update-MgUserChatInstalledApp

Upgrade an app installation within a chat.

Update-MgUserManagedDeviceWindowDeviceAccount

Invoke action updateWindowsDeviceAccount

Update-MgUserOnenotePageContent

Invoke action onenotePatchContent

Update-MgUserPassword

Enable the user to update their password. Any user can update their password without belonging to any administrator role.