What's new in Microsoft Graph

Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.

For more detailed API-level updates, see the Microsoft Graph API changelog.

For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.

Important

Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.

June 2026: New and generally available

Applications | Service principal

Evaluate applications in the Microsoft Entra application gallery by using the applicationTemplate resource type, including the riskScore and riskFactors properties for risk assessment.

Files

Upsert (create or update) up to 40 permissions on a fileStorageContainer in a single request. The limit increased from 10 to 40 permission objects per request.

Identity and access | Identity and sign-in

Added support for programmatic FIDO2 passkey registration. Use the creationOptions function to get WebAuthn credential creation options, then complete registration by posting the new publicKeyCredential property to the fido2AuthenticationMethod resource.

People and workplace intelligence

• Updated Manage profile source precedence in Microsoft 365 to clarify supported data sources for HR and work position data, explain how source precedence affects single-value versus multi-value properties, and add guidance on correctly configuring and removing tenant-level settings using the Microsoft Graph API or PowerShell.
• Added the People data sources in Microsoft 365 concept article that describes the data sources that build the Microsoft 365 user profile, including Microsoft Entra ID, Copilot connectors, Organizational data, SharePoint, People Skills, user edits, and the API user source. The article also provides a reference table of built-in source IDs (GUIDs) and explains how source metadata appears in the profile API output.

Security

• Added the tenantId property to the userAccount resource to provide the Entra home tenant ID for the compromised user account indicated in a security alert where the alert evidence is related to a processEvidence, userEvidence, or mailboxEvidence.
• Added the alert: moveAlerts and incident: mergeIncidents actions to support moving alerts and merging incidents in Microsoft Defender.
• Added the correlationReason enumeration and mergeResponse resource type.

Teamwork and communications | Shift management

The timeZone property of the schedule resource must be set to an IANA time zone name, such as America/Chicago or Europe/London. For more information, see Create or replace schedule.

Users

Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.

June 2026: New in preview only

Backup storage

Use the new full workload backup APIs to protect entire Microsoft 365 workloads (SharePoint Online, OneDrive for work or school, and Exchange Online) with minimal administrative overhead. Instead of manually selecting each item to protect, you can create a protection policy that backs up all data in a workload and then specify only the items to exclude from backup. For more information, see exclusionUnitBase and exclusionUnitBulkAdditionJob.

Device and app management | Cloud PC

Use the cloudPcProvisioningPolicy: apply method to apply policy settings such as region and singleSignOn. This method also supports reprovisioning for frontline shared mode Cloud PCs by using the reservePercentage parameter to control the percentage of Cloud PCs that remain available during the process.

Files

Upsert (create or update) up to 40 permissions on a fileStorageContainer in a single request. The limit increased from 10 to 40 permission objects per request.

Identity and access | Directory management

Added redirect URI validation and restriction capabilities to tenant app management policies, allowing tenant administrators to control redirect URI schemes, domains, and wildcard usage. Use the redirectUris property -> redirectUriConfiguration resource and its associated configuration resources to manage these restrictions through the appManagementApplicationConfiguration and customAppManagementApplicationConfiguration resources.

Identity and access | Governance

• Added reviewer delegation support to the accessReviewInstance: filterByCurrentUser API for access reviews.
• Added provisioning workflow support to lifecycle workflows. Use the activateAndWait action to run workflows synchronously for non-user subjects such as provisioning objects.

Mail

Use the user configuration API in Microsoft Graph to build solutions that store and retrieve per-folder configuration data alongside Exchange Online mailbox content.

Introduced programmatic management of personal distribution lists in user mailboxes through the distributionList and distributionListMember resource types. You can now:

• Create, read, update, and delete distribution lists in a user's mailbox
• Add and remove members from distribution lists
• Retrieve expanded member information with resolved contact details and recipient types
• List all distribution lists owned by a user

Personal distribution lists enable users to group email recipients together and send messages to all members at once without entering each address individually.

Security

• Introduced sensor migration capabilities to migrate eligible Microsoft Defender for Identity sensors.
• Use the Create manualAlert method to create a manual security alert with specified entities and metadata. The new manualAlert resource type derives from alert and uses the entityDefinitionInput complex type to specify associated entities.
• Added the tenantId property to the userAccount resource to provide the Entra home tenant ID for the compromised user account indicated in a security alert where the alert evidence is related to a processEvidence, userEvidence, or mailboxEvidence.

Sites and lists

Added the sharePointReportSettings resource type and related methods for managing SharePoint API usage report metrics. Use the enableApiUsageReport and disableApiUsageReport methods to control which metrics are collected and reported for your tenant.

Teamwork and communications | Shift management

The timeZone property of the schedule resource must be set to an IANA time zone name, such as America/Chicago or Europe/London. For more information, see Create or replace schedule.‎

Tenants | Tenant governance

Added the groupDisplayName property to the delegatedAdministrationRoleAssignment and delegatedAdministrationRoleAssignmentSnapshot resources. This property surfaces the display name of the security group inline, so consumers don't need to make a separate Microsoft Graph /groups/{id} call to resolve it.

Users

Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.

May 2026: New and generally available

Agents

• Added the agentUser resource type and related methods for managing the lifecycle of agent user identities.
• Added verifiedIdProfile resources and related profile configuration for configuring Microsoft Entra Verified ID.

Backup storage

Added the emailNotificationsSetting resource and its associated methods to configure multi-admin email notifications for Microsoft 365 Backup Storage, including which administrators or custom recipients receive notifications and which event types they're notified about.

Files

• Use the Upsert permissions API to create or update up to 10 permission objects on a fileStorageContainer in a single request.
• Use the Get fileStorageContainer permission API to get a specific permission from a fileStorageContainer object.
• Added the @microsoft.graph.conflictBehavior annotation parameter to the Create permission method. Use fail to return a 409 Conflict response code when the identity exists with a different role, or replace to update the existing role.

Groups

Added the ownerlessGroupPolicy resource type and related methods to the v1.0 endpoint. Use this policy to configure actionable email notifications that prompt active members of ownerless Microsoft 365 groups to accept ownership when the sole owner leaves the organization or their account is disabled.

Identity and access | Directory management

Use the deviceRegistrationPolicy resource type and its related methods to manage the policy that controls device registration quota restrictions, additional authentication, and authorization policies for your Microsoft Entra tenant.

Identity and access | Identity and sign-in

• Added the onVerifiedIdClaimValidationCustomExtension and onVerifiedIdClaimValidationListener resource types and associated methods to support custom logic for claim validation from Verified ID credential presentations during authentication flows through Microsoft Entra custom authentication extensions in External ID.
• Added claim validation and match-confidence capabilities to Verified ID profiles, enabling stronger claim verification and more flexible matching.
• Enhanced the x509CertificateAuthenticationMethodConfiguration resource type with the following capabilities for certificate-based authentication (CBA):
  • Scoping CBA to specific certificate authorities and restrict which groups of users can authenticate using certificates from those CAs.
  • Controlling whether issuer hints are sent to the client to filter the certificates shown in the certificate picker.
• Updated the targetedAuthenticationMethod property of the authenticationMethodsRegistrationCampaignIncludeTarget resource to support Fido2 in addition to microsoftAuthenticator for authentication method registration campaigns. Organizations can now use registration campaigns to nudge users to register and sign in with phishing-resistant passkeys (FIDO2).

Mailbox import and export

Use the mailbox import and export APIs in Microsoft Graph to build solutions that integrate with mailbox resources for data import and export scenarios. For more information, see Overview of the mailbox import and export APIs in Microsoft Graph.

People and workplace intelligence | People admin settings

Use the isVisible property on profileCardProperty to indicate whether the given directory property should be shown on a user’s profile card.

Security | Alerts and incidents

• Added the migration guide Migrate from legacy alerts to the alerts and incidents API to help you transition your apps from the deprecated Microsoft Graph security alerts v1 API to the new alerts and incidents API.
• Extended the alertEvidence base type with additional derived types to provide detailed context about various artifacts involved in security alerts.
• Added support for the microsoftSecurityForAI service source for security alerts.
• Added the categories property to the alert resource.
• Deprecated the category property on the alert resource. Use the categories property instead.

Teamwork and communications | Messaging

• Enable migration mode on an existing channel to support channel migration of external messages.
• Enable migration mode on an existing chat to support chat migration of external messages.
• Complete chat migration by disabling migration mode.
• Added the migrationMode and originalCreatedDateTime properties to the channel resource.
• Added the migrationMode and originalCreatedDateTime properties to the chat resource.
• Added the migrationMode enum.

Teamwork and communications | Shifts

Supports additional theme colors in the scheduleEntityTheme enumeration for the theme property on openShiftItem, shiftItem, shiftActivity, and timeOffItem.

May 2026: New in preview only

Device and app management | Cloud PC

• Updated retrieveCloudPcTroubleshootReports on the cloudPcReports resource to support new troubleshooting report types across tenant, configuration, user and device, and view data table scopes.
• Create or delete a cloud app.
• Extended the appDetail property on cloudPcCloudApp to support the cloudPcAutomaticDiscoveredAppDetail type for apps automatically discovered from the start menu, and the cloudPcFilePathAppDetail type for apps manually created when a file path is specified.
• Added the iconPathInvalid and filePathInvalid members as supported values for the actionFailedErrorCode property on the cloudPcCloudApp. Use these members to indicate that the icon or file path specified for the cloud app is invalid.
• Added the cloudPcPool resource and its derived type cloudPcAgentPool to enable management of Cloud PC pools for agentic workloads.
• Added the cloudPcPoolAssignment resource and its derived type cloudPcAgentPoolUserAssignment to manage pool assignments.
• Use australiaNewZealand as a new supported value in the geographicLocationType property of the cloudPcSupportedRegion and cloudPcDomainJoinConfiguration resources.

Files

• Use the Upsert permissions API to create or update up to 10 permission objects on a fileStorageContainer in a single request.
• Added /storage/fileStorage/containers/{containerId}/permissions(email='{email}') and /storage/fileStorage/containers/{containerId}/permissions(userPrincipalName='{userPrincipalName}') as supported endpoints for the Update fileStorageContainer permission and Delete fileStorageContainer permission APIs. Use either the permission ID or the user's email or userPrincipalName to target a permission.
• Use the Get fileStorageContainer permission API to get a specific permission from a fileStorageContainer object by using either the permission ID or the user's email or userPrincipalName to target a permission.
• Added the @microsoft.graph.conflictBehavior annotation parameter to the Create permission method. Use fail to return a 409 Conflict response code when the identity exists with a different role, or replace to update the existing role.

Identity and access | Governance

Added the approverDelegate and identityGovernanceUserSettings resources to enable users to delegate their approval responsibilities for access package approvals and access reviews.

Identity and access | Identity and sign-in

• Added the blueprintId and source agent-descriptive properties to agentRiskDetection and riskyAgent resources.
• Added the onVerifiedIdClaimValidationCustomExtension and onVerifiedIdClaimValidationListener resource types and associated methods to support custom logic for claim validation from Verified ID credential presentations during authentication flows through Microsoft Entra custom authentication extensions in External ID.
• Updated the targetedAuthenticationMethod property of the authenticationMethodsRegistrationCampaignIncludeTarget resource to support Fido2 in addition to microsoftAuthenticator for authentication method registration campaigns. Organizations can now use registration campaigns to nudge users to register and sign in with phishing-resistant passkeys (FIDO2).

People and workplace intelligence | People admin settings

Use the isVisible property on profileCardProperty to indicate whether the given directory property should be shown on a user's profile card.

People and workplace intelligence | Photo update settings

Use the List and Update methods as the only operations for the photoUpdateSettings to get and update the photoUpdateSettings properties.

Reports | Identity and access reports

• Added the identityCorrelation resource type and related methods for viewing identity correlation reports between on-premises directories and Microsoft Entra ID.
• Added the passwordSubmit member to the authenticationEventType enumeration, surfaced through appliedAuthenticationEventListener, to identify password-submission events in sign-in flows.

Security | Alerts and incidents

• Use the following new resources that extend the alertEvidence base type to provide detailed context about various artifacts involved in security alerts:
  • dnsEvidence
  • fileHashEvidence
  • gitHubOrganizationEvidence
  • gitHubRepoEvidence
  • gitHubUserEvidence
  • hostLogonSessionEvidence
  • malwareEvidence
  • networkConnectionEvidence
  • sasTokenEvidence
  • servicePrincipalEvidence
  • submissionMailEvidence
• Added the categories property to the alert resource.
• Deprecated the category property on the alert resource. Use the categories property instead.
• Added the microsoftSecurityForAI member to the serviceSource enumeration type for the alert resource to identify alerts created by Microsoft Defender for AI.

Security | Data security and compliance

Added the contentActivityMetadata resource to represent and track Data Loss Prevention (DLP) enforcement result metadata for content entries, including identifiers, timestamps, and policy statuses.

Teamwork and communications | Apps

Use the scopeInfo property on teamsAppInstallation to get the details of the scope in which the app is installed.

Teamwork and communications | Calls and online meetings

• Use the virtualEventTownhallRegistrationConfiguration resource to manage attendee access for town halls and enable more controlled, scalable audience management.
• Added the capacity property to virtual event town hall. This property allows customers to specify the expected attendee size when creating or updating a town hall or session and retrieve it later. Validation ensures compliance with SKU and licensing limits, returning actionable errors when capacity exceeds entitlement.

Teamwork and communications | Messaging

Added support for $expand on the items relationship of the teamworkSection resource to retrieve a section together with its items in a single request.

Tenants | Cross-tenant access

Added the following properties and their associated complex types to the crossTenantAccessPolicyConfigurationDefault and crossTenantAccessPolicyConfigurationPartner resources of cross-tenant access policy APIs to support Microsoft 365 collaboration and app service connect settings:

• appServiceConnectInbound property to get or set the default or partner-specific configuration for inbound app service connect settings.
• m365CollaborationInbound property to get or set the default or partner-specific configuration for inbound Microsoft 365 collaboration settings.
• m365CollaborationOutbound property get or set the default or partner-specific configuration for outbound Microsoft 365 collaboration settings.

Contribute to Microsoft Graph

Are there scenarios you'd like Microsoft Graph to support?

• Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.

• Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.

• Join our research panel to provide your input on our developer experiences.

Related content

• Microsoft Graph developer blog.
• Microsoft Graph API changelog.
• Microsoft Graph what's new history.