Leggere in inglese Modifica

Condividi tramite

Microsoft Graph what's new history

  • Articolo

Find information about previous additions and updates to Microsoft Graph APIs, documentation, SDKs, and other resources.

January 2025: New and generally available

Files

Updated the endpoint of the fileStorageContainer: restore method.

Identity and access | Identity and sign-in

Added riskEventType entry for the Suspicious API Traffic detection for service principals.

Microsoft Graph Bicep templates

You can now deploy the user resource in a Bicep template for your infrastructure as code (IaC) projects. For more information, see the Microsoft.Graph users Bicep reference.

Teamwork and communications | Calls and online meetings

  • Microsoft Teams custom meeting templates allow you to specify values for many of the meeting options available to meeting organizers. Use the meetingTemplateId property on onlineMeeting to create an online meeting with a meeting template.
  • Use the allowBreakoutRooms, allowLiveShare, allowPowerPointSharing, and allowWhiteboard to indicate whether breakout rooms, live share, PowerPoint live, and whiteboard features are enabled in an onlineMeeting or virtualEventSession.
  • Use the allowedLobbyAdmitters property on onlineMeeting to get or set the users who can admit from the lobby.
  • Use the allowRecording and allowTranscription properties on the onlineMeeting and virtualEventSession to indicate whether recording or transcription is enabled for a meeting or virtual event session.

Teamwork and communications | Messaging

  • Get a chat message with an @mention for everyone.
  • Get a chat message that has a forwarded message as an attachment.
  • Use the isHiddenForAllMembers property to indicate whether a chat is hidden from all its members.

January 2025: New in preview only

Change notifications

Enabled change notifications support to the methods to list, get, create, update, delete, and reauthorize a subscription for aiInteraction.

Device and app management | Cloud PC

Files

Updated the endpoint of the fileStorageContainer: restore method.

Identity and access | Directory management

  • Use the alternativeNames property on device to get or set alternative names for a device.
  • Use the deviceTemplate resource and its associated methods to manage device templates for devices in Microsoft Entra ID.
  • Use the mutualTlsOauthConfiguration resource and its associated methods to manage certificate authorities that are permitted to issue certificates for a specific set of objects used for mTLS.

Identity and access | Identity and sign-in

Added support for configuring a custom email provider for one-time passcodes (OTP) in Microsoft Entra External ID by using the following objects:

  • The onOtpSendCustomExtension resource type to configure the custom authentication extension that contains configuration details of the external service that might be an Azure Function.
  • The onEmailOtpSendListener resource type to configure the event listener that is triggered to send the OTP prompt to the user, based on the configuration details in the onOtpSendCustomExtension object.

The functionality also allows you to configure the default fallback option when the custom authentication extension isn't successfully called.

Industry data ETL

Use the start operation on the industryDataRun resource to perform an on-demand run, with throttling limits of up to five successful runs every 12 hours.

Mailbox import and export

Use the new mailbox import and export APIs in Microsoft Graph to build solutions that integrate with mailbox resources for data import and export scenarios. For more information, see Overview of the mailbox import and export APIs in Microsoft Graph.

Reports | Identity and access reports

Added attributeCollectionStart, attributeCollectionSubmit, and emailOtpSend as supported values for the eventType property of the appliedAuthenticationEventListener resource.

Sites and lists

Archive or unarchive a SharePoint site.

Tasks and plans

Use the teamsChannel container type to create plans in shared channels in Microsoft Teams.

Teamwork and communications | Calls and online meetings

Get change notifications for Microsoft Teams emergency call event updates.

Teamwork and communications | Messaging

Get a chat message that includes a Microsoft Loop component as two attachments.

December 2024: New and generally available

Reports

Microsoft Graph activity logs, which provide an audit trail of all HTTP requests that Microsoft Graph received and processed for your tenant, are now available in China operated by 21Vianet.

Security | Alerts and incidents

Enabled the description, displayName, resolvingComment, and severity properties as supported properties in an Update incident request.

Teamwork and communications | Calls and online meetings

  • Use the following new methods for virtual events that are of the virtualEventTownhall type:
    • List all virtual event town halls created in a tenant.
    • Get the virtual event town halls where a specified user is an organizer or coorganizer.
    • Get the virtual event town halls where the signed-in user is an organizer or coorganizer.
  • Link external event information to a virtualEventTownhall or virtualEventWebinar by setting an externalEventId.
  • Use the externalEventInformation on virtualEventTownhall and virtualEventWebinar to identify the external event information of a virtual event.
  • Use the externalRegistrationInformation property on virtualEventRegistration to get or set the external information for a virtual event registration.

Teamwork and communications | Shift management

Users

Published the following lesser privileged permissions for managing specific scenarios on the user object:

Permission Comments
User-Mail.ReadWrite.All Least privileged permission to update the otherMails property.
User-PasswordProfile.ReadWrite.All Least privileged permission to read and write password reset-related properties.
User-Phone.ReadWrite.All Least privileged permission to update the businessPhones and mobilePhone properties. Previously, only the Directory.AccessAsUser.All permission was supported to update the properties for admin user. We recommend you move the lesser privileged permission instead.
User.EnableDisableAccount.All Least privileged permission to update the accountEnabled property. Requires User.Read.All permission as well. Previously, only the Directory.AccessAsUser.All permission was supported to update the account status for admin users. We recommend you move the lesser privileged permission instead.
User.DeleteRestore.All Least privileged permission to delete a user, restore a deleted user from the recycle bin, or permanently delete a deleted user from the recycle bin. Also allows retrieving deleted users via the /directory/deleteditems/microsoft.graph.user endpoint.

December 2024: New in preview only

Backup Storage

Use the new restore bulk addition request API for more convenient, efficient, and scalable restore solutions. This API is designed to streamline the restore process by allowing direct submission of restoration resources in a bulk request. The following resources are supported:

Device and app management | Cloud PC

Identity and access | Directory management

While restoring soft-deleted users, you can now specify whether Microsoft Entra ID should replace the user's userPrincipalName with a new value.

Identity and access | Identity and sign-in

Reports | Microsoft 365 monitoring reports

The Microsoft 365 monitoring APIs provide telemetry data to monitor the health of various Microsoft services within a Microsoft 365 subscription for your organization. Use the new operations in the serviceActivity resource to get telemetry data for Exchange Online, Microsoft 365 Apps, and Microsoft Teams.

Security | Alerts and incidents

Enabled the description, displayName, and severity properties as supported properties in an Update incident request.

Sites and lists

Create and manage a news link page in SharePoint.

Teamwork and communications | Calls and online meetings

The get and list operations of the callRecording and callTranscript resources support the retrieval of call recordings or call transcripts from private chat meetings and channel meetings.

Teamwork and communications | Messaging

Use the firstChannelName property on team to set the name of the first channel created in a team.

November 2024: New and generally available

Applications | Policies

Use the state property on keyCredentialConfiguration and passwordCredentialConfiguration to indicate whether a restriction is evaluated.

Files

Use a range of new methods and resources for enhanced file storage management, including methods for managing columns and recycle bin items. You can also run operations like restore, lock, unlock, and more across the fileStorageContainer, fileStorage, and recycleBin resources.

Security | Alerts and incidents

Enabled the active, pendingApproval, declined, unremediated, running, and partiallyRemediated statuses in the evidenceRemediationStatus enumeration. Use these new statuses via the remediationStatus property of the alertEvidence and its inherited types.

Security | Identities

The Defender for Identity sensors management API enables you to create detailed reports on the sensors in your workspace, providing information such as server name, sensor version, type, state, and health status. It also allows you to manage sensor settings, including adding descriptions, enabling or disabling delayed updates, and specifying the domain controller the sensor connects to for querying Entra ID. For more information, see sensor.

Teamwork and communications | Calls and online meetings

Use the administrativeUnitInfos property on participant and organizer to get the IDs of one or more administrative units for a call participant.

November 2024: New in preview only

Device and app management | Cloud PC

Device and app management | Device updates

Files

Lock or unlock a fileStorageContainer.

Identity and access | Identity and sign-in

Identity and access | Network access

List, create, get, update, and delete fqdnFilteringRule and webCategoryFilteringRule resources that are derived types of filteringRule.

Reports | Identity and access reports

Use the sessionId property on signIn to get the identifier of the session that was generated during a sign-in.

Security | Discovered cloud apps

The new Microsoft Defender for Cloud apps API in Microsoft Graph is designed to provide an efficient and reliable way to query discovered apps information, making it easier for you to analyze the risks associated with the discovered apps. Use the following resources and their methods to get data and insights across the discovered SaaS apps ecosystem:

Security | eDiscovery

Added application authentication for Microsoft Purview eDiscovery Graph APIs. For more information about setting up app-only access, see Set up application authentication.

Teamwork and communications | AI interactions

Use the getAllEnterpriseInteractions method to get Microsoft 365 Copilot interaction data, including user prompts to Copilot and Copilot responses.

Teamwork and communications | Calls and online meetings

October 2024: New and generally available

Backup storage

Updated the endpoints of the following methods:

Change notifications

Enabled the $notifyOnUserSpecificProperties query parameter as a value of the resource property in the subscription resource. You can use the notifyOnUserSpecificProperties parameter when you subscribe to notifications in a particular chat.

Identity and access | Directory management

Security | eDiscovery

  • Enabled the deletion of Exchange mailbox items in the ediscoverySearch: purgeData method.
  • Deleted the permanentlyDeleted member from the purgeType enumeration in favor of the permanentlyDelete member.
  • Export results and a report from an ediscoverySearch.
  • Legal holds are holds that are tied to an eDiscovery case. To learn more about a legal hold policy and its supported methods, see ediscoveryHoldPolicy.

Teamwork and communications | Apps

Use the clientAppId property on teamsAppAuthorization to get the registration ID of the Microsoft Entra app ID associated with an app in the Microsoft Teams app catalog.

Teamwork and communications | Calls and online meetings

Use the isDeltaRosterEnabled property on incomingCallOptions and outgoingCallOptions to indicate whether delta roster is enabled for a call.

Teamwork and communications | Messaging

  • Updated the chatMessage: delta method to use a new endpoint that gets the list of delta messages from all chats in which a user is a participant, including one-on-one chats, group chats, and meeting chats.
  • Use the reactionContentUrl property on chatMessageReaction to represent the hosted content URL for a custom reaction in a chatMessage.
  • Use the <customemoji></customemoji> tag on the content property of the itemBody resource to represent custom emojis in the message body in a chatMessage.
  • Use the displayName property on chatMessageReaction to represent the reaction name in a chatMessage.

October 2024: New in preview only

Backup storage

Added new endpoints for bulk addition of protection units into a protection policy:

Updated the endpoints of the following methods:

Device and app management | Cloud licensing

Device and app management | Cloud PC

  • Enabled the $select query parameter for the cloudPC: getProvisionedCloudPCs method.
  • Use the notificationSetting property on cloudPcUserSetting to define the Cloud PC notification prompts for a Cloud PC user.
  • Enabled the cloudPcFrontlineBufferUsageScenario member in the alertRuleTemplate enumeration.
  • Enabled the frontlineBufferUsageDuration and frontlineBufferUsageThreshold members in the ruleCondition enumeration.

Identity and access | Directory management

Get or update the uxSetting that restricts access to Microsoft Entra admin center to only administrators.

Identity and access | Identity and sign-in

Enabled suspiciousAPITraffic as a supported value for the riskEventType property in the servicePrincipalRiskDetection resource. You can retrieve this value when you use either the List servicePrincipalRiskDetections or Get servicePrincipalRiskDetection APIs.

Reports | Identity and access reports

The Microsoft Entra Health monitoring alerts APIs enable you to detect anomalous usage patterns in business-critical identity scenarios for your tenant and receive alert notifications. Use the operations of the alert and alertConfiguration resources to retrieve and update alerts and alert configurations. For details, see the related changelog section.

Security | eDiscovery

  • Enabled the deletion of Exchange mailbox items in the ediscoverySearch: purgeData method.
  • Deleted the permanentlyDeleted member from the purgeType enumeration in favor of the permanentlyDelete member.

Sites and lists

Updated the endpoints of the following methods:

Teamwork and communications | Calls and online meetings

  • Use the externalRegistrationInformation property on virtualEventRegistration to get or set the external information for a virtual event registration.
  • Use the following new methods for virtual events that are of the virtualEventTownhall type:
    • List all virtual event town halls created in a tenant.
    • Get the virtual event town halls where a specified user is an organizer or coorganizer.
    • Get the virtual event town halls where the signed-in user is an organizer or coorganizer.

Teamwork and communications | Messaging

  • Updated the chatMessage: delta method to use a new endpoint that gets the list of delta messages from all chats in which a user is a participant, including one-on-one chats, group chats, and meeting chats.
  • Get a chat message that has a forwarded message as an attachment.
  • Remove multiple members from a team in a single request.

Users

Changed the following on-premises synced properties of the user resource type that were read-only in Microsoft Graph to be updatable via Microsoft Graph:

  • onPremisesDistinguishedName
  • onPremisesDomainName
  • onPremisesSamAccountName
  • onPremisesSecurityIdentifier
  • onPremisesUserPrincipalName

September 2024: New and generally available

Change notifications

Announced the deprecation of shared access signatures (SAS) for authenticating Event Hubs for Microsoft Graph change notifications. We recommend using Microsoft Entra ID role-based access control (RBAC) instead. Follow the guidance to migrate to RBAC.

Identity and access | Directory management

Removed the previously deprecated Directory.Write.Restricted permission from the device, group, and user resources.

Security | Alerts and incidents

  • Use the dnsDomain property on deviceEvidence to get the DNS domain that a computer belongs to.
  • Use the hostName property on deviceEvidence to get the hostname without the domain suffix.
  • Use the ntDomain property on deviceEvidence to get a logical grouping of computers within a Microsoft Windows network.

Security | Identities

Added the ability to get, list, and update Microsoft Defender for Identity health issues that represent potential issues identified within a customer's Defender for Identity configuration.

Teamwork and communications | Messaging

September 2024: New in preview only

Applications | Service principal

Use the serviceManagementReference optional property in the applicationTemplate: instantiate method to set the service tree ID for a service.

Device and app management | Cloud PC

Deprecated the following methods:

Files

Identity and access | Directory management

Use the passwordResetUri property on internalDomainFederation to get or set the URI that clients are redirected to for resetting their password.

Identity and access | Identity and sign in

Reports | Microsoft 365 usage reports

  • Get the most recent activity data for enabled users of Microsoft 365 Copilot apps.
  • Get the aggregated number of active and enabled users of Microsoft 365 Copilot for a specified time period.
  • Get the trend in the daily number of active and enabled users of Microsoft 365 Copilot for a specified time period.

Security | Alerts and incidents

  • Use the dnsDomain property on deviceEvidence to get the DNS domain that a computer belongs to.
  • Use the hostName property on deviceEvidence to get the hostname without the domain suffix.
  • Use the ntDomain property on deviceEvidence to get a logical grouping of computers within a Microsoft Windows network.

Security | Identities

Teamwork and communications | Calls and online meetings

Use the isDeltaRosterEnabled property on incomingCallOptions and outgoingCallOptions to indicate whether delta roster is enabled for a call.

August 2024: New and generally available

Education

Employee experience | Employee engagement

Introduced the general availability of the Viva Engage API in Microsoft Graph. A Viva Engage community is a central place for conversations, files, events, and updates for people sharing a common interest or goal. Use the Viva Engage API for the following scenarios:

People and workplace intelligence | Insights

Get and update user privacy settings for itemInsights and meeting hours insights. Use the userInsightsSettings resource to enable or disable the calculation and visibility of item insights and meeting hours insights for a user.

Reports | Microsoft 365 usage reports

Get or update tenant-wide settings to hide or show identifiable information for users, groups, or sites in Microsoft 365 usage reports.

Teamwork and communications | Online meeting

  • Enabled the $select query parameter for the Get callRecording method.
  • Enabled the $select query parameter for the Get callTranscript method.
  • Enabled the $filter, $select, and $top query parameters for the List recordings method.
  • Enabled the $filter, $select, and $top query parameters for the List transcripts method.
  • Get all recordings and transcripts from scheduled online meeting instances for which the specified user is the organizer.
  • Get a set of recording and transcript resources that were added for online meeting instances organized by the specified user.

Teamwork and communications | Settings

Enabled the Spain and Mexico values as supported regions for the region property of the teamwork and userTeamwork resources.

August 2024: New in preview only

Identity and access | Partner Center security

Introduced the partner security score API. Use this API to generate security scores for partners to help them enhance their posture. The API provides a history of score changes, detailed customer insights, and requirement score information.

Device and app management | Cloud PC

Education

Teamwork and communications | Apps

Use the clientAppId property on teamsAppAuthorization to get the registration ID of the Microsoft Entra app ID associated with an app in the Microsoft Teams app catalog.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Messaging

Use the displayName property on the chatMessageReaction resource to represent the reaction name chatMessage.

Teamwork and communications | Online meeting

Teamwork and communications | Settings

Enabled the Spain and Mexico values as supported regions for the region property of the teamwork and userTeamwork resources.

Security | Identities

Added the ability to get, list, and update Microsoft Defender for Identity sensors settings.

July 2024: New and generally available

Backup Storage

The new Microsoft 365 Backup Storage API enables partners to build customized versions of their applications that are integrated with the Microsoft 365 Backup Storage platform. This helps to ensure exceptionally fast recovery from typical business continuity and disaster recovery (BCDR) scenarios, such as ransomware attacks or accidental/malicious deletion or overwriting of content by employees. For more information, see Backup Storage.

Customer booking

Security | Alerts and incidents

Use the summary property to get details about what happened, impacted assets, and the type of attack on an incident.

Teamwork and communications | Calls and online meetings

Change notifications

Enabled change notifications support to the methods to list, get, create, update, and delete a subscription for approvalItems in a tenant.

July 2024: New in preview only

Applications | Application

Use the configurationUris property on applicationTemplate to get the URIs required for the single sign-on configuration of a preintegrated application.

Device and app management | Cloud PC

  • Use the disasterRecoveryCapability property on cloudPC to get the disaster recovery status of the Cloud PC, including the primary region, secondary region, and capability type.
  • Use the autopatch property on cloudPcProvisioningPolicy to get or set specific settings for Windows Autopatch that enable its customers to experience it on Cloud PC.

Education

Identity and access | Directory management

Added the ability to initiate an external admin takeover of an unmanaged domain via the domain-verify API operation.

The following objects are removed:

  • cloudPcSharedUseServicePlan resource and its supported methods. Going forward, use the cloudPcFrontLineServicePlan resource.
  • sharedUseServicePlans relationship from the virtualEndpoint resource. Going forward, use the frontLineServicePlans relationship.

People and workplace intelligence | Profile

Use the companyCode on companyDetail to get or set the legal entity number of the company or its subdivision.

Security | Alerts and incidents

Use the summary property to get details about what happened, impacted assets, and the type of attack on an incident.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Shift management

Added the ability to start and end the working time of a specific user.

June 2024: New and generally available

Change notifications

Enabled change notifications support to the methods to list, get, create, reauthorize, update, and delete a subscription for offerShiftRequest, openShiftChangeRequest, shift, swapShiftsChangeRequest, and timeOffRequest.

Identity and access | Identity and sign-in

Get or update the cross-tenant access default settings to include cross-tenant access policy tenant restrictions that restrict organization users accessing an external organization on their network or devices.

Files

People and workplace intelligence | People admin settings

  • Use more granular privacy control over the availability and display of item insights in Microsoft 365. These insights represent the relationships between a user and documents in OneDrive for work or school, calculated using advanced analytics and machine learning techniques.
  • Update insightsSettings to disable item insights for a specific Microsoft Entra group or an entire organization. You can also use the List itemInsights API to display or return item insights in an organization.

Permanently delete a fileStorageContainer.

Microsoft Graph Data Connect

Effective January 31, 2024, billing is now enabled for all Microsoft Graph Data Connect pipelines on Microsoft Fabric. Update your application in the Microsoft Graph Data Connect experience in the Azure portal to use it with Fabric.

Security | Threat intelligence

Use the relatedHosts method to get a list of related host resources associated with an sslCertificate.

Teamwork and communications | Messaging

Archive or unarchive a channel in a team.

June 2024: New in preview only

Change notifications

Enabled change notifications support to the methods to list, get, create, reauthorize, update, and delete a subscription for offerShiftRequest, openShiftChangeRequest, shift, swapShiftsChangeRequest, and timeOffRequest.

Device and app management | Cloud PC

  • Removed the type property from the cloudPcAuditResource resource. Going forward, use the resourceType property.
  • Use the deviceRegionName property on cloudPC to get the name of the geographical region where the Cloud PC is currently provisioned.
  • Use the initiatedByUserPrincipalName property on cloudPcBulkAction to get the user principal name (UPN) of the user who initiated a bulk action.
  • Use the status property on cloudPcBulkAction to get the status of bulk actions.
  • Perform bulk disaster recovery failover and failback actions to initiate the activation or deactivation of cross-region disaster recovery during regional outage scenarios.
  • Deprecated the getCloudPcRemoteActionResults method in favor of the retrieveCloudPcRemoteActionResults method.
  • Use the retrieveCrossRegionDisasterRecoveryReport method on the cloudPcReports resource to retrieve the Windows 365 cross-region disaster recovery report with configuration health check results, disaster recovery status, latest cross-region restore points, and user settings.

Employee experience | Employee engagement

List, update, and delete Viva Engage [community] objects.

Files

You can now discard a checkout of a driveItem.

Identity and access | Directory management

When restoring soft-deleted users, you can now specify whether Microsoft Entra ID should autoreconcile conflicting proxy addresses if one or more of the soft-deleted user's proxy addresses are currently used for an active user.

Identity and access | Identity and sign-in

You can now control multifactor authentication (MFA) on an individual user basis, commonly referred to as per-user MFA on the Microsoft Entra admin center, by using the authenticationMethod resource and its associated methods.

Identity and access | Network access

You can now enable and control compliant network check with Conditional Access through the Global Secure Access service by using the compliantNetworkNamedLocation resource type and its associated methods.

Security | Threat intelligence

Use the relatedHosts method to get a list of related host resources associated with an sslCertificate.

Sites and lists

Added content model support to sites. You can apply content models to SharePoint document libraries to classify and extract metadata from files. The new APIs enable you to do the following:

The content model automatically processes new files that are added to the libraries. You can create document processing jobs to process existing files.

Tasks and plans

Assign a sensitivity label to a plannerRoster.

Teamwork and communications | Calls and online meetings

May 2024: New and generally available

Identity and access | Identity and sign-in

Customize the authentication experience for your customers by using user flows in Microsoft Entra External ID in external tenants. In the self-service sign-up user flow, you can collect user attributes, disable sign-up and only allow sign in, and also integrate with systems that are external to Microsoft Entra ID.

Teamwork and communications | Calls and online meetings

Get the list of callRecord objects and their properties and the associated participant objects for each callRecord using the following APIs:

The following properties are deprecated:

  • organizer property on callRecord in favor of the organizer_v2 relationship.
  • participants property on callRecord in favor of the participants_v2 relationship.
  • identity property on participantEndpoint in favor of the associatedIdentity property.

May 2024: New in preview only

Backup storage

The new Microsoft 365 Backup Storage API enables partners to build customized versions of their applications that are integrated with the Microsoft 365 Backup Storage platform. This helps to ensure exceptionally fast recovery from typical business continuity and disaster recovery (BCDR) scenarios, such as ransomware attacks or accidental/malicious deletion or overwriting of content by employees. To explore the API, see Backup restore root.

Change notifications

Device and app management | Cloud PC

Create a snapshot for a specific Cloud PC device.

Deprecated the following methods on the cloudPC resource:

Identity and access | Identity and sign-in

  • Use the externalAuthenticationMethodConfiguration resource type and its associated methods to manage the configuration of external authentication methods and define users who can use the external authentication methods to satisfy the second factor of Microsoft Entra ID multifactor authentication requirements.
  • Added API operations to retrieve or update keys in an Azure AD B2C Identity Experience Framework (IEF) policy through the new trustFrameworkKey_v2 resource type and its associated methods.
  • The custom claims policy API allows application admins to customize the additional claims emitted in tokens affected by this policy. This API enables admins to manage the claims for their application from the Microsoft Entra admin center and by using the Microsoft Graph API interchangeably, allowing more flexibility in their application claims management experience.

Microsoft Graph Bicep templates

Use the new Bicep templates for Microsoft Graph resources to deploy Microsoft Graph resources for your infrastructure as code (IaC) projects. The following Microsoft Graph resources are currently supported as Bicep resource types:

  • application
  • appRoleAssignedTo
  • group
  • federatedIdentityCredential
  • oauth2PermissionGrant
  • servicePrincipal

Microsoft Graph Bicep is currently in preview, but can be used to deploy Microsoft Graph resources that are in v1.0 and beta.

Use the includeHiddenContent property on the sharePointOneDriveOptions resource to include hidden content, such as archived content and SharePoint Embedded (RaaS), in search results.

Security | eDiscovery

Export results and a report from an ediscoverySearch.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Messaging

  • Use the reactionContentUrl property on chatMessageReaction to represent the hosted content URL for a custom reaction in a chatMessage.
  • Use the <customemoji></customemoji> tag on the content property of the itemBody resource to represent custom emojis in the message body in a chatMessage.
  • Use the isHiddenForAllMembers property to indicate whether a chat is hidden from all its members.
  • Use the createdBy property on chat to retrieve the entity that created the chat.

April 2024: New and generally available

Applications

Identity and access | Governance

Use the Create operation on the workflow resource to create now up to 100 workflows that is an increase from the previous limit of 50.

Identity and access | Identity and sign-in

  • Configure the default identity provider to use in redemption flow settings for Microsoft Entra ID B2B collaboration.
  • Use a custom authentication extension to manage the configuration and get data from a system external to Microsoft Entra ID, such as a database, so to customize the authentication experience for users. This feature is available for both Microsoft Entra for workforce tenants and Microsoft Entra External ID.
  • To customize an authentication process, use an authentication event listener to manage listeners and handlers that trigger the execution of custom logic during the authentication experience. This feature is available for both Microsoft Entra for workforce tenants and Microsoft Entra External ID.
  • Multiple tenants in Microsoft Entra ID can now collaborate seamlessly as a single entity by using multi-tenant organization APIs. Set up and manage a multi-tenant organization, and configure cross-tenant policies for multi-tenant organization tenants through policy templates.

Groups

Added the upsert capability to the group resource type. Use this capability to create a group if it doesn't exist, or update an existing group, by using the uniqueName client-provided key.

Reports | Identity and access reports

Added the lastSuccessfulSignInDateTime and lastSuccessfulSignInRequestId properties to the signInActivity resource. Use the lastSuccessfulSignInDateTime property to get the last successful sign-in time for a specific user, regardless of whether the sign-in was interactive or non-interactive. The data isn't backfilled for this property.

Security | Legacy alerts

The /security/alerts endpoint is deprecated and will stop returning data on April 10, 2026.

Sites and lists

You can now:

Work with site pages and horizonal and vertical sections of pages.

Users

Associate users or groups as sponsors for a guest user's privileges in the tenant and keep the guest user's information and access updated. You can assign a sponsor, list sponsors, and remove a sponsor.

April 2024: New in preview only

Device and app management | Cloud PC

  • Use the allotmentDisplayName property on cloudPC to divide tenant licenses into smaller batches or groups that help restrict the number of licenses available for use in a specific assignment.
  • Deprecated the type property on cloudPcAuditResource in favor of the resourceType property.
  • Deprecated the shared member on cloudPcProvisioningType in favor of the sharedByUser member.
  • Added the sharedbyEntraGroup member as a new provisioning type under cloudPcProvisioningType.

Identity and access | Governance

Use the Create operation on the workflow resource to create now up to 100 workflows that is an increase from the previous limit of 50.

Identity and access | Network access

Updated the definition of physical locations for customer premises equipment in the Global Secure Access services from the branchSite resource type to the remoteNetwork resource type. The branchSite resource type and its associated properties, relationships, and endpoints are deprecated will be retired soon. Use the remoteNetwork resource type and its associated properties, relationships, and endpoints.

Identity and access | Partner customer administration

As a partner in the Cloud Solution Provider (CSP) program, you're responsible for your customer's Azure consumption; therefore, it's important that you're aware of any anomalous usage in your customer's Azure subscriptions. Use the partner security alert API in Microsoft Graph to detect fraudulent activities and misuse in your customer's Azure resources. Mitigating and responding to the alerts within 24 hours can help to significantly reduce the financial loss that your customers might incur during the compromise.

Industry data ETL

The outbound provisioning flow set, which represents a collection of outbound provisioning flows used to configure how school data sync populates data in Microsoft 365 and Microsoft Entra ID, is now generally available.

An outbound provisioning flow set can contain no more than one of each provisioning flow configuration: userProvisioningFlow, classGroupProvisioingFlow, securityGroupProvisioingFlow, administrativeUnitProvisioingFlow.

When calling the industry data ETL API, take advantage of more granular permissions added for reading or writing outbound provisioning flow set data by using the new permissions IndustryData-OutboundFlow.Read.All and IndustryData-OutboundFlow.ReadWrite.All.

People and workplace intelligence | People

Deprecated the /organization/{organizationId}/settings/itemInsights endpoint in favor of the new peopleAdminSettings resource and introduced the List method on the peopleAdminSettings resource.

Reports | Identity and access reports

  • Added the nativeAuth member as a supported protocol type to the authenticationProtocol in the signIn resource.
  • The previously deprecated activeUsersBreakdownMetric resource and its associated APIs are now retired. To get insights into daily and monthly user activity on apps registered in your tenant that's configured for Microsoft Entra External ID for customers, use the activeUsersMetric resource type and its associated APIs.

Security | Legacy alerts

The /security/alerts endpoint is deprecated and will stop returning data on April 10, 2026.

Security | Threat intelligence indicator

The /security/tiindicators endpoint is deprecated and will stop returning data on April 10, 2026.

Teamwork and communications | Calls and online meetings

A town hall is a type of meeting available in Microsoft Teams. Whether you're marking milestone achievements within your organization or covering an election, town hall features enable you to provide high-quality production experiences to large audiences. You can create, publish, and cancel town hall meetings by using the following APIs:

For more information about town hall APIs, see virtualEventTownhall.

Teamwork and communications | Messaging

Send chatMessage in a channel or a chat with a file attachment in it using file share link.

March 2024: New and generally available

Applications

Perform a bulk upload as a synchronization job to ingest data into the Microsoft Entra ID synchronization service.

Cross-device experiences

Added the ability to list and get Windows settings and Windows settings instances.

Device and app management | Cloud PC

  • List, get, end grace period, reboot, rename, restore, and troubleshoot operations are now available on cloudPC.
  • List and get operations are now available on cloudPcAuditEvent.
  • List, get, create, update, delete, and assign provisioning policies operations are now available on cloudPcProvisioningPolicy.
  • List, get, create, update, delete, and assign user settings operations are now available on cloudPcUserSetting.
  • List, get, create, delete, and get source images operations are now available on cloudPcDeviceImage.
  • List and get operations are now available on cloudPcGalleryImage.

Education | Assignment

Enabled the $expand query parameter for the Get educationAssignment method.

Identity and access | Directory management

  • The organization entity now returns the CIAM tenantType to identify tenants that are set up as Microsoft Entra ID for customers tenants, a customer identity & access management (CIAM) solution.
  • New properties set by Intune on the device resource: enrollmentType, isRooted, and managementType.

Reports | Partner billing reports

Use the billedReconciliation: export API to access billed invoice reconciliation data.

March 2024: New in preview only

Security | Attack simulation and training

Use the training campaign API to directly assign security trainings to users.

Applications

Use the upsert capability to create an application, federatedIdentityCredential, or servicePrincipal if it doesn't exist, or update an existing object, by using a client-provided key. For more information, see the following API operations:

Device and app management | Cloud PC

Deprecated the following properties:

Device and app management | Device updates

Added methods to the Windows Updates API for Windows products, including retrieval of known issues by time range, finding product revisions by catalog ID, and by knowledge base number.

Files

Use the Get file by contentStream method to download file content directly instead of getting a 302 redirect URL.

Groups

Added the upsert capability to the group resource type. Use this capability to create a group if it doesn't exist, or update an existing group, by using the uniqueName client-provided key.

Identity and access | Identity and sign-in

Use the federatedTokenValidationPolicy resource type and its associated methods to manage whether Microsoft Entra ID validates federation authentication tokens.

Security | Email and collaboration protection

Added the ability to list emails analyzed by Microsoft Defender for Office 365, get email related metadata, and perform response actions (soft delete, hard delete, move to junk, move to Inbox).

Security | Identities

Added the ability to get, list, and update Microsoft Defender for Identity health issues.

Users

Added the ability to convert an external user to an internal member user using the user: convertExternalToInternalMemberUser API. This conversion allows the converted users to maintain their existing user object and access, while gaining the full privileges of an internal member user in the tenant.

February 2024: New and generally available

Microsoft Graph Toolkit

Microsoft Graph Toolkit v4 is now available. For details about changes in the latest release, see Upgrade to the latest version of Microsoft Graph Toolkit.

Identity and access | Identity and sign-in

  • Introduced the following more granular delegated and application permissions for managing tenant branding through the organizationalBranding and organizationalBrandingLocalization resource types:
    • Use OrganizationalBranding.Read.All permission for read operations instead of the Organization.Read.All permission.
    • Use OrganizationalBranding.ReadWrite.All permission for read and write operations instead of the Organization.ReadWrite.All permission.

February 2024: New in preview only

Calendars

Use the iCalUId property on event to get the unique identifier for an event across calendars.

Search

Set up acronym, bookmark, and qna resources as administrative search answers for users in an organization.

Education

  • Teachers can activate an inactive assignment to signal that the assignment has further action items for teachers or students.
  • Teachers can deactivate and mark an assignment as inactive to signal that the assignment has no further action items for teachers and students.

Identity and access | Directory management

  • Updated the descriptions of the model and manufacturer properties in the device resource to clarify their read-only status, replacing the outdated descriptions related to Project Rome sign-ins.
  • Enabled tenants to update the following properties of the organization entity: businessPhones, city, postalCode, preferredLanguage, state, street.
  • You can now invite external users to Teams and manage the lifecycle of their invitation through the pendingExternalUserProfile resource type and its associated methods. After the user redeems their pending profile, you can manage their profile in your tenant through the externalUserProfile resource type and its associated methods.

Identity and access | Identity and sign-in

Reports | Partner billing reports

Use the billedReconciliation: export API to access billed invoice reconciliation data.

Teamwork and communications | Apps

Use the dashboardCards navigation property on teamsAppDefinition to get dashboard cards specified in the manifest of a teamsApp.

Teamwork and communications | Calls and online meetings

Microsoft Teams custom meeting templates allow you to specify values for many of the meeting options available to meeting organizers. Use the meetingTemplateId property on onlineMeeting to create an online meeting with a meeting template.

Teamwork and communications | Messaging

Teamwork and communications | Shift management

  • Added the ability to get shifts and get time offs across all teams that a user is a direct member of.
  • Added the isCrossLocationShiftRequestApprovalRequired and isCrossLocationShiftsEnabled properties on schedule to support two cross location scenarios.
  • Added the ability to get and update front-line managers' capabilities in a Shifts schedule.
  • Added the ability to get and update frontline managers' capabilities in a Shifts schedule.

January 2024: New and generally available

Device and app management | Cloud PC

The virtualEndpoint resource is generally available, laying the foundation for future Cloud PC updates to the v1.0 path.

Education

Use the webURL property to get the deep link URL of an educationSubmission.

Identity and access | Governance

Through the attributes property of the accessPackageResource resource type, you can now view details of the attributes that are collected from the requestor and sent to the resource application.

Reports | Partner billing reports

The new partner billing API in Microsoft Graph offers Microsoft direct partners a faster, more efficient way to export their high-volume billed and unbilled Azure usage data. Partners can quickly create export operations, monitor their status, and retrieve manifests using the following APIs:

Teamwork and communications | Calls and online meetings

January 2024: New in preview only

Applications

For Azure AD Connect cloud sync scenarios, you can now specify organizational units and groups that are in scope of a synchronizationRule. For details, see the related changelog section.

Device and app management | Cloud PC

The following properties are deprecated:

Identity and access | Governance

  • You can refresh an access package resource request to fetch the latest information for an access package resource from the origin system.
  • Added the assignmentRequests relationship to the entitlementManagement resource type and updated the API endpoints for the managing access package assignment requests from /identityGovernance/entitlementManagement/accessPackageAssignmentRequests/ which will be retired soon to /identityGovernance/entitlementManagement/assignmentRequests/. Inspect the API paths in your code and update to the new request paths for the Create, Delete, Get, and List operations.

Identity and access | Identity and sign-in

Added the x509CertificateCombinationConfiguration resource type as a new derived type for authenticationCombinationConfiguration resource type which helps you set restrictions on specific types, modes, or versions of an authentication method used in an authentication strength. Previously, you could only restrict the allowed FIDO2 key types. The x509CertificateCombinationConfiguration type allows you to configure the list of allowed values for specific certificate properties.

Reports | Partner billing reports

The new partner billing API in Microsoft Graph offers Microsoft direct partners a faster, more efficient way to export their high-volume billed and unbilled Azure usage data. Partners can quickly create export operations, monitor their status, and retrieve manifests using the following APIs:

Users

Added the deletePasswordSingleSignOnCredentials and getPasswordSingleSignOnCredentials methods to the user resource for deleting and retrieving the password-based single sign-on credentials for a user to a given service principal.

December 2023: New and generally available

Identity and access | Directory management

When a Microsoft service fails to provision a user, group, or organizational contact, and returns an error, you can now manually retry provisioning using the following APIs:

For details, see the related changelog section.

Teams meeting APIs

Pricing updates for the Teams meeting APIs apply starting January 1, 2024. For more information, see Payment models and licensing requirements for Microsoft Teams APIs.

Teamwork and communications | Calls and online meetings

Manage change notifications for virtual events using the Create, Get, Update, and Delete operations of the subscription resource.

December 2023: New in preview only

Employee experience | Employee engagement

Create and get a Viva Engage community that is a central place for conversations, files, events, and updates for people sharing a common interest or goal. Use the Viva Engage API for the following scenarios:

For details, see the related changelog section.

Identity and access | Identity and sign-in

For details, see the related changelog section.

Teamwork and communications | Calls and online meetings

Manage change notifications for virtual events using the Create, Get, Update, and Delete operations of the subscription resource.

Teamwork and communications | Shift management

For details, see the related changelog section_.

November 2023: New and generally available

Files

Manage the lifecycle of a drive item (file or folder) by using retention labels:

See the related changelog section.

Groups

Delete a group's profile photo. See the related changelog section.

Identity and access | Directory management

Optionally define a directory extension as a multi-valued custom property that contains a collection of objects, instead of a single-valued property. See the related changelog section.

Security | Alerts and incidents

Get an alert that can indicate a more specific workload protection plan of Microsoft Defender for Cloud as the source that detected notable component or activity. Examples of more specific workload protection plans include Microsoft Defender for IoT, Microsoft Defender for Servers, Microsoft Defender for Storage. For a list of the additional possible sources, see the related changelog section.

Use SDKs

  • The Microsoft Graph Python SDK is now generally available. You can now access the beta and v1.0 endpoints of Microsoft Graph, with a fluent experience, designed to facilitate discoverability with the best features of the Python language. With simplified initialization and authentication, you can start making requests to Microsoft Graph with just 5 lines of code. The SDK also offers a built-in Retry-Handler that understands 429, 503, and 504 status codes. To learn more about the new Python SDK, see Introducing the Microsoft Graph Python SDK.
  • The Microsoft Graph PHP SDK v2.0 is now generally available. The Microsoft Graph PHP SDK 2.0.0 offers best-in-class features to improve developer efficiency and code quality. By solving cross-cutting concerns like authentication, retry, and batching, the SDK gives you time back to focus on the design and value of your application. To learn more about the new PHP SDK, see Write high quality code with the new Microsoft Graph PHP SDK v2.

Users

Delete the profile photo of a signed-in user. See the related changelog section.

November 2023: New in preview only

Device and app management | Cloud PC

Get the access state of a Frontline Cloud PC to determine whether the Frontline Cloud PC is accessible to a user. See the related changelog section.

Reports | Identity and access reports

As a best practice recommended for a Microsoft Entra tenant, get historical Secure Score data for the tenant. See the related changelog section.

Identity and access | Identity and sign-in

Identity and access | Network access

Get connectivity configuration details for customers' device link equipment at a branch site connected to Global Secure Access services. See the related changelog section.

Identity and access | Multicloud permissions management

Use the permissions management APIs to programmatically discover, remediate, and monitor permissions in your multicloud infrastructure. For each supported cloud infrastructure, you can:

  • Discover identities, resources, and permissions that identities have to resources, and what actions the identities can perform.
  • Request permissions for identities to resources; Grant or reject permissions requests.
  • Generate reports relating to permissions and resources.

Permissions Management currently supports only Microsoft Azure, Amazon Web Services (AWS), and Google Cloud Platform (GCP) cloud infrastructures. See the related changelog section.

Reports | Identity and access reports

Tasks and plans

Create a plan in a user container to let individual users track their own tasks. This provides the flexibility for users to share or collaborate on their personal plans, or subsequently upgrade their personal plans into group-based plans by moving the plan from the user container to a group container. See the related changelog section.

Teamwork and communications | Messaging

Remove a user's access to a chat. See the related changelog section.

October 2023: New and generally available

Applications

Get or set a remote desktop security configuration to enable the Microsoft Entra ID Remote Desktop Services (RDS) authentication protocol, for Microsoft Entra ID to authenticate users to joined or hybrid joined devices. The configuration also enables single sign-on (SSO) when RDP clients connect to a Microsoft Entra joined or Microsoft Entra hybrid joined device. See the related changelog section.

Compliance | Subjects rights request

Specify or get the search locations for a KQL-based content query in a subject rights request, such as mailboxes, SharePoint, OneDrive, or Teams channels. See the related changelog section.

Device and app management | Cloud printing

Include additional usage data in reports for user-based print activity and for printer-based print activity. Examples of usage data include the number of completed black-and-white print jobs and estimated number of single-sided media sheets. See the related changelog section.

External data connections

Optionally, specify the ID of a Teams app in an external connection in the connectorId property. See the related changelog section.

Identity and access | Directory management

List the credentials of local administrator accounts of devices that are associated with a deleted item, such as being a member of a deleted group or owned ore registered by a deleted user. See the related changelog section.

Identity and access | Governance

Use Privileged Identity Management (PIM) for groups to govern how principals are assigned membership or ownership of security and Microsoft 365 groups, such as the following capabilities:

  • Providing principals just-in-time membership or ownership of groups.
  • Assigning principals temporary membership or ownership of groups.

See the related changelog section.

Identity and access | Partner customer administration

Specify automatic extension of a delegated admin relationship between a partner and customer or between a Microsoft indirect reseller partner and a customer when the relationship expires. See the related changelog section.

People and workplace intelligence | People admin settings

Administrators can customize the profile card for users in an organization by using the profile card property API on built-in or custom attributes stored in Microsoft Entra ID. For more information, see Add or remove custom attributes on a profile card using the profile card API, and the related changelog section.

Security | Attack simulation and training

Security | Threat intelligence

Discover information about each host port that Microsoft Defender Threat Intelligence has observed on a host, including each host port component that has been seen on a port, the number of times that a port has been observed in all the scans, and what each host port banner response contains. See the related changelog section.

Teamwork and communications | Calls and online meetings

October 2023: New in preview only

Device and app management | Cloud PC

  • Running health checks for on premises network connection can now identify the active domain join check failed because the server is not operational. This could be due to network connectivity issues, DNS resolution issues, or problems with the domain controller itself. Make sure that the domain controller is running, and that ports that are required to be open between the client computer and the domain controller are enabled and not blocked. See the related changelog section.
  • Support app scenarios to create, update, delete, or run health checks on a Cloud PC on-premises connection without a signed-in user. See the related changelog section.
  • Get a raw real-time remote connection report for a Cloud PC without any calculation or aggregation. As an alternative, you can download the report by an export job. See the related changelog section.
  • Get a specified Cloud PC FrontLine service plan, or all such service plans that a customer has purchased. This type of Windows 365 Frontline-branded service plan provides an allotment of three Cloud PCs for an administrator to provision, for three active users at a time without assigning a Cloud PC to only one specific user. The service plan allows provisioned users to time-share, and let customers deploy a larger number of users. Customers using the pre-existing Cloud PC shared-use service plan should have switched to the Cloud PC Frontline service plan by October 8, 2023, as that plan has been deprecated and has stopped returning data since October 8, 2023. See the related changelog section.

Device and app management | Corporate management

Intune October updates for the beta version. See the related changelog section.

Identity and access | Directory management

Create and manage a certificate-based application configuration which represents a chain of trust that specifies allowed root and intermediate certificate authorities. This configuration is part of an app management policy used for application authentication and can restrict app developers to use only those certificates issued by authorities defined in the configuration. See the related changelog section.

Identity and access | Identity and sign-in

Reports and audit | Identity and access reports

Get Microsoft Entra service activity reports for sign-in metrics at minute-level granularity on four scenarios:

Tenant administrators can monitor the sign-in activities within their tenant across those four sign-in scenarios, and feed these metrics to their own monitoring or alerting system as appropriate. See the related changelog section.

Sites and lists

List items in the recycle bin of a SharePoint site. See the related changelog section.

Teamwork and communications | Calls and online meetings

Use the following new functions for virtual events that are of the webinar type:

  • Get the virtual event webinars where a specified user is an organizer or coorganizer.
  • Get the virtual event webinars where the signed-in user is an organizer or coorganizer.
  • See the related changelog section.

September 2023: New and generally available

Education

External data connections

As an option, include a label to indicate a property in the schema for an external connection is an icon URL. See the related changelog section.

Identity and access | Partner customer administration

A Microsoft indirect reseller partner administrator can approve or reject a reseller delegated admin relationship between a partner and a customer, created for them by a Microsoft indirect provider partner. See the related changelog section.

Security | Threat intelligence

  • Discover referential host pairs observed about a host. Host pairs include details such as information about HTTP redirections, consumption of CSS or images from a host, and more.
  • Read SSL certificate data, and SSL certificate data observered on a host. This data includes information about the SSL certificate and the relationship between the host and the SSL certificate.
  • Read subdomain details for a host. For every subdomain, there can be a new set of IP addresses to which the domain resolves. This can be a great data source for finding related infrastructure.
  • Read WHOIS details for a host. A common function of WHOIS in threat infrastructure is to identify or connect disparate entities based on unique data shared within the records.
  • See the related changelog section for the preceding updates for threat intelligence.

Teamwork and communications | Apps

Get or update tenant-wide settings to allow or disallow installing Teams apps that require resource-specific permissions in a chat or meeting. See the related changelog section.

Teamwork and communications | Calls and online meetings

Set a status message about a user's presence, such as their availability or user activity. See the related changelog section.

September 2023: New in preview only

Device and app management | Cloud PC

Device and app management | Corporate management

Intune September updates for the beta version. See the related changelog section.

Education

Support app scenarios to read or write an education module or learning resource without a signed-in user. Scenarios can include publishing, pinning, or unpinning a module, or setting up a SharePoint folder for resources in a module. See the related changelog section.

Identity and access | Directory management

Identity and access | Governance

Identity and access | Identity and sign-in

You can now configure the Microsoft Entra ID certificate-based authentication (CBA) policy to send hints back to the client application that filters the certificates shown in the certificate picker when the user initiates sign-in using a certificate.

Identity and access | Partner customer administration

When creating a delegated admin relationship between a partner and customer, set the duration by which the validity of the relationship is automatically extended. See the related changelog section.

Reports

The audit trail of all HTTP requests that Microsoft Graph received and processed for your tenant are now available through Microsoft Graph activity logs. Use Azure Monitor Logs to collect the logs and configure downstream destinations such as Azure Storage or stream with Azure Event Hubs to external security information and event management (SIEM) tools. For more information about Microsoft Graph activity logs, see Access Microsoft Graph activity logs (preview).

Security | Attack simulation and training

Create an attack simulation campaign with landing page, login page, training, and endUserNotifications. See the related changelog section.

Security | Records management

Support app scenarios to read any retention event, retention event type, and retention label without a signed-in user. See the related changelog section.

Teamwork and communications | Calls and online meetings

Workbooks and charts

Get tasks that a user has identified in association with a comment or reply for a comment in a worksheet:

See the related changelog section.

August 2023: New and generally available

Applications

Enable or disable the lock configuration of sensitive properties of a multitenant application for editing after the application is provisioned in a tenant.

Education

Create a class assignment using an application permission without a signed-in user present.

Files

Get the user who has checked out a drive item or a specific version of the drive item.

Identity and access | Directory management

Use the application permission OnPremDirectorySynchronization.Read.All or OnPremDirectorySynchronization.ReadWrite.All to read or update on-premises directory synchronization functionalities that are available for an organization, without a signed-in user present.

Security | Alerts and incidents

Manage additional resources, such as a Kubernetes account or service, or a storage blob or blob container, as specific types of evidence related to an alert. See an exact list of evidence types added.

Teamwork and communications | Apps

August 2023: New in preview only

Applications

Set as part of authentication behaviors a requirement that a multitenant resource application should have a service principal in the resource tenant before the application is granted access tokens.

Change notifications

Subscribe to changes when any recording becomes available for a specific meeting, or when any meeting recording becomes available in a tenant. For more information, see Use the Microsoft Graph API to get change notifications.

Device and app management | Cloud PC

  • Set up an alert rule by using a rule template for a grace period scenario. This type of an alert rule triggers an alert on the Microsoft Endpoint Manager admin center when a license or assignment change happens to the user and the Cloud PC enters a grace period. For more information about Cloud PC grace periods, see Device management overview for Cloud PCs. See the related changelog section.
  • Get informational status from the most recent health check on an on-premises network connection between a Cloud PC and Azure, involving Cloud PC add-on features such as single sign-on. This information is intended to optimize the user experience and doesn't affect the provisioning of the customer's Cloud PC. See the related changelog secton.

Device and app management | Device updates

Device and app management | Multi-tenant management

Get the license type of a specified managed tenant as part of the Microsoft Entra ID credential user registration, for example, AADFree, AADPremium1, AADPremium2.

Education

Organize individual learning resources in a systematic way in a module. Modules contain read-only learning resources and assignments the teacher wants the student to complete. The teacher can set up a resources folder on SharePoint for a module, pin one module at a time in a classwork list, unpin a module in a classwork list, and publish a module to a student's classwork list.

Identity and access | Directory management

Identify if a role or action supported by a directory RBAC provider is privileged.

Identity and access | Identity and sign-in

People and workplace intelligence | People

  • Use the delegated permission, PeopleSettings.Read.All or PeopleSettings.ReadWrite.All, to read or update people-related admin settings that are available for an organization, with a signed-in user present.
  • Use the policy-based application permission, PeopleSettings.Read.All or PeopleSettings.ReadWrite.All, to read or update people-related admin settings that are available for an organization, without a signed-in user present.

Reports | Identity and access reports

Get information about the managed identity used for a sign-in, including its type, associated Azure Resource Manager (ARM) resource ID, and federated token information.

Security | Threat intelligence

List host pair information for a host to reveal connections between websites, where your resources are being used and vice-versa, and adversaries' infrastructure of actor groups targeting your organization. A host pair is two pieces of infrastructure (a parent and a child), leveraging the relationship of which can build out a threat investigation. For more information, see infrastructure chaining, data sets, and host pairs.

Teamwork and communications | Calls and online meetings

Users

July 2023: New and generally available

Calendars

Request a lower privileged delegated or application permission, Calendar.ReadBasic, for most read operations for events in calendars, with or without a signed-in user present. This permission allows an app to read events of all calendars, except for properties such as body, attachments, and extensions. For the exact list of operations that support these permissions, see the July updates for Calendar.

Device and app management | Cloud printing

Get the printer name in reports for archived print jobs and printer usage.

Files

Permanently delete a file, folder, or other item stored in OneDrive or SharePoint.

Identity and access | Directory management

  • Find tenant information by domain name or by tenant ID.
  • Use a number of new properties to configure an organization's branding. For example, custom CSS for the sign-in page, a custom favicon with a CDN-based URL, custom link text and URL for "Terms of use" and "Privacy and cookies" in the footer, and a few other custom properties for users to manage accounts. For an exact list of these enhancements, see the API changelog.

Identity and access | Governance

Reports | Identity and access reports

  • Get a report of the details of the registered authentication methods for a specified user or users in an organization, such as multi-factor authentication, self-service password reset, and passwordless authentication.
  • Get a report of the number of users in an organization capable of each of multi-factor authentication, self-service password reset, and passwordless authentication in an organization.
  • Get a report of the number of users in an organization registered for each authentication method.

Security | Alerts and incidents

Get the Azure AD user display name for a user account which is involved in mailbox evidence, process evidence, or user evidence related to an alert.

Teamwork and communication | Apps

Support for granting scoped access (also known as resource-specific consent) to an app installed within a chat, team, or the personal scope of a user.

Teamwork and communications | Calls and online meetings

July 2023: New in preview only

Applications | Synchronization

Perform a bulk upload as a synchronization job to ingest data into the Azure AD synchronization service.

Device and app management | Cloud PC

Device and app management | Corporate management

Intune July updates for the beta version.

Identity and access | Directory management

  • Get or list one or more of the commercial subscription resources that an organization has acquired. A subscription resource contains the ID and part number of the SKU that it is associated with.
  • In a role definition, get one or more types of principals that can be assigned the role, including user, service principal, and group.

Identity and access | Governance

Stop the process of applying a review decision for an instance of a recurring access review created with autoapply and autoreview settings.

Identity and access | Network access

Use the APIs for Microsoft Entra Internet Access and Microsoft Entra Private Access to enable organizations to consolidate controls and configure unified identity and network access policies. Microsoft Entra Internet Access manages access to Microsoft 365, SaaS, and public internet apps while protecting users, devices, and data against internet threats. Microsoft Entra Private Access manages access to private apps hosted on-premises or in the cloud. The two products comprise Microsoft's Security Service Edge solution. For more information on the APIs, see Secure access to cloud, public, and private apps using Microsoft Graph network access APIs.

Mail

  • Mark an email as junk, adds the sender to the list of blocked senders, and optionally, moves the message to the Junk Email folder.
  • Mark an email as not-junk, removes the sender from the list of blocked senders, and optionally, moves the message to the Inbox.

Reports | Identity and access reports

Security | Alerts and incidents

Sites and lists

Teamwork and communications | Calls and online meetings

Subscribe to change notifications for transcripts of a specific online meeting, or for transcripts of any online meeting in a tenant.

Teamwork and communications | Devices

Listing teamwork devices now includes SIP analog devices provisioned for the tenant. These SIP analog devices are legacy endpoints such as elevator phones, parking lot phones, or factory floor devices, registered with Microsoft Teams through the SIP Gateway.

Users

Associate users or groups as sponsors for a guest user's privileges in the tenant and keep the guest user's information and access updated. You can assign a sponsor, list sponsors, and remove a sponsor.

June 2023: New and generally available

Application

Address an application by a new alternate key, appId. The Microsoft Entra admin center app registration refers to appId as the application (client) ID.

Device and app management | Cloud printing

Device and app management | Corporate management

Intune June updates for the v1.0 version.

Files

Identity and access | Governance

Search | Query

Security | eDiscovery

Initiate an export from a ediscoveryReviewSet, or an export from a ediscoveryReviewSetQuery.

Security | Threat intelligence

GA release of the threat intelligence API for Microsoft Defender Threat Intelligence. The API identifies adversaries and their operations, accelerates detection and remediation, and enhances your security investments and workflows. For more information about the earlier public preview release, see What's new: APIs in Microsoft Graph.

Teamwork and communications | Calls and online meetings

  • Track the freeze duration data of a video stream in a media stream.
  • Check whether the forward error correction (FEC) was used at some point during a session.
  • Represent CPU capabilities and name of the device used by a caller or callee participant endpoint in a call or online meeting.
  • Listing sessions in a call record can now identify those sessions that took place for testing purpose.

Teamwork and communications | Employee learning

Get or specify whether a learning provider can ingest learning course activity records, including learning activity assigned to a user and learning course activity initiated by a user.

Teamwork and communications | Messaging

List all the teams in an organization.

June 2023: New in preview only

Applications

Get or set the authentication behavior of an application, for whether to remove the email claim from tokens sent to the application when the domain of the email address cannot be verified.

Device and app management | Cloud PC

Device and app management | Cloud printing

Get a report of printer usage or archived print job that includes the printer name. Previously the printer is identified by only its printer ID in the report.

Device and app management | Corporate management

Intune June updates for the beta version.

Identity and access | Directory management

  • Manage an administrative unit, device, group, or user that is a member of a restricted management administrative unit by requiring a role scoped to the restricted administrative unit. The calling app must be assigned the Directory.Write.Restricted permission. For delegated scenarios, the administrators must also be explicitly assigned supported roles at the restricted administrative unit scope.
  • Get the last time a password sync request was received for an organization.

Identity and access | Governance

Identity and access | Identity and sign-in

Reports | Identity and access reports

Get the date/time for the last update of a user's registration record for authentication methods, including which methods are registered and which features the user is registered and capable of (such as multi-factor authentication, self-service password reset, and passwordless authentication).

Security | Alerts and incidents

Depending on the type of alert evidence, such as mailbox evidence, process evidence, or user evidence, get the display name of the related user account as part of the rich data about each artifact involved in an alert.

Security | Threat intelligence

List subdomains for a host.

Tasks and plans

Specify or get checklist items as a completion requirement for a Planner task.

Teamwork and communications | Calls and online meetings

Get information about a webinar virtual event on Microsoft Teams, including the following:

Teamwork and communications | Messaging

  • Get summary information about a channel, including the number of guests, members, owners, and an indicator for members from other tenants.

May 2023: New and generally available

External data connections

Identity and access | Directory management

  • As part of managing corporate devices, Intune can now set additional properties on a device used for multi-factor authentication in conditional access policies for an organization: deviceCategory, deviceOwnership, enrollmentProfileName, and registrationDateTime.
  • Get organization details to identify the tenant type of an organization set up as a customer identity & access management (CIAM) solution. A CIAM tenant provides an integrated platform to serve consumers, partners, and citizen scenarios.
  • Define custom security attribute resources to store information, categorize objects, or enforce fine-grained access control over specific Azure resources. For more information on defining and assigning your own custom security attributes, see Overview of custom security attributes.

Identity and access | Identity and sign-in

Reports | Microsoft 365 usage reports

Security | Alerts and incidents

  • Manage an Amazon resource, Azure resource such as a VM, Storage, or KeyVault, or Google Cloud resource such as compute or Kubernetes cluster identifier, as specific types of evidence related to an alert.
  • Support Microsoft Defender for Cloud as a detection source that identifies a notable component or activity, or as a source that creates an alert.

Sites and lists

  • Get or update tenant-wide settings for SharePoint and OneDrive, which include a number of settings such as the following:
    • The idle session sign-out policy settings for SharePoint.
    • Whether legacy authentication protocols are enabled for the tenant.
    • Whether guests must sign in using the same account to which sharing invitations are sent.
  • Get all the sites across georgraphies in an organization.

Teamwork and communications | Calls and online meetings

May 2023: New in preview only

Device and app management | Cloud PC

Education

Get or update from class level assignment settings any grading category to weight assignments differently when computing a class average grade.

Identity and access | Directory management

Identity and access | Governance

Identity and access | Identity and sign-in

Reports | Identity and access reports

Security | Attack simulation and training

Get the following additional data from attack simulation reports:

Tasks and plans

  • Share a plan using a shared-with container that is separate from the original container that the plan belongs to. Users can share a plan with multiple other containers, and specify the maximum access level allowed by each of these containers, such as read, readwrite, or full access.
  • Specify in the details of the context of a plan to surface the plan in Microsoft Project.

Teamwork and communications | Calls and online meetings

List each message history item of a chat message in a Teams chat or channel.

April 2023: New and generally available

Device and app management | Browser management

Administrators can use the Edge API in Microsoft Graph in an app to manage an organization's browser site lists for Internet Explorer (IE) mode that reside in the cloud, much like the way they can do it in the Microsoft 365 admin center. With proper permissions, the app can create a browser site list, add a browser site and shared cookie, and publish the site list for Microsoft Edge to download.

Identity and access | Identity and sign-in

Search | Query

Qualify a search query string with a query template, which supports KQL and query variables.

Teamwork and communications | Calls and online meetings

Specify whether content for an online meeting, such as shared content or video feed, should have watermark protection. To support watermarking content, client applications must implement and apply the watermarking.

Teamwork and communications | Messaging

Subscribe to change notifications in a tenant where a specific Teams app is installed, for the following resources:

April 2023: New in preview only

Device and app management | Cloud PC

Device and app management | Corporate management

Intune April updates for the beta version.

Education

  • Teachers can activate an inactive assignment to signal that the assignment has further action items for teachers or students.
  • Teachers can deactivate and mark an assignment as inactive to signal that the assignment has no further action items for teachers and students.

External data connections

Get or set the relative ranking importance of a property in a schema, to allow Microsoft Search to determine the search relevance of the content.

Identity and access | Directory management

List or get local administrator credential information for all device objects in Azure Active Directory that are enabled with Local Admin Password Solution (LAPS). For more information on LAPS, see Windows Local Administrator Password Solution in Azure AD (preview).

Identity and access | Governance

  • Use the new LifecycleWorkflows.ReadWrite.All delegated or application permission to resume a task-processing result that's in progress.
  • Get the settings for verifiable credentials in an access package assignment policy, that have been set up in the Microsoft Entra Verified ID verification solution. These settings represent the verifiable credentials that a requestor of an access package in this policy can present to be assigned the access package. The types of verifiable credentials that a requestor presents include the type of the credential issued, such as BusinessCardCredential, and list of accepted issuers.

Identity and access | Identity and sign-in

Reports | Azure AD activity reports

List any managed identity used for a sign-in activity, including the identity type and associated Azure Resource Manager (ARM) resource ID.

Reports | Microsoft 365 usage reports

For Microsoft Forms:

Teamwork and communications | Calls and online meetings

Teamwork and communications | Employee learning

Track an activity that is part of a learning course in Viva Learning, for a user and for a learning provider. Differentiate between an activity that's been assigned to the user, and an activity that is initiated by the user.

March 2023: New and generally available

Applications

Specify if an application requires Azure AD to verify signed authentication requests.

Compliance | Records management

Use the Microsoft Purview records management API to help organizations manage the retention and deletion of data to meet legal obligations and compliance regulations.

Identity and access | Directory management

Get newly created, updated, or deleted directory objects without performing a full read of the entire set of Active Directory objects in an organization.

Identity and access | Identity and sign-in

Teamwork and communications | Calls and online meetings

When getting a call record, you can get up to 60 sessions for that call record on the same page.

Teamwork and communications | Messaging

To export Teams content, you can list teams that have been deleted, and get 1:1 chats, group chats, meeting chats, and channel messages of a deleted team. For more information, see Export content with the Microsoft Teams export APIs.

Users

Use the last interactive and non-interactive sign-in date/time values of users' signInActivity to manage inactive accounts.

March 2023: New in preview only

Device and app management | Cloud PC

  • Getting launch information about a signed-in user's connecting to a Cloud PC now includes whether the Cloud PC supports switch functionality, and reason if it doesn't, such as not meeting requirements for the version of the operating system, CPU, or RAM.
  • Include provisioning type (dedicated or shared) and management service type (for example, Windows 365, Power Automate) as criteria for a Windows 365 service plan.

Device and app management | Corporate management

Intune March updates for the beta version.

Files

When sharing an item on OneDrive for Business with other users, include the option to notify those users by email.

Identity and access | Governance

Identity and access | Identity and sign-in

Industry data ETL

Debut of the industry data API, which is a multi-vertical, cross-industry, ETL (Extract-Transform-Load) platform. Use the API to combine data from multiple sources into a single Azure Data Lake data store, normalize the data, and export it in outbound flows. Use it to assist with monitoring and troubleshooting. Get statistics after the data is processed.

Reports | Azure AD activity reports

Reports | Microsoft 365 usage reports

Get counts for different types of teams in an instance of Microsoft Teams, such as public teams, active public teams, private teams, and active private teams.

Security | eDiscovery

Get the metadata of an eDiscovery export file, such as the download URL, file name and size.

Security | Threat intelligence

Debut of the threat intelligence API for Microsoft Defender Threat Intelligence. The API identifies adversaries and their operations, accelerates detection and remediation, and enhances your security investments and workflows. For more information about the debut, see What's new: APIs in Microsoft Graph.

Sites and lists

When sharing an item on SharePoint with other users, include the option to notify those users by email.

Tasks and plans

Use the following delta functions of the corresponding type of Planner resources to get the newly created, updated, or deleted resources without having to perform a full read of the entire resource collection:

  • Delta function for Planner plans in either a group or a Planner roster.
  • Delta function for Planner buckets in a Planner plan.
  • Delta function for Planner tasks in either a Planner plan or assigned to the signed-in user.

February 2023: New and generally available

Identity and access | Directory management

Identity and access | Governance

As part of a policy for access package assignment, you can specify or get the required regex pattern for a requestor to answer an access package question.

Identity and access | Identity and sign-in

Specify in a cross-tenant access policy to enable B2B collaboration across Azure clouds, for example, between tenants in Azure Commercial and Azure Government clouds, and between Azure Commercial and Azure China clouds.

Search | Query

Use application permissions and search all shared or private content on SharePoint sites that belong to the app owner in a specified region.

Security | Attack simulation and training

Teamwork and communications | Calls and online meetings

Support a user to participate in an online meeting in the role of a coorganizer.

Teamwork and communications | Messaging

Support an Azure Communication Services user to participate in a team, channel, or chat.

To-do tasks

Use a single POST operation to attach a file up to 3MB to a to-do task, or create an upload session to iteratively upload portions of a file up to 25 MB total size to attach it to a task.

February 2023: New in preview only

Applications | Synchronization

When calling the synchronization API, take advantage of more granular permissions designed for reading or writing synchronization data, by using the new permission, Synchronization.Read.All, instead of the higher privileged permission, Directory.Read.All, and Synchronization.ReadWrite.All instead of Directory.Read.All.

Calendar

Request a lower privileged delegated or application permission, Calendar.ReadBasic or Calendars.ReadBasic.All, for most read operations for events in calendars, with or without a signed-in user present. These permissions allow an app to read events of all calendars, except for properties such as body, attachments, and extensions. For the exact list of operations that support these permissions, see the February updates for Calendar.

Device and app management | Cloud PC

  • Enable or disable single sign-on as part of a Cloud PC provisioning policy and of the tenant-wide organization settings for Cloud PC. When single sign-on is enabled, Windows 365 users can use single sign-on to authenticate to Azure Active Directory (Azure AD) with passwordless options (for example, FIDO keys) to access their Cloud PCs.
  • Organizations with frontline workers can provision Cloud PCs as a shared type and subscribe to a shared-use service plan for Cloud PCs.
  • Allow a customer to select from a list of supported region groups when provisioning a Cloud PC, so to put that Cloud PC in one of the regions belonging to that group based on resource status.

Device and app management | Device updates

Use the Windows Update for Business deployment service to manage Windows 11 feature updates and driver updates. When enrolled devices are scanned for updates, the deployment service identifies applicable, better drivers for each device. The service collects such driver information in a catalog for approval, and schedules approved catalog content for deployment.

Identity and access | Directory management

Debut of pronouns support for organizations - use pronouns settings to programmatically manage the support of pronouns in an organization. Find out about how administrators can enable or disable pronouns in the Microsoft 365 admin center, and the availability timeline for pronouns on profile cards on the Microsoft 365 roadmap.

Reports | Identity and access reports

Use the recommendation resource as personalized and actionable insights to implement Azure Active Directory best practices. Recommendations help to ensure your tenant is in a secure and healthy state and maximize the value of the features available in Azure AD. For more information about how recommendations work in Azure AD for administrators, see What are Azure Active Directory recommendations.

Identity and access | Governance

List the users who are in the scope of the execution conditions of a workflow.

Security | Attack simulation and training

  • Create or delete an attack simulation campaign for a tenant. Prior to this update, apps can only get information about an existing simulation campaign.
  • Get information about an attack simulation training. Get further details such as the content and coachmarks.

Teamwork and communications | Calls and online meetings

Identify the reasons for shared content or video from an online meeting participant being restricted.

Teamwork and communications | Messaging

Support an Azure Communication Services user to participate in a team, channel, or chat.

January 2023: New and generally available

Device and app management | Corporate management

Intune January updates for the v1.0 version.

Identity and access | Directory management

Get the country code that represents the default service usage location of an organization.

Security | Attack simulation and training

Tasks and plans

Use application permissions for read and write operations of Planner resources.

Teamwork and communications | Calls and online meetings

Specify settings that include a meeting ID, and whether attendees require a passcode to join the online meeting.

Teamwork and communications | Messaging

January 2023: New in preview only

Device and app management | Cloud PCs

Device and app management | Cloud printing

Get or set a display name for a print job.

Identity and access | Governance

Update a task for lifecycle workflows.

Identity and access | Identity and sign-in

  • Use a cross-tenant identity sync policy to synchronize users from a partner tenant. The policy streamlines collaboration between users in a multi-tenant organization, by automating creating, updating, and deleting users from one tenant to another.
  • Get the cross-tenant access default settings for automatic user consent from an inbound/outbound policy configuration.

Security | Attack simulation and training

  • Create or delete an attack simulation campaign for a tenant. Prior to this update, apps can only get information about an existing simulation campaign.
  • Get information about an attack simulation training. Get further details such as the content and coachmarks.

Tasks and plans | Business scenarios

Debut of the business scenarios API which allows developer customers to configure plans and tasks, and to bring custom scenario data in entities for their Planner-specific scenarios.

December 2022: New and generally available

Applications

Address a service principal by a new alternate key, appId.

Identity and access | Directory management

  • Address an device by a new alternate key, deviceId.
  • Address an directoryRole by a new alternate key, roleTemplateId.

Identity and access | Identity and sign-in

Identify at-risk service principals in an organization with Azure AD, which continually detects and evaluates risks based on various signals and machine learning. You can confirm if an at-risk service principal is indeed compromised, upon which Microsoft would disable that service principal object. You can dismiss the risk of an at-risk service principal. And, you can list the risk history of a service principal.

December 2022: New in preview only

Device and app management | Corporate management

Intune December updates for the beta version.

Identity and access | Directory management

People and workplace intelligence | Item insights

A user whose item insights have been disabled can still see the file-based activities of other users with item insights enabled. Previous to this update, that user with item insights disabled would not see anybody's trending content. Learn more about an organization's insights-based experience after disabling a user's item insights.

Reports | Azure AD activity reports

Get additional details about user or application sign-in activity logs:

Sites and lists

Tasks and plans

Use an external source to relate a bucket, task, or plan to a user experience outside of Planner. Surface and sync the bucket, task, or plan in that experience, and track work in the context of that experience. See more information in external bucket source, external task source, and external plan source.

Use SDKs

Try the new Microsoft Graph Python SDK (preview) and take advantage of the following improvements:

  • A new authentication provider that automatically refreshes access tokens.
  • A built-in retry handler that understands response status codes.
  • A fluent request building pattern to improve efficiency and discoverability.
  • Type annotations, both synchronous and asynchronous experiences and HTTP2 support.

Note: The Microsoft Graph Python SDK is currently in public preview. Don't use this SDK in production environments. For details see SDKs in preview or GA status.

To get started, see:

November 2022: New and generally available

Education

Identity and access | Directory management

Search

  • Use the delegated permission Acronym.Read.All to query and read all acronyms on behalf of a signed-in user.
  • Use the delegated permission Bookmark.Read.All to query and read all bookmarks on behalf of a signed-in user.
  • Use the delegated permission Chat.Read to query and read a signed-in user's 1:1 or group chat messages, on behalf of the signed-in user.
  • Use the delegated permission ChannelMessage.Read.All to query and read all messages in a Teams channel on behalf of a signed-in user.

Security | eDiscovery

Delete Microsoft Teams messages contained in a eDiscovery search. Specify the purge type to be soft or hard delete, and the scope of the purge action.

Teamwork and communications | Messaging

  • Only the tenant admin of the sender of a chat message can update and override a policy violation on the message. Usually, a data loss prevention (DLP) application takes action when a sender violates policy and sends data they should not send.
  • Send activity feed notifications to a user, to a user in a chat, or to a user in a team, based on the supported types of activities declared in the corresponding app manifest.

November 2022: New in preview only

Applications

Devices and apps | Browser management

Administrators can use the Edge API in Microsoft Graph in an app to manage an organization's browser site lists for Internet Explorer (IE) mode that reside in the cloud, much like the way they can do it in the Microsoft 365 admin center. With proper permissions, the app can create a browser site list, add a browser site and shared cookie, and publish the site list for Microsoft Edge to download.

External data connections

Specify in a schema property definition for a connection whether to match the property exactly for queries.

Identity and access | Directory management

Use the assignedPrincipals method to get the list of security principals (users, groups, and service principals) that are assigned to a specific role for different scopes either directly or transitively.

Search | Query

Specify in a search request one or more criteria to collapse search results.

Teamwork and communications | Messaging

List the message history items of a chat message in a Teams chat or channel.

October 2022: New and generally available

Devices and apps | Corporate management

Intune October updates for v1.0.

Education

Identity and access | Governance

Manage access package or group resources that are incompatible with one another.

Identity and access | Identity and sign-in

Reports | Microsoft 365 usage reports

Get reports for Microsoft 365 app usage, including the usage of Microsoft 365 apps by user, the number of daily unique active users by app, and the number of daily unique active users across all apps by platform (Windows, Mac, web, and mobile).

Teamwork and communications | Calls and online meetings

When inviting a participant to a call, you can specify whether to hide the participant from the roster or remove the participant from the main mixer.

Teamwork and communications | Messaging

October 2022: New in preview only

Device and app management | Cloud PCs

  • Use an alert rule with prefered notification channels, like email and Microsoft Endpoint Manager admin center notification, to monitor and receive alerts when conditions set in alert rules are met. Currently issues with Cloud PCs such as provisioning or checking on-premise network connections can trigger alerts.
  • For customers accessing their Cloud PCs in the US Government Community Cloud (GCC), administrators can set up a mapping between the the Azure Active Directory in the public cloud and GCC. Use the mapping to update the security and compliance requirements for the FedRAMP certification and onboarding to GCC.
  • Get real-time or aggregated reports about Cloud PC remote connection. You can also download a report by an export job, where you can specify a filter, columns, and format.

Device and app management | Cloud printing

Get a list of printer share resources recently used by the signed-in user.

Devices and apps | Corporate management

Intune October updates for the beta version.

Devices and apps | Multi-tenant management

  • Support a status of granular delegated admin privileges (GDAP) or delegated and granular delegated admin privileges relationship between a managing entity and a managed tenant.

Identity and access | Governance

Identity and access | Identity and sign-in

Personal contact | Org control for contact insights

Administrators can configure tenant-level privacy control as organization settings for displaying or returning contact insights in an organization. An example of contact insights is whether to identify duplicate contacts among a user's contacts list and suggest the user to merge those contacts to have a cleaner contacts list.

Search | Query

Security | Advanced hunting

Query event, activity, or entity data in Microsoft 365 Defender to proactively look for specific threats in your environment. This advanced hunting feature enables unconstrained hunting for both known and potential threats.

Security | Alerts and incidents

Create a comment for an existing alert or incident.

Tasks and plans

Get or update rich text description of a Planner task intended for HTML-aware clients.

Teamwork and communications | Messaging

September 2022: New and generally available

Devices and apps | Corporate management

Intune September updates for the v1.0 version.

Identity and access | Directory management

Add a group as a member of an administrative unit.

Identity and access | Identity and sign-in

Identify the risk state in a risky user or sign-in event as safe or compromised because an Microsoft 365 Defender administrator dismissed risk detection.

Security | Attack simulation and training

GA of the API for attack simulation and training, which is a service available as part of Microsoft Defender for Office 365. The API enables tenant administrators to list launched simulation exercises and trainings, and get reports on derived insights into online behaviors of users in the phishing simulations.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Messaging

Get the details of pinning or unpinning a chatMessage in a chat.

Use the API | Batching

For apps that make multiple requests on Outlook resources in the same mailbox, you can now further optimize app performance by using JSON batching to combine more than 4 such requests in one HTTP call. The previous limit on batching up to 4 requests on the same mailbox has been removed.

September 2022: New in preview only

Devices and apps | Corporate management

Intune September updates for the beta version.

Files

Assign a sensitivity label to a file in OneDrive or SharePoint.

Identity and access | Governance

As part of a policy for access package assignment, you can specify or get the required regex pattern for a requestor to answer an access package question.

Identity and access | Identity and sign-in

  • Identify the risk state in a risky user or sign-in event as safe or compromised based on one of the following reasons:
    • An administrator has dismissed all risks for the service principal.
    • An administrator confirmed the service principal has been compromised.
  • Allow internal guests or external users to be among the types of conditional access users that can be included or excluded in the scope of a conditional access policy.

Teamwork and communications

  • Subscribe to change notifications in a tenant where a specific Teams app is installed, for the following resources:
  • Use the following least privileged application permission necessary for a subscription for chats, chat messages, or chat members as listed in the preceding scenarios:
    • Chat.ReadBasic.WhereInstalled
    • Chat.Read.WhereInstalled
    • Chat.ReadWrite.WhereInstalled
    • ChatMember.Read.WhereInstalled
    • ChatMember.ReadWrite.WhereInstalled

Users

  • Get or set the date for an employee leaving an organization as part of the user resource.
  • Use the authorization info resource to bind IDs of smart card certificates of an Azure AD user for identification and authentication to non-Azure AD environments, such as on-premises Active Directory deployments or federated environments.
  • List the apps to which a user has an app role assignment either directly or through group membership.

August 2022: New and generally available

Applications

Use federated identity credentials to manage an application's credentials and allow an organization's cloud applications to access Azure AD without using secrets and certificates.

Devices and apps | Corporate management

Intune August updates for the v1.0 version.

Identity and access | Governance

Manage a policy that assigns an access package to a subject automatically, as opposed to assigning on the subject's request.

Identity and access | Identity and sign-in

Sites and lists

Manage the version history of a document set in SharePoint, allowing apps to capture the document set (folder) and its contents (documents) at a point in time.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Messaging

  • Limit a chat title to a maximum of 255 characters and characters that are not the colon.
  • List the chats of a specific user who may not be signed in or is different from the signed-in user, using application permissions.
  • List and sort chats starting with the most recent ones.

August 2022: New in preview only

Applications

Calendar | Places

Get or update a workspace in a tenant.

Devices and apps | Cloud PC

Restore a Cloud PC to a prior state.

Devices and apps | Corporate management

Intune August updates for the beta version.

Files

Get or update tenant-wide settings for SharePoint and OneDrive:

  • The idle session sign-out policy settings for SharePoint.
  • Whether legacy authentication protocols are enabled for the tenant.
  • Whether guests must sign in using the same account to which sharing invitations are sent.

Identity and access | Governance

  • Configure group peer outlier insights that help reviewers make decisions for an access review schedule definition based on the access that the user's peers have.

  • Create, activate, and maintain Azure AD lifecycle workflows to manage Azure AD users by automating lifecycle processes, including the following:

    • When a user comes into scope of needing access, such as joining an organization.
    • When a user moves between boundaries within an organization, such that the move requires more access.
    • When a user leaves the scope of needing access, such as leaving or retiring from an organization.

    Use lifecycle workflow reporting to get insight into how lifecycle workflows are processed.

Identity and access | Identity and sign-in

Use Microsoft authenticator authentication method configuration as an authentication methods policy to configure and allow users to use specific authentication methods, such as number matching and location context, and whether to enable the methods for all users or specific users.

Mail

Track and get specifically only created, updated, or deleted messages in a delta request.

Reports | Identity and access reports

Get more details about authentication registration by users in a tenant - whether a user is a member or guest, and whether the user has an admininstrator role in the tenant.

Security | Alerts and incidents

Use the latest generation of alerts and incidents that aggregate alert data from security providers integrated with Microsoft 365 Defender, correlate clues and evidence to provide a richer, broader context of an attack. These alert and incident resources offer consistent actionability across the different providers, making it easy for analysts to collectively investigate and respond to threats.

Teamwork and communications | Calls and online meetings

Get a specific transcript or all the transcripts of an online meeting.

Teamwork and communications | Messaging

List and sort chats in descending order.

July 2022: New and generally available

Customer booking

Get the availability of specified staff members in a business.

Devices and apps | Corporate management

Intune July updates for the v1.0 version.

Identity and access | Directory management

  • Restore a deleted directory object within 30 days of deletion. The directory object can be an application, group, service principal, or user.
  • Permanently delete a directory object as listed above.

Identity and access | Governance

  • Reprocess an access package assignment request to automatically retry a user's request for access to the package.
  • Reprocess an access package assignment to automatically re-evaluate and enforce a user's assignments to groups, applications, and SharePoint Online sites for internal users as well as users outside your organization
  • Get an access package assignment to help manage access to groups, applications, and SharePoint Online sites for users internal to or outside of an organization.
  • Configure settings for each stage in a multi-stage access review. In addition to get or update an access review stage, you can do the following:
    • Stop reviewers from giving more input to a stage and proceed to the next stage if applicable.
    • Filter and get all the stages on an access review instance for which the calling user is a reviewer
    • List decisions from a multi-stage access review.

Teamwork

July 2022: New in preview only

Cloud communications | Call

Cloud communications | Online meeting

  • Create an online meeting that requires a passcode.
  • Specify settings that include a meeting ID, and whether attendees require a passcode to join the online meeting.
  • Create and manage a virtual appointment between a service provider and their customer. This release is a programmatic debut that enables providers such as financial professionals, design consultants, or health care clinicians to consume online workflows and to meet with their customers remotely over video meetings. Find out more information about the end user experience with virtual appointments on Microsoft Teams.

Devices and apps | Cloud PC

Create, get, or update settings for an external partner of Cloud PC, such as the partner status, and enabling or disabling the connection.

Devices and apps | Corporate management

Intune July updates for the beta version.

Identity and access | Directory management

Reports | Microsoft 365 usage reports

Get or update tenant-wide settings to hide or show identifiable information for users, groups, or sites in Microsoft 365 usage reports.

Security | Threat submission

Create or get a submission of an email, email file attachment, or URL at the the Microsoft 365 Defender portal (https://security.microsoft.com) to confirm if the item is malicious or safe, or has been allowed or blocked by tenant policies that have overridden Microsoft Defender for Office 365.

Teamwork

Teamwork | Employee learning

Debut of the employee learning API that enables apps to make content from a Learning Management System (LMS) or learning provider available in Viva Learning. In Viva Learning, employees and teams can discover, share, recommend, and learn from content libraries provided by both their organization and partners. Because Viva Learning is a centralized learning hub in Microsoft Teams, this makes it easier for employees to prioritize their growth and integrate learning and building skills into their workday.

To-do tasks

  • Use a single POST operation to attach a file up to 3MB to a to-do task, or create an upload session to iteratively upload portions of a file up to 25 MB total size to attach it to a task.
  • Get or set a date and time in a specific time zone for a to-do task to begin.

Use SDKs

Try the new Microsoft Graph PHP SDK 2.0.0-RC5 and take advantage of the following improvements:

  • A new authentication provider that automatically refreshes access tokens.
  • A built-in retry handler that understands response status codes.
  • A fluent request building pattern to improve efficiency and discoverability.

To get started, see:

Users

Get the security identifier (SID) of a user in Windows scenarios.

June 2022: New and generally available

Cloud communications | Call records

Get information about the audio codec, video codec, network transport protocol, and trace route hops for a media stream when getting a call record and expanding each segment of a session.

Identity and access | Directory management

Identity and access | Identity and sign-in

Reports | Microsoft 365 usage reports

Find new columns in Teams reports generated by the following methods:

Teamwork

Subscribe to change notifications for the following in Teams:

June 2022: New in preview only

Applications

Specify linked objects that can be provisioned during on-demand provisioning, including principals like manager, members, and owners.

Compliance | eDiscovery

Access the eDiscovery API from the security namespace going forward, instead of the compliance namespace.

Compliance | Records management

Use the debut Microsoft Purview records management API to help organizations manage the retention and deletion of data to meet legal obligations and compliance regulations.

Customer booking

  • Manage the language of the self-serve booking page of a business or a service provided by the business.
  • Specify in the customer's information whether SMS notifications are enabled for an appointment of the customer's.
  • Specify whether anonymous join is enabled for a service, and whether to generate an anonymous join Web URL for an appointment for the service.
  • Differentiate the role of a staff member as a scheduler or a member.
  • Specify whether to notify a staff member by email when a booking is assigned or updated for the member.

Device and app management | Cloud PC

Get the following information for a Cloud PC provisioning policy:

  • The name of the group that Cloud PCs reside in.
  • The number of hours to wait before reprovisioning/deprovisioning happens.
  • Whether local admin (such as the end user of the Cloud PC) is enabled.
  • The service that manages the Azure network connection, which currently is Windows 365 or Microsoft Dev Box.

Device and app management | Multi-tenant management

Get the collection of roles assigned to a user signed in to a managed tenant.

Education

Groups

Specify if a group is configured to write back group object properties to on-premise Active Directory.

Identity and access | Directory management

  • Promote a verified subdomain to the root domain.
  • Get the URL to the SAML metadata for federation of a single-tenant application.

Identity and access | Identity and sign-in

Hide self-service password reset (SSPR) links in the login page text visibility settings for a tenant's sign-in page.

Teamwork

May 2022: New and generally available

Education

Identity and access | Directory management

An application registered in Azure Active Directory (Azure AD) can specify application or service contact information from a Service or Asset Management database.

Identity and access | Identity and sign-in

Allow an Azure Active Directory (Azure AD) tenant to set up federation with another organization whose identity provider (IdP) supports either the SAML or WS-Fed protocol. This enables the Azure AD tenant to allow guest users to access its resources.

Search

You can specify up to 1000 search results per page for a search request.

Sites and lists

  • Get a collection of content type resources from the content type hub that are compatible by using the getCompatibleHubContentTypes action.
  • Add or synchronize a content type from the content type hub to a site or list, by using the addCopyFromContentTypeHub action. This makes a content type or its update available to a specific site or list where it is needed. This is an improvement from the legacy sync infrastructure which pushes the content type to all sites across an organization, reducing wait times for the publishing to propagate.
  • Get one or more rich, long-running operations occurring on a site or list, which can happen when adding a content type synchronously.

Tasks and plans

  • Get or update category descriptions as part of the details of a plan.
  • Instead of the owner property of a plan, use the type property of a plan container to specify authorization rules and the lifetime of a plan.
  • Get the priority of a task.

Teamwork

Get messages on a channel and include any replies to the message.

To-do tasks

  • Break down a complex to-do task into more actionable, smaller tasks each as a checklist item.
  • Label a to-do task with a category that is defined by the user to group Outlook contacts, events, messages, group posts, and to-do tasks.

May 2022: New in preview only

Application

When configuring Azure AD Application Proxy for on-premises applications for secure remote access, use the isStateSessionEnabled property in the onPremisesPublishing resource to specify whether to validate the state parameter if the application uses the OAuth 2.0 authorization code grant flow. Setting this property helps administrators to protect the app from cross-site request forgery (CSRF).

Compliance | Subject rights requests

Device and app management | Cloud PC

Device and app management | Multi-tenant management

Get the number of monthly active users for each service in a managed tenant.

Education

Use a Teams app resource that corresponds to an installed Microsoft Teams app, to allow education service users to create and share assignments with embedded Teams applications, such as YouTube or FlipGrid.

External data connections

Get the quota information for a connection. This information includes the number of items you can ingest into the connection, taking into account items remaining in the connection and the tenant-level remaining quota for all its connections.

Identity and access | Directory management

Activating a service for an organization and for a user are deprecated, and will stop returning data on June 30, 2022.

Identity and access | Identity and sign-in

As part of the default user role of an authorization policy, specify whether the registered owner of a device can read their own BitLocker recovery keys.

Reports | Identity and access reports

Get a usage report for a user's registered authentication methods that includes the default method for multi-factor authentication.

Sites and lists

Track changes for SharePoint list item resources.

Teamwork

To-do tasks

As of May 31, 2022 the to-do API set that is built on baseTask is deprecated. That API set will stop returning data on August 31, 2022. Use the to-do API set built on todoTask instead.

April 2022: New and generally available

External data connections

  • Use the application permissions ExternalConnection.Read.All and ExternalConnection.ReadWrite.All to read or write all external connections without a signed-in user present.
  • Use the application permission ExternalItem.Read.All to read all external items without a signed-in user present.
  • Use the delegated permission ExternalConnection.ReadWrite.OwnedBy to read and write external connections on behalf of a signed-in user, that your app is authorized to.
  • Use the delegated permission ExternalConnection.Read.All or ExternalConnection.ReadWrite.All to read or write all external connections on behalf a signed-in user.
  • Use the delegated permission ExternalItem.ReadWrite.OwnedBy to read and write external items on behalf of a signed-in use, that your app is authorized to.
  • Use the delegated permission ExternalItem.Read.All or ExternalItem.ReadWrite.All to read or write all external items on behalf of a signed-in user.

Identity and access | Governance

Use Privileged Identity Management (PIM) in production apps to manage, control, and monitor access to important resources in your organization. The access is enabled through privileged roles and role-based access control (RBAC) and can be granted to users, groups, or service principals. The resources can be in Azure AD, Azure, and other Microsoft cloud services such as Microsoft 365 or Microsoft Intune.

April 2022: New in preview only

Customer bookings

Device and app management | Cloud PC

Identity and access | Directory management

Configure federation settings to federate domains with Azure Active Directory.

Identity and access | Governance

Get assignments for which the corresponding user has an incompatible access packages.

Reports | Identity and access reports

Confirm an event is high-risk and compromised or is safe by marking the event in the corresponding Azure Active Directory sign-in logs.

Reports | Microsoft 365 usage reports

Teamwork

Share a channel with one or more teams:

March 2022: New and generally available

Files

Use a bundle resource to share multiple files at once, much like other driveItem resources. You can apply CRUD operations on a bundle, and add an item to or remove an item from a bundle.

Identity and access | Directory management

Use resource-specific permission to authorize a Teams app direct access to the data of a specific instance of a chat or team. For example, the resource-specific permission ChannelMessage.Read.Group allows a Teams app to read the channel messages of a single team.

Identity and access | Governance

Identity and access | Identity and sign-in

Specify the inclusion or exclusion of client applications as among a set of conditions to apply a conditional access policy.

Use the toolkit

Celebrate real teamwork with community contributions and try new features in Microsoft Graph Toolkit v2.4.0:

  • Optimize refreshing of people's images in the person component by using the disable-image-fetch attribute to control unnecessary fetching.
  • Avoid unncessary loading of people's images in the people picker component by using the disable-images attribute.
  • Filter for available users, groups, and list of people in the people picker component by using the user-filters, group-filters, and people-filters attributes.

March 2022: New in preview only

Cloud communications | Online meeting

Specify one or more meeting participants as co-organizer.

Compliance | eDiscovery

Purge data and permanently delete Microsoft Teams messages from an eDiscovery source collection.

Device and app management | Cloud PC

Device and app management | Corporate management

  • Intune March updates for the beta version.

Device and app management | Multi-tenant management

List and get audit events for managed tenants in Microsoft 365 Lighthouse.

Identity and access | Directory management

  • List or update settings that specify access from Microsoft applications to Microsoft 365 data belonging to users in an organization. For example, given the proper authorization, whether only Microsoft 365 apps (such as Word and Excel) can access users' Microsoft 365 data, or whether other Microsoft apps (such as Windows) can access the data as well. By default, all users in an organization can access in a Microsoft app any Microsoft 365 data that the user has been authorized to access.
  • Following the Zero Trust cybersecurity model, Microsoft partners can use granular delegated admin privileges (GDAP) to carry out administrative tasks with least-privileged access to their customer tenants, to avoid potential security exposures. Instead of requesting Global Administrator role as in the past, partners request specific roles for customer tenant administration for a definite amount of time, and their customers must explicitly grant the least-privileged access to them.

Security | Attack simulation and training

Search

  • Specify in a search request whether to trim away the duplicate SharePoint files from search results. The default is false.
  • Qualify a search query string with a template, which supports KQL and query variables.

Sites and lists

  • For a column that contains taxonomy data, specify the parent term and term set for which the child terms can be selected as column values.
  • Get the settings for a site, including its language and time zone.

Tasks and plans

Identify if a Planner plan intended for experiences outside of Planner (such as Microsoft Teams) can track work in that context, by checking the details relationship of the corresponding plannerPlan resource.

Teamwork

February 2022: New and generally available

Teamwork

Get details about an online meeting that is associated with a chat through the onlineMeetingInfo property.

February 2022: New in preview only

Applications

  • Use a new policy option for application authentication methods to restrict a custom password secret on an application or service principal.
  • Specify settings for apps running Windows and published in the Microsoft Store or Xbox games store.

Change notifications

Subscribe to changes of Outlook contacts, events, or messages to receive notifications that include resource data in the payload. For more information, see Change notifications for Outlook resources in Microsoft Graph.

Device and app management | Cloud PC

  • Define restore point settings, which include the frequency to create a restore point, and whether users can restore their own Cloud PC based on a restore point backup.
  • Restore a Cloud PC based on a previous snapshot.
  • Restore multiple Cloud PCs in a single request by specifying their managed device IDs and a date/time range (e.g., before, after) of a restore point.

Identity and access | Directory management

Use application permissions CustomSecAttributeAssignment.Read.All to read custom security attribute definitions for an organization without a signed-in user.

Identity and access | Governance

Identity and access | Identity and sign-in

  • Use a number of new properties to configure an organization's branding. For example, a banner version of a company logo for the sign-in page, a custom favicon with a CDN-based URL, and a few other custom properties for users to manage accounts.
  • Include or exclude Linux as one of the platform conditions in a conditional access policy.
  • Identify at-risk service principals in an organization with Azure AD, which continually detects and evaluates risks based on various signals and machine learning. You can confirm if an at-risk service principal is indeed compromised, upon which Microsoft would disable that service principal object. You can dismiss the risk of an at-risk service principal. And, you can list the risk history of a service principal.
  • Use cross-tenant access settings to control and manage collaboration between users in your organization and other organizations. They are granular to let you determine the users, groups, and apps, both in your organization and in external organizations, that can participate in Azure AD B2B collaboration and Azure AD B2B direct connect.
  • Enable or disable users and groups in an organization to use the Azure AD native Certificate-Based Authentication (CBA).

Search

Set up acronym, bookmark, and QnA resources as administrative search answers for users in an organization.

January 2022: New and generally available

Devices and apps | Service health and communications

Get a service announcement attachment added to a service update message.

Identity and access | Governance

Identity and access | Identity and sign-in

Enforce a session control (by setting the disableResilienceDefaults property) to determine whether Azure AD should extend existing sessions based on information collected prior to an outage.

Teamwork

Create a chat using application permissions.

January 2022: New in preview only

Compliance | eDiscovery

Get the URL of a custodian's OneDrive for Business site (siteWebUrl property of userSource.

Devices and apps | Cloud PC

Identity and access | Governance

Reports | Identity and access reports

  • Get details of the authentication methods registered for a user, such as multi-factor authentication, self-service password reset, and passwordless authentication.
  • Get the following properties for a sign-in event of a user or application in an organization:
    • Any conditional access authentication context.
    • Any conditional access session lifetime policy.
    • The ID of an Azure resource accessed during sign-in.
    • The identifier of an application's federated identity credential if that was used to sign in.
    • The identifier of the service principal representing the target resource in the sign-in event.

Reports | Microsoft 365 usage reports

Get usage reports for Outlook, OneDrive, and SharePoint for Microsoft Cloud for US Government. See summary for cloud deployments.

Sites and lists

  • Add or synchronize a content type from the content type hub to a site or list, by using the addCopyFromContentTypeHub action. This makes a content type or its update available to a specific site or list where it is needed. This is an improvement from the legacy sync infrastructure which pushes the content type to all sites across an organization, reducing wait times for the publishing to propagate.
  • Get one or more rich, long-running operations occurring on a site or list, which can happen when adding a content type synchronously.
  • Get a collection of content type resources from the content type hub that are compatible by using the getCompatibleHubContentTypes action.

Teamwork

December 2021: New and generally available

Cloud communications | Presence

Subscribe to notifications of changes in a specified user's presence status. Always specify an encryption certificate in the subscription request as these are rich notifications that include encrypted resource data.

Compliance | Subject rights requests

As part of privacy management in Microsoft 365, the subject rights requests API debuts in both v1 and beta endpoints of Microsoft Graph. The API lets users make requests to review or manage their personal data in their organizations. It also lets organizations automate and scale managing these requests, helping them to meet industry regulations more efficiently.

Customer booking

Use the API for Microsoft Bookings in production apps, and take advantage of the following new features and updates:

  • Notify your customers in the US or Canada by SMS for an appointment or specific service associated with an appointment.
  • Enable meeting online for a service and auto-generate a Microsoft Teams meeting link for the appointment.
  • Allow one or more customers in a group appointment, setting a maximum attendee count for a service and for an appointment, and tracking the actual attendee count in an appointment.
  • Create a custom question for a business, associate a question with an option to specify it as mandatory for a service, and track questions and answers in an appointment.
  • Get or set the time zone for a customer in an appointment or staff member.
  • Get or set the location and phone number for a customer.
  • Access the v1 API from the new endpoint https://graph.microsoft.com/v1.0/solutions/. Note that the beta API remains in the https://graph.microsoft.com/beta endpoint.

Education

Identity and access | Governance

Update the reviewers and fall-back reviewers for an instance of an access review.

Teamwork

  • Identify a chat in Microsoft Teams by its web URL (via the webUrl property).
  • Get details of an event that happened in a chat, channel or team by accessing eventMessageDetail from a chatMessage or chat. For example, members added to a channel or chat, and team description updated.

December 2021: New in preview only

Cloud communications | Online meetings

Enable registration for an online meeting using an external registration system.

Cloud communications | Presence

Devices and apps | Cloud PC

Education

External data connections

Use the update operation to update properties for items in a connection schema, including their aliases and labels.

Identity and access | Directory management

Teamwork

  • List all teams in an organization.

To-do tasks

  • To anticipate being able to manage in a single place all the tasks from multiple sources (such as Outlook messages, Teams chats, OneDrive documents):
    • Use the latest To Do API and access it from the new endpoint https://graph.microsoft.com/beta/me/tasks/.
    • Use the segment allTasks to get all the tasks for a user: https://graph.microsoft.com/beta/me/tasks/alltasks.
    • Differentiate between a built-in task list (such as Flagged Email or Tasks) and a user-defined task list. A built-in task list is represented by the wellKnownTaskList resource, and a user-defined task list is represented by the taskList resource.
    • Differentiate between the currently defined type of tasks, task, from a base type baseTask.
  • Break down a more complex task into smaller, more actionable subtasks. Each subtask is represented by a checklistItem resource.
  • Move a task across lists.
  • Refer to this blog post for more details and migrate any existing apps that use the earlier To Do API to the latest To Do API.

November 2021: New and generally available

Files

Get the state of a drive as of a specific time by specifying the corresponding URL-encoded timestamp. See an example.

Identity and access | Identity and sign-in

November 2021: New in preview only

Cloud communications | Online meeting

Automatically admit new types of participants in an online meeting and bypass the meeting lobby:

  • Only people the organizer invites.
  • Only the participants from the same company.

Devices and apps | Cloud PC

  • Define a configuration of how a provisioned Cloud PC device can join Azure Active Directory (Azure AD): either cloud-only and join only to Azure AD, or hybrid and join on-premises Active Directory and Azure AD.
  • Get the gallery image resource of the current organization which can be used to provision a Cloud PC.

Devices and apps | Device updates

  • Use safeguard settings to opt-out of safeguards against likely issues in a deployment.
  • Support for a deployment state where a deployment is faulted due to the content no longer being deployable, for example, at the end of service.

Identity and access | Directory management

Reports | Microsoft 365 usage reports

Microsoft 365 usage reports in JSON output type are no longer strongly typed and are of the type Edm.Stream. For more information, see OData property changes to Microsoft 365 usage reports API in Microsoft Graph.

Teamwork

Mark a chat as read, or unread for a user.

October 2021: New and generally available

Cloud communications | Calls

  • Transfer an active peer-to-peer call.
  • Transfer a group call to a specified participant (transferee).

Cloud communications | Online meetings

Support multiple toll and toll-free numbers for dial-in phone access (audio conferencing) of an online meeting.

Education

Support a media file or some other external generic resource as an assignment resource.

Identity and access | Applications

  • To drive the consent experience for an application, specify the resources that the app needs to access, including the set of OAuth 2.0 delegated permissions and application roles that the application requires.
  • Limit the number of required APIS to 50, and required permissions to 400 per application.

Identity and access | Directory management

Identity and access | Governance

Specify a list of additional users or group members to be notified of the access review progress, in the additionalNotificationRecipients property of an accessReviewScheduleDefinition.

Identity and access | Identity and sign-in

Specify the devices in a conditional access policy, as part of the conditions that govern when the policy applies.

Personal contacts

Enable support for delegated permissions (Contacts.Read or Contacts.ReadWrite) for profilePhoto resources in personal Microsoft accounts.

Teamwork

Users

User licenses for Azure Active Directory (Azure AD) services now support a timestamp for when the state of the license assignment is last updated.

October 2021: New in preview only

Applications

Use federated identity credentials to manage an application's credentials and allow an organization's cloud applications to access Azure AD without using secrets and certificates.

Cloud communications | Calls

Identify a call participant, by using the participantId property of the participantInfo resource type.

Cloud communications | Online meetings

Enable meeting registration and organize online meetings as a webinar. Associate the meeting with a registration page, and choose to enroll everyone or only organization members as meeting registrants.

Customer booking

  • Support the following attributes for a booking service:
    • Enable sending SMS notifications to customers for their appointments (smsNotificationsEnabled property).
    • The URL that customers can use to access the service (webUrl property).
  • Book an appointment with one or more of the following attributes:
    • Specify the customer's time zone (customerTimeZone property).
    • Specify the URL for an online appointment (joinWebUrl property).
    • Enable SMS notifications to the customer for the appointment (smsNotificationsEnabled property).
  • Specify one or more addresses and phone numbers for a customer.
  • Specify the time zone for a staff member.

Devices and apps | Cloud PC

List the Windows 365 service plans that an organization subscribes to for their Cloud PCs. Under each service plan type (business or enterprise), an organization can choose to subscribe from a range of plan configurations that vary by attributes like vCPU, RAM, and storage.

External data connections

  • Specify settings for the search experience of content in an external connection. For example, a display template for search results, and a rule to select the display template.
  • Relate one or more external groups to an external connection. For example, an external group such as a business unit or work team can determine permissions to the content in the data source represented by the external connection.
  • Can optionally specify the ID of a Teams app in an external connection in the connectorId property.

Identity and access | Directory management

Specify key credential configuration settings that can be configured to enable restrictions to an application or service principal.

Identity and access | Governance

Enable the following additional settings to review an access package assignment policy:

  • Default behavior if request is not reviewed in a specified duration (accessReviewTimeoutBehavior property).
  • Display recommendations to reviewer (isAccessRecommendationEnabled property).
  • Require reviewer to provide justification for approval (isApprovalJustificationRequired property).

Identity and access | Identity and sign-in

Users

Validate a password in real time against an organization's password validation policy, as a user types the password. Get detailed information from the validation against rules in the policy.

September 2021: New and generally available

Cloud communications | Calls

  • Put a participant on hold and play music in the background, by using the startHoldMusic action.
  • Reincorporate a participant previously put on hold to a call, by using the stopHoldMusic action.

Cloud communications | Online meetings

  • Get the content stream of an attendee report of a Teams live event.
  • Get or set the option to automatically record an online meeting.
  • Use OnlineMeetingArtifact.Read.All as delegated or application permission to read artifacts of online meetings. For more information, see online meetings permissions.

Devices and apps | Cloud printing

Cloud printer status includes all the standard values in Internet Printing Protocol (IPP).

Devices and apps | Corporate management

Intune monthly updates for the v1.0 version. In the changelog, set the Date filter for September, 2021, and look for a section with this same heading.

Files

  • Get the details of any virus detected in a driveItem through a malware property.
  • Use the delta function to track changes on not only the root folder but also other folders within a drive.

Identity and access | Directory management

Providers of role-based access control (RBAC) can manage roles in Azure Active Directory, by defining role actions that can be performed on specific resources, and assigning roles to users based on such role definitions, giving them the corresponding access to those resources.

Search | Query

Teamwork

Use a single action provisionEmail to get the email address of a channel if one exists, or create one otherwise. Use the removeEmail action to remove the email address.

Workbooks and charts

Create table rows asynchronously. For better performance, a good practice to create multiple table rows is to batch them in one create tableRow operation and carry out the operation asynchronously. Follow with the GET workbookOperation operation and tableRowOperationResult function to get the new workbookTableRow resource.

September 2021: New in preview only

Applications

Applications that use Security Assertion Markup Language (SAML) single sign-on flows can specify a default redirect URI (defaultRedirectUri property of application), or identify a specific redirect URI where users are sent to sign in (redirectUriSettings property of webApplication).

Cloud communications | Online meetings

Get the total participant count in a meeting attendance report of an online meeting.

Compliance | eDiscovery

The create case operation always creates cases in large format. This expands the case size limit to accommodate a higher total data volume and total number of items. For details, see benefits of large cases.

Devices and apps | Cloud PC

Devices and apps | Corporate management

Intune monthly updates for the beta version. In the changelog, set the Date filter for September, 2021, and look for a section with this same heading.

Education

Identity and access | Governance

Delete an accessPackageAssignmentRequest to remove a denied or completed request.

Identity and access | Identity and sign-in

Security | Attack simulation and training

Debut of the API for attack simulation and training, which is a service available as part of Microsoft Defender for Office 365. The API enables tenant administrators to list launched simulation exercises and trainings, and get reports on derived insights into online behaviors of users in the phishing simulations.

August 2021: New and generally available

Cloud communications | Calls

A participant can include metadata as a blob of data in the roster for a call.

Cloud communications | Online meetings

  • Create an online meeting as a live event, configuring broadcast settings and meeting participant info with the role of producer. See an example.
  • Enable, disable, or limit duration of chat for an online meeting by using the allowMeetingChat property.
  • Enable or disable reactions for an online meeting, by using the allowTeamworkReactions property.
  • Allow an attendee to turn on their camera or microphones by using the allowAttendeeToEnableCamera or allowAttendeeToEnableMic property respectively.

Cloud communications | Presence

Devices and apps | Corporate management

Intune monthly updates for the v1.0 version. Set the Date filter for August, 2021, and look for a section with this same heading.

Devices and apps | Service health and communications

GA of the service communications API in Microsoft Graph to access the health status and message center posts about Microsoft cloud services.

Identity and access | Governance

Get a collection of access review scopes that is used to define reviewers and fallback reviewers for an instance of access reviews.

Sites and lists | Taxonomy

Access the SharePoint term store taxonomy, the hierarchy that consists of group, set, and term resources, and relation resources between terms.

Teamwork

List chats that a user is part of, in a delegated context.

August 2021: New in preview only

Cloud communications | Calls

  • Put a participant on hold and play music in the background, by using the startHoldMusic action.
  • Reincorporate a participant previously put on hold to a call, by using the stopHoldMusic action.

Cloud communications | Online meetings

Set an online meeting to record automatically.

Devices and apps | Cloud PC

End the grace period for a Cloud PC. The grace period lets users access Cloud PCs up to seven days before de-provisioning occurs. Ending the grace period immediately deprovisions the Cloud PC without waiting the seven days.

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for August, 2021, and look for a section with this same heading.

Identity and access | Governance

Identity and access | Identity and sign-in

Teamwork

Users

Use the last interactive and non-interactive sign-in date/time values of users' signInActivity to manage inactive accounts.

July 2021: New and generally available

Cloud communications | Calls

Support for a capacity limit for the number of participants that an application can handle when answering a call, in organizations that adopt Teams policy-based recording.

Identity and access | Identity and sign-in

  • GA of identity providers that share a common base type identityProviderBase:
    • Built-in identity providers for Azure AD B2B scenarios in an Azure AD tenant. These providers can support Azure AD, Microsoft account (MSA), or email one-time passcodes.
    • Social identity providers in an Azure AD B2C tenant to allow users to sign up and sign in for the service using a social media account, such as Microsoft, Google, Facebook, Amazon, LinkedIn, or Twitter.
  • Deprecation of the earlier identity provider API.

Users

Let a user change their own password without requiring an administrator role.

July 2021: New in preview only

Devices and apps | Cloud PC

An on-premises connection health check can identify a few more possible health check error types:

  • Cloud PC computer account is not found in the organizational unit (adJoinCheckComputerObjectAlreadyExists).
  • Cloud PC object is not found in Azure AD (azureAdDeviceSyncCheckDeviceNotFound).
  • Timeout from checking if a cloud PC object has been synchronized to Azure AD (azureAdDeviceSyncCheckLongSyncCircle).

See the reference for details and recommended remedial actions.

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for July, 2021, and look for a section with this same heading.

Devices and apps | Multi-tenant management

Debut of the Microsoft 365 Lighthouse API that lets Managed Service Providers (MSPs) remotely manage multiple customer tenants at scale for compliance and threat detection, and help get tenant devices in a healthy and secure state.

Identity and access | Governance

Get a collection of errors in the lifecycle of an access review instance.

Search

Teamwork

June 2021: New and generally available

Applications

Get or set the status of an application or servicePrincipal to identify if Microsoft has disabled the application through the disabledByMicrosoftStatus property. Disabling reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement.

Change notifications

Extended the maximum length of a subscription before expiring for the following resources:

  • OneDrive driveItem and SharePoint list from 3 to 30 days.
  • group, user, or other directory resources from 3 to 29 days.

Change tracking

Removed limitation for tracking changes in non-root folders in OneDrive for Business and SharePoint.

Education

The APIs for the education assignments service are now generally available.

Identity and access | Governance

GA of the access review API. Check out the overview and tutorials to review access to security groups and access to Microsoft 365 groups. Note that the legacy access review API is being deprecated and will stop returning data in May 2023.

June 2021: New in preview only

Cloud communications | Online meetings

Customize audio and video control in an onlineMeeting by enabling or disabling attendees from turning on their cameras and microphones, through the allowAttendeeToEnableCamera and allowAttendeeToEnableMic respectively.

Devices and apps | Cloud PC

  • Assign and manage cloudPcUserSetting to enable local admin or self-service option for a user on a cloud PC. Currently assignments can be made at a group level (users belonging to a Microsoft 365 group or security group).
  • Get a few new properties of a cloudPC: the names of the provisioning policy and of the on-premises connection used during provisioning, and the end date/time of the grace period by which reprovisioning or deprovisioning happens.
  • Support for more status and error types upon a health check on an on-premises connection.

Education

  • Teachers can now select the default behavior for a calendar when they publish assignments. Teachers can control the assignment calendar behavior by using the addToCalendarAction property of the educationAssignment resource.
  • Teachers can now also set a default behavior for a calendar when they publish assignments. Teachers can control the assignment default calendar behavior by using the addToCalendarAction property of the educationAssignmentDefaults resource.

Groups

Allow a group to be assigned to an Azure AD role on creation by setting the isAssignableToRole property. If set, this property makes it convenient to manage roles for individuals - instead of having to assign a role to each individual person, eligible persons can join a group, and assigning the role to the group would by default assign the role to each new person joining the group.

Identity and access | Governance

Set users or group members to be notified of the progress of an access review, by using the additionalNotificationRecipients property of the schedule definition.

Identity and access | Identity and sign-in

Define a filter to dynamically include or exclude devices, using the deviceFilter property of conditionalAccessDevices.

Sites and lists

Create or get an existing sharingLink for a listItem by calling createLink.

Teamwork

Teamwork | Shifts

May 2021: New and generally available

Devices and apps | Cloud printing

Find out when a printer last interacted with Universal Print, by using the lastSeenDateTime property of printer.

Identity and access | Identity and sign-in

Get or update the role of a guest user by using the guestUserRoleId property of authorizationPolicy.

Mail

Microsoft Graph Toolkit

Try the following new features in the Microsoft Graph Toolkit 2.2:

Reports | Azure AD activity reports

GA of the reporting API to list actions performed by the Azure AD provisioning service and its associated properties. Aligned the prior beta version to the v1.0 version of the API.

May 2021: New in preview only

Connecting external content

Devices and apps | Cloud PC

Request the least privileged application permissions, CloudPC.Read.All or CloudPC.ReadWrite.All, to access methods of the following resources:

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for June, 2021, and look for a section with this same heading.

Education

Identity and access | Governance

Use SDKs

Try the preview version of Microsoft Graph .NET SDK v4, and take advantage of the following improvements:

  • Use a single API to authenticate against Microsoft Graph and Azure .NET clients.
  • New support for JSON serialization and deserialization.
  • Easy access to response information.
  • Better experience upgrading dependencies.

April 2021: New and generally available

Identity and access | Identity and sign-in

  • Manage an authentication policy at a tenant level, to enable or disable self-service sign-up of external users.
  • Administrators can associate user flows with apps that are shared with external users and enable self-service sign-up on those apps. They can customize a self-service sign-up user flow and create a personalized sign-up experience. Once an application is associated with the user flow, users who go to that application will be able to initiate a sign-up flow that provisions a guest account.
  • Configure user flow attributes in your Azure AD tenant allows you to collect information about a user during sign-up. You can collect a built-in set of attributes, or configure custom user flow attributes to collect information from a user that is not built in to the directory.
  • In an Azure Active Directory user flow, you can manage language defaults and customize the language and strings displayed to users in the user flow.
  • Use an API connector in user flows for Azure AD self-service sign-up and Azure AD B2C sign-up, to call an API at a specific step to affect the execution of the user flow.

Teamwork

  • Identify the channel by the channelIdentity property, if a chatMessage is within a channel.
  • Identify the chat by the chatId property, if the chatMessage is in a chat.
  • Use the messages relationship to get all the chatMessage resources in a chat.
  • Use application permissions to get the properties of a specified chat.
  • Use application permissions to get a specified chat member or get all the chat members included in a chat. Because data for users as chat members is sensitive, other than obtaining application permissions, please request additional access to these operations.

Use the Toolkit

New to the Microsoft Graph Toolkit? Try the new Toolkit learning path, use the Toolkit set of web components and authentication providers to connect a web app to Microsoft Graph, and load data from Microsoft 365.

April 2021: New in preview only

Cloud communications | Online meetings

  • Get a report of each attendee's attendance in a scheduled online meeting, through the meetingAttendanceReport property of the onlineMeeting.
  • Enable, disable, or limit duration of chat for an online meeting by using the allowMeetingChat property.
  • Enable or disable reactions for an online meeting, by using the allowTeamworkReactions property.

Compliance

Get, update, or reset to default the following settings for an eDiscovery case:

These settings provide analytics functionality that culls data intelligently in the end-to-end workflow of Advanced eDiscovery.

Devices and apps | Device updates

Debut of APIs for the Windows Update for Business deployment service. The service supports deploying Windows 10 feature updates and expediting Windows 10 security updates on devices. To learn more, start with the Windows updates API overview.

Education

  • Associate a folder with an educationAssignment to store all the related file resources, through the resourcesFolderUrl property.
  • Deep link into an educationAssignment through the webUrl property.

Identity and access | Governance

Administrators can get or update policies at the directory-level to review access, by using the accessReviewPolicy resource. For example, administrators can use an access review policy to enable or disable group owners reviewing access on groups that they own.

Search

Enable spelling suggestions or corrections for a user query. This is useful when a user query contains typing errors, or when the errors render no search results.

Teamwork

Use SDKs

March 2021: New and generally available

Applications

  • GA of the applicationTemplate resource which supports listing applications in the Azure AD application gallery, and adding an instance of such an application to a directory.
  • Use app-only permission Application.ReadWrite.OwnedBy when adding such an instance.
  • Use the signInAudience property of servicePrincipal to get the user accounts supported by the current application.

Devices and apps | Cloud printing

Identity and access | Governance

  • Use Azure Active Directory (Azure AD) consent requests to manage the request workflow for users attempting to access apps that require admin approval. The API makes use of the following resources:
    • The adminConsentRequestPolicy resource for creating and managing requests for app access for the organization.
    • The appConsentRequest resource for aggregating and managing user requests to access a specific app.
    • The userConsentRequest resource for users requesting access to an app which requires admin authorization.
    • The accessReviewReviewerScope resource defines who is specified in the adminConsentRequestPolicy to review appConsentRequest and userConsentRequest objects.
    • The approval resource represents an approval decision for a request.
  • GA of the Terms of Use API which supports a tenant's customizable Terms of Use agreement in Azure AD.

Identity and access | Identity and sign-in

Tasks and plans

  • Use the delegated permission of Tasks.Read to read operations of all Planner resources.
  • Use the delegated permission of Tasks.ReadWrite to read and write operations of all Planner resources.

Teamwork

March 2021: New in preview only

Applications

Create and add self-signed certificates to your SAML applications. Use this to help enable single sign-on for Azure AD gallery apps in your tenant by allowing Azure AD to sign SAML responses.

Devices and apps | Cloud PC

Added to the cloudPcDeviceImage resource two more reasons for failure to upload a device source image: operating system not supported (osVersionNotSupported), or an invalid source image to provision a Windows VM (sourceImageInvalid).

Devices and apps | Cloud printing

Get the most recent date/time (lastSeenDateTime property) when a printer interacted with Universal Print.

Devices and apps | Corporate management

Intune March updates for the beta version.

Identity and access | Governance

Apply the new model of access reviews to group memberships and all other supported resource types. Deprecate the legacy model of access reviews.

Sites and lists

Sites and lists | Taxonomy

  • Navigate from a site to a taxonomy term store using the termStore relationship.
  • In the reverse direction, get the ID of the parent site of a term store using the parentSiteId property.

Users

February 2021: New and generally available

Cloud communications | Online meeting

Use policy-based application permissions of OnlineMeetings.Read.All or OnlineMeetings.ReadWrite.All on operations and methods of the onlineMeeting resource. This means administrators can configure application access policy to allow apps to access online meetings on behalf of a user.

Sites and lists

Use the permission resource and its CRUD operations to manage sharing permission granted for a driveItem. Permissions with a link facet represent sharing links created on the item. Permissions with an invitation facet represent permissions added by inviting specific users or groups to have access to the file.

February 2021: New in preview only

Applications

Use application permissions for the synchronization APIs that automate provisioning (creation, maintenance) and de-provisioning (removal) of identities in Azure AD.

Cloud communications | Calls

Support for policy-based recording for calls where using administrative policy, calls are automatically recorded for subsequent processing and retention as required by relevant corporate or regulatory policy. Before a policy-based participant joins a call, policy stipulates sending a participantJoiningNotification to the bot associated with the policy that has available capacity to handle the new participant. The bot responds with one of acceptJoinResponse, rejectJoinResponse, or inviteNewBotResponse in its response payload.

Compliance | eDiscovery

  • Use the legalHold resource and its APIs to protect content indefinitely from deletion, for the purpose of litigation, internal investigation, or other legal actions.
  • Use the sourceCollection resource and its APIs to search for and identify relevant documents from custodial and non-custodial locations in Microsoft 365.
  • Use the tag resource and APIs to mark documents during review to separate responsive and non-responsive content.
  • Export documents from a review set.
  • Use the addToReviewSet action to add documents in a sourceCollection to a reviewSet.
  • Apply tags to documents based on a review set query.
  • Defined all eDiscovery API in the microsoft.graph.ediscovery namespace.
  • Changed delegated permissions model from User.Read to eDiscovery.Read.All and eDiscovery.ReadWrite.All.

Devices and apps | Corporate management

  • Intune February updates for the beta version.
  • New properties set by Intune on the device resource: deviceCategory, deviceOwnership, domainName, enrollmentProfileName, enrollmentType, isRooted, managementType, and registrationDateTime.

Education

Use educationAssignmentDefaults to specify default practices on an assignment for a class, for example, assignment due time, channel URL for notifications on an assignment. You can still customize values when creating an assignment.

Identity and access | Identity and sign-in

Identity and access | Governance

Reports | Microsoft 365 usage reports

Get more properties included in detail reports for SharePoint site usage: anonymousLinkCount, companyLinkCount, externalSharing, geolocation, secureLinkForGuestCount, secureLinkForMemberCount, siteSensitivityLabelId, and unmanagedDevicePolicy.

Tasks and plans

  • Define up to 25 categories in a plan details object for a plan. For each category, specify a descriptive label and associate tasks in a plan with one or more of these categories.
  • Use a roster to represent a collection of users collaborating on a plan. Use the rosterPlans relationship to get the rosters of which the user is a member.
  • For plans that are surfaced in experiences outside of Planner, such as Microsoft Teams, specify in the plan context details how to display the link to the plan context.

Use SDKs

Try the preview release of the Microsoft Graph Java SDK v3! For more information, see the related blog post.

January 2021: New in preview only

Cloud communications

Devices and apps | Cloud PC

Devices and apps | Cloud printing

  • Subscribe to change notifications of cloud printing - when a print job is started, and when the print job is ready to be downloaded by a printer.
  • Get a fuller range of possible values for the status of a printer.
  • Use delegated permissions in apps on behalf of the signed-in user:
    • PrinterShare.ReadBasic.All to read basic information about printer shares, excluding access control information.
    • PrintConnector.Read.All to read print connectors.
    • PrintConnector.ReadWrite.All to read or write print connectors.
    • PrintJob.Create to create print jobs and upload content to print jobs.
    • PrintSettings.Read.All to read tenant-wide print settings.
    • PrintSettings.ReadWrite.All to read or write tenant-wide print settings.
    • Reports.Read.All to read print usage summary per specified user or per printer.

Education

Use class-level assignment settings to enable or disable animation to celebrate turning in an assignment.

Groups

Get the processing status of a rule-based dynamic group by using the membershipRuleProcessingStatus property. This is useful when an attribute of a user changes, the user's membership in a rule-based Microsoft 365 group is re-evaluated based on the group membership rules set for the organization.

Identity and access | Directory management

Get the usage right that a user or device has over third-party software built on Power Apps or, usage right of a device over a subscription. Usage right includes identifiers for the corresponding service or product, and the current state of the usage right such as active, inactive, in warning, or suspended.

Identity and access | Identity and sign-in

  • Apps can use application permissions to let administrators manage authentication methods for users.
  • Support Microsoft Authenticator as an authentication method of a user to sign in or perform multi-factor authentication to Azure AD.
  • Use Microsoft Authenticator policy to define configuration settings and users or groups that are enabled to use Microsoft Authenticator as an authentication method. Use Microsoft Authenticator policy in place of Microsoft Authenticator passwordless phone sign-in policy which is deprecated.
  • Support Windows Hello for Business as an authentication method of a user to sign in on Windows devices without using a password.

Reports | Identity and access reports

December 2020: New and generally available

Calendar

  • Meeting organizers can use the hideAttendees property of an event to control whether attendees can see one another in the meeting Tracking list.
  • GA of the isDraft property and cancel method that are available to organizers, and the forward method available to organizers and attendees to better manage event resources in a calendar.
  • GA of the hexColor and isDefault properties of a calendar to better manage calandars.

Cloud communications

GA of the presence resource, allowing getting presence information of one or more users, such as their availability and user activity.

Identity and access | Identity and sign-in

Try a new tutorial to learn how to use the identity protection API to identify risk and configure a workflow to confirm compromise or enable remediation.

Teamwork

Use the Toolkit

GA of Microsoft Graph Toolkit 2.0 - this release includes a new component for Microsoft Graph To-Do tasks, distinct from thePlanner tasks component, and an enhanced person card component. See the related blog post for more information.

December 2020: New in preview only

Compliance | eDiscovery

Continuing to fulfill the pipeline of Microsoft 365 compliance APIs are the custodian resource and its related operations and methods to release or activate a custodian. Use the custodian resource to access the custodian's data (userSource) in an Exchange Online mailbox and OneDrive for Business, SharePoint sites (siteSource), and Microsoft 365 groups (unifiedGroupSource).

Devices and apps | Cloud PC

Identify the failure status of a cloud-managed virtual desktop collectively as failed, in the status property of the cloudPC resource.

Devices and apps | Cloud printing

Education

  • If students are added after publishing the assignment, teachers can control the assignment behavior by using the addedStudentAction property of the educationAssignment resource.
  • Teachers can post assignment publish notification through the notificationChannelUrl property of the educationAssignment resource.

Identity and access

Get or set the version and creation metadata for an Azure AD terms of use agreement, agreement file, and agreementfilelocalization.

Identity and access | Governance

As part of Azure Active Directory entitlement management, when users wishing to access groups, applications, or SharePoint Online sites request an assignment to an access package, they can now respond to questions represented in localized content in the access package assignment request.

Identity and access | Identity and sign-in

Teamwork

To-do tasks

Subscribe to change notifications of a To Do task.

November 2020: New and generally available

Cloud communications

  • GA of the role property of the meetingParticipantInfo type, that distinguishes the role of a participant in an online meeting as an attendee or presenter.
  • GA of the lobbyBypassSettings property and its values to admit users to an online meeting.
  • GA of the isEntryExitAnnounced property to customize settings for announcing callers joining or leaving an online meeting.
  • GA of the allowedPresenters property to allow specific presenters in the meeting.

Search

Teamwork

  • GA of resource-specific consent (RSC) permissions. RSC permissions allow team owners to grant granular consent to a production app to access and/or modify specific data of a team, for example, reading the team's settings, or modifying channel names, descriptions, and other settings.
  • GA of APIs that apply to a channel or messages within a channel. The APIs include:

November 2020: New in preview only

Devices and apps | Cloud PC

Debut of the cloud PC API that lets organizations provision and manage virtual desktops for employees. Use it in conjunction with the Intune API to manage physical and virtual endpoints.

Devices and apps | Cloud printing

Subscribe to change notifications on a print task definition.

Devices and apps | Corporate management

Intune November updates for the beta version.

Identity and access

  • Specify URLs for sending sign-in user tokens, and URIs for authorization codes and access tokens, in the spa property of application.
  • Customize the look and feel of Azure Active Directory sign-in screens through the organization branding properties. Organizations can customize based on locale for specific users.

Identity and access | Governance

Debut of access review API for group membership to review user access regularly, make sure only the right people have continued access, and efficiently manage group memberships.

Search

You can aggregate numeric or string type search results that are imported by Microsoft Graph connectors and that are set to be refinable in the schema. See more information about refining search results using aggregations.

October 2020: New and generally available

Application

Change notifications

Production apps can now subscribe to lifecycle notifications of Outlook message, event, and contact, and Teams chatMessage, in order to reduce missing subscriptions and change notifications.

Identity and access

  • GA of advanced OData system query options ($count, $search, and $filter) on directory objects.
  • Check out examples that show OData cast on directory objects.
  • See the Identity and access section of the October updates in the changelog for the lists of enhanced APIs.

Teamwork

To-do tasks

GA of the Microsoft To Do API - use the to-do API in a production app to create and manage tasks that are part of a user's workflow, such as creating a task off an email.

Users

Get new properties applicable to a user who is corporate employee: hire date, organizational association such as division and cost center, and employee type such as consultant, contractor, or vendor. These properties require specifying the $select OData query parameter in the GET operation.

October 2020: New in preview only

Cloud communications | Online meeting

Devices and apps | Cloud printing

  • Deprecate the uploadData action in favor of creating an upload session to upload a document to a printer or printer share.
  • Deprecate the configuration property on printDocument in favor of a similar configuration property on printJob.
  • Get the source or destination job URL for a printJob that is being redirected, by using the redirectedFrom or redirectedTo property.
  • Get the current status of a printJob by using the state property and new details property.
  • Get the collection of printer shares associated with a printer by using the shares relationship.
  • Deprecate the processingStateReasons property of printer in favor of the status property. The status property is of the type printer status and exposes a details property. Use the details property to identify the reason for a printer to be in the current state.
  • Deprecate the feedDirections property on printerCapabilities in favor of the feedOrientations property, to get feed orientations supported by a printer.
  • See the cloud printing section of the October updates in the changelog for a few renaming of API and properties, and a few other deprecations.

Devices and apps | Corporate management

Intune October updates for the beta version.

Files

Revoke access to a listItem or driveItem granted via a sharing link.

Identity and access | Identity and sign-in

  • Manage authentication method policies to identify users who can use specific multi-factor authentication methods to sign into Azure Active Directory. Configure policies to define the following:
    • The types of FIDO2 security keys that can be used in the Azure AD tenant.
    • The users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Azure AD.
  • Configure an email authentication method for users to self-serve password resets.
  • Use Azure AD B2C and choose a mechanism to configure and let end users authenticate via local accounts.
  • Use Policy.ReadWrite.AuthenticationMethod to read or write an organization's authentication method policies, as a delegated permission on behalf of a signed-in user, or as an application permission without a signed-in user present.
  • Specify in an authorization policy if and who can invite external users to an organization.

People and workplace intelligence | Insights

Administrators can see examples of using PowerShell cmdlets to customize item insight settings for an organization.

Teamwork

  • Use the instance attribute channelCreationMode to indicate that a channel is being created to serve migration of data. Use the completeMigration to indicate migration is over, such that members can post and read messages.
  • Use the instance attribute teamCreationMode to indicate that a team is being created to serve migration. Use the completeMigration to indicate migration is over, such that member operations can happen, and members can post messages.

September 2020: New and generally available

Calendar

GA of the transactionId property of the event resource, which is optionally set by a client app to avoid redundant POST operations in case of client retries to create the same event. This is useful when low network connectivity causes the client to time out before receiving a response from the server for the client's prior create-event request.

Cloud communications

Delete a participant from a call. You can use this operation even in situations where it's necessary to delete a participant from an active call.

Devices and apps | Corporate management

Intune September updates for the v1.0 version.

Identity and access | Directory management

GA of the administrative units API that allow organizations to subdivide their Azure Active Directory, manage and delegate administrative duties to these subdivisions. These subdivisions can represent regions, departments, cost centers, and so on.

Reports

Get a report that includes the count of unique users for Outlook 2019 and for Outlook on Microsoft 365.

Teamwork

Use the SDKs

GA of the Microsoft Graph PowerShell SDK which enables access to the entire surface of Microsoft Graph in a straightforward and consistent way.

Use the Toolkit

Try the new step-by-step getting-started tutorials for Microsoft Graph Toolkit and experience the convenience the toolkit brings:

Users

Aside from getting the SMTP address of a user through the mail property, you can now set that property and update the user's email address.

September 2020: New in preview only

Application

Create, list, or delete classifications of delegated permissions that a service principal exposes. Use delegated permission classifications in combination with user consent settings to set limits on when end-users are allowed to grant consent to apps.

Cloud communications

  • Deprecation of the autoAdmittedUsers property of onlineMeeting. Instead, use the new lobbyBypassSettings property and its values.
  • Use additional settings about announcing callers joining or leaving an online meeting (isEntryExitAnnounced property), and allowing specific presenters in the meeting (allowedPresenters property).

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune September updates for the beta version.

Identity and access | Directory management

Identity and access | Governance

Be able to include a schedule when requesting or removing an assignment of a user to an access package, that specifies access to groups, applications, or SharePoint sites.

Identity and access | Identity and sign-in

Organizations can get or update a continuous access evaluation policy to manage authentication sessions in real time.

Search

Teamwork

  • Get the date/time at which a Teams channel or team is created.

August 2020: New and generally available

Change notifications

Track changes of supported resources in the Microsoft Graph for US Government national cloud.

Cloud communications

Teamwork

  • Use an alternative way to create a team directly without first creating a group.
  • Use the members navigation property to add members to a team with increased reliability and lower latency.
  • Get the publishing status of a Microsoft Teams app through the publishingState property of the app definition. The possible status values are submitted, published, and rejected. See an example.
  • Use the AppCatalog.Submit delegated permission to allow a user to submit an app and request administrator review. Use the same permission for a user to cancel an app submitted in the past that has not been published.

August 2020: New in preview only

Applications

Support password-based single-sign-on in service principal application resources and specify such settings in the passwordSingleSignOnSettings property. For information about password-based single sign-on in Azure AD, see configure password-based single-sign-on.

Calendar

Enhance programmatic support for scenarios involving a recurring event:

  • Reliably identify any occurrence in a recurring series, including a modified or cancelled occurrence, by using the occurrenceId property.
  • Get any exceptions in a recurring series by using the exceptionOccurrences property.
  • Get any cancellations in a series using the cancelledOccurrences property.

Change notifications

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune August updates in beta.

Identity and access | Governance

  • Customize a terms of use agreement to support an agreement expiration date and cadence, require the user to accept the agreement per device, or to re-accept the agreement on a set frequency.
  • Use the file property to navigate to a custom agreement for terms of use. Do not use the files property.
  • Add, remove, and list internal or external sponsors who can approve requests from a connected organization to access a group, application, or SharePoint Online site. See entitlement management for more information.

Identity and access | Identity and sign-in

  • Enable further customizing an authorization policy for a tenant, such as allowing the default user role to create applications or security groups or to read other users, allowing users to sign up for email-based subscriptions or to join the tenant by email validation, or letting users self-serve password resets.
  • Manage predefined, configurable policies as user flows within an Azure Active Directory B2C tenant. See more information about B2C user flows.
  • Enable self-service sign-up experience as B2X user flows in an Azure Active Directory tenant,see more information about self-service sign-up.

People and workplace intelligence | Profile

Add and manage the following additional properties in a user's profile, and that can be surfaced in shared, people experiences across Microsoft 365 and third-party apps:

Reports | Microsoft 365 usage reports

Get reports on Microsoft 365 apps usage, specifically on user detail, user counts, and platform user counts.

Teamwork

Get content hosted in a chat message, such as images or code snippets. See an example to get the content bytes of an image.

To-do tasks

July 2020: New and generally available

Calendar

GA of the feature that allows organizers to allow alternate meeting time proposals, and invitees to propose new times for a meeting when they tentatively accept or decline an event.

Change notifications

Removed the erroneously introduced sequenceNumber property from the changeNotification resource.

Groups

GA of the following properties for the group entity: assignedLabels, expirationDateTime, membershipRule, membershipRuleProcessingState, preferredLanguage, and theme.

Identity and access

  • Remove a user as a registered owner or user of a device.
  • Track changes to newly created, updated, or deleted local representation of applications (represented by servicePrincipals resources) and delegated permissions grants (represented by oAuth2PermissionGrant resources) without performing a full read of the entire resource collection.
  • GA of the policy to enforce security defaults that protect organizations against common attacks.

Identity and access | Identity and sign-in

Schema extensions

The schema extensions feature is now generally available in Microsoft Cloud for US Government.

Teamwork

Use the delegated permissions of TeamsAppInstallation.ReadForTeam or TeamsAppInstallation.ReadWriteForTeam, or application permissions of TeamsAppInstallation.ReadForTeam.All or TeamsAppInstallation.ReadWriteForTeam.All to list apps that are installed in a team.

July 2020: New in preview only

Cloud communications

  • Use the update operation to update the startDateTime, endDateTime, participants, or subject property of an online meeting.
  • Subscribe to notifications on changes to the availability of a user on Microsoft Teams, as represented by the presence resource.

Cloud communications | Call records

  • Get records of Public Switch Telephone Network (PSTN) calls.
  • Get records of direct routing calls.

Compliance | eDiscovery

Debut of eDiscovery cases that can contain custodians, holds, collections, review sets, and exports that can be used as evidence in legal cases. Apps can now query and cull review set data collected for use in a litigation, investigation, or regulatory request. This debut is part of Microsoft 365 Advanced eDiscovery.

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune July updates in beta.

Groups

Use the isAssignableToRole property of a Microsoft 365 group and set it during group creation to indicate whether the group can be assigned to an Azure AD role. This helps manage role assignments in Azure AD, such that instead of assigning individual users an Azure AD role, a privileged role admin or global admin can create a Microsoft 365 group and assign the group that role, so that when users join the group, they are assigned the intended role indirectly.

Identity and access

  • Acquire an access token to authorize the Azure AD provisioning service to provision users into an application.
  • Get or update entitlement management settings that control access to groups, applications, and SharePoint Online sites for users internal and external to your organization.

Identity and access | Identity and sign-in

People and workplace intelligence | Insights

Use more granular privacy control over the availability and display of item insights in Microsoft 365. These insights represent the relationships between a user and documents in OneDrive for Business, calculated using advanced analytics and machine learning techniques.

People and workplace intelligence | Profile card customization

Administrators can customize the properties exposed on the profile card for their organizations by using the API for profile card property.

Sites and lists

Access the SharePoint term store taxonomy, the hierarchy that consists of group, set, and term resources, and relation resources between terms.

Workbooks and charts

Get the status and any result of a long running operation in a workbook.

June 2020: New and generally available

Cloud communications | Online meeting

  • Use the Accept-Language HTTP header when creating an online meeting to provide locale-based join information.
  • Use createOrGet to return an online meeting that has a specified externalId value, or create one if none already exists, to streamline embedding the resultant meeting in a third-party calendar.

Files

  • Enhanced synchronization support:
    • Use the pendingOperations property to identify any operations that might update the binary content of a driveItem file, that are pending completion.
    • Restore a driveItem that has been deleted and is in the recycle bin on OneDrive Personal.
  • Get or set the orientation of a photo. Setting is supported on OneDrive Personal.
  • Use Secure Hash Algorithm (SHA-256) to enhance file data security and integrity.
  • Use the deferCommit parameter to defer final creation when uploading typically a large file to OneDrive for Business, until an app makes a request to complete the upload.
  • Use the fileSize property to provide as part of the item parameter an estimate, so to do a quota check prior to uploading a file on OneDrive Personal.
  • Find storagePlanInformation through the quota property of a drive resource to see if there are higher storage quota plans available.

Groups

Use application permissions Group.Read.All and Group.ReadWrite.All to get group conversation and conversation thread resources.

Identity and access

Security

  • Track the following as properties of an alert:
    • IDs of incidents related to the alert.
    • Identify a resource as attacked or as a related resource in the alert.
    • Specify the source and destination locations of a network connection related to the alert.

Sites and lists

Specify geolocation data in a column definition for a SharePoint list resource.

Teamwork

June 2020: New in preview only

Calendar

In addition to tracking incremental changes on events in a calendarView (collection or events delimited by start and end dates), use the delta function on events in a user mailbox, or events in a specific user calendar.

Cloud communications | Presence

Get the presence status of all the users in an organization, or a specific user in the organization.

Devices and apps | Cloud printing

  • Specify print margins when configuring a document for printing.
  • Support for the following printer capabilities:
    • feed directions
    • printing page ranges
    • print resolution in DPI
    • maximum print job queue size in bytes
    • input bins
    • margins
    • collation
    • document scaling
  • Support for print resolution (DPI) and document scaling as part of default printer settings.
  • Support for the following document configuration settings:
    • input bins
    • output bins
    • media sizes
    • margins
    • media types
    • finishings such as stapling or binding
    • pages per sheet
    • multi-page layout specifying the direction to lay out pages per sheet
    • collation
    • scaling
  • Expand documents when listing pring jobs.
  • Register a printer and use the printerCreateOperation resource to track and verify the registration of the printer.
  • Get long-running printer registration operation within current user or app's tenant.
  • A few renaming of properties and enum types - see details in the June changelog updates for cloud printing.

Devices and apps | Corporate management

Intune June updates in beta.

Education

  • Can use delegated permissions EduRoster.ReadBasic to get the ID of a teacher or student in an external source program, as the externalId property.
  • Use the externalSource property to track the value lms if an education organization or class is created from a learning management system (LMS).

Identity and access

Search

  • Make use of enhancements on a property in a schema: isRefinable to enable filtering of search results and for a more refined control of the search experience, and aliases and labels for better relevance.
  • Be able to specify up to 128 property resources in a schema.
  • Use get externalItem for diagnostic purposes.

Users

May 2020: New and generally available

Calendar | Place

GA of the places API in v1.0 - use this API in production apps to get, update, or delete a room or room list in a tenant. Find out more about the places API.

Change notifications

  • Subscribe to change notifications in Microsoft Cloud for US Government.

Cloud communications | Call records

  • GA of the call records API - use the callRecord resource to get the metadata of calls and online meetings on Microsoft Teams and Skype.
  • Subscribe to change notifications for changes to all callRecord resources in an organization.
  • List sessions in a callRecord, and optionally expand each session to list segments in the call record.
  • Support for 60-GHz (frequency60GHz) and unknownFutureValue WiFi band values of a media endpoint in a segment.
  • Support for voice mail as a possible type of service-side end point in a communication segment.

Devices and apps | Corporate management

Intune May updates in v1.0.

Graph Explorer

Use the many new features of Graph Explorer that enhance learning and prototyping in the sandbox. For example:

  • View code snippets that correspond to the REST API query you entered, in C#, Java, JavaScript, and Objective C.
  • Signed in with a tenant, view and copy an access token to your favorite REST client application.

See New Graph Explorer is now GA for more details.

Groups

  • Synchronizing on-premises directory to Azure Active Directory via Azure AD Connect now returns the onPremisesDomainName, onPremisesNetBiosName and onPremisesSamAccountName properties as part of the group resource.
  • Subscribe to change notifications for group resources in Microsoft Cloud China operated by 21Vianet.

Identity and access

  • GA of the service principals API in v1.0 - use the servicePrincipal resource in production apps to programmatically manage instances of applications and control what an application can do within your tenant. You can control who can use an application, what resources the application has access to, such as adding password credentials, rolling expiring certificates, and managing delegated permission grants and application role assignments.
  • GA of the appRoleAssignment API, which records the assignment of an appRole (representing the roles claim in ID tokens and access tokens) to a user, group, or servicePrincipal.
  • Use Facebook as an identity provider on Azure Active Directory.
  • Use the delegated or application permission of AppRoleAssignment.ReadWrite.All to allow an app to manage grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, respectively with or without the signed-in user.

Microsoft Graph SDKs

See new SDK guidance on the following:

Teamwork

Teamwork | Shifts

GA of the shifts API in v1.0 - use this API in production apps to create, update, and manage schedules of firstline workers, to let them stay in touch and collaborate effectively.

Users

  • Subscribe to change notifications for user resources in Microsoft Cloud China operated by 21Vianet.
  • Track the status and date/time of the last status change of an external user, who has been invited to join the organization, by using the externalUserState and externalUserStateChangeDateTime properties of the user resource.

May 2020: New in preview only

Change notifications

  • Use formally schematized types changeNotification and changeNotificationCollection to process resource change notifications.
  • Track if notifications are in sequence or if a notification is missing by using the sequenceNumber property on the changeNotification resource.

Devices and apps | Cloud printing

  • The printer and printerShare resources are now in parity and have the same properties as each other.
  • Some property and type name clean-up around printer shares:
    • Use the shared navigation property of print to get the list of printer shares registered in the tenant.
    • See details in the May changelog.

Devices and apps | Corporate management

Intune May updates in beta.

Groups

  • Evaluate whether a user or device is or would be a member of a dynamic group, using the existing rule for the group or a specified rule. Rule-based dynamic membership reduces administrative overhead of adding and removing members.
  • When creating a Microsoft 365 group, configure the behaviors of the group by specifying them in the resourceBehaviorOptions property. For example, allow members to post, subscribe new members to conversation, disable welcome email, and hide the group in Outlook experiences.
  • Specify the resources to provision in the resourceProvisioningOptions property that are normally not part of the default group creation. Currently supported is provisioning a group as a team with Microsoft Teams capabilities.

Identity and access

Teamwork

April 2020: New and generally available

Calendar

  • Share or delegate calendars programmatically, in closer parity with the Outlook user experience. In addition to tracking the current user's permissions and sharing status for a calendar:
    • For each calendar, you can now manage the permissions of each user with whom the calendar is shared.
    • For each mailbox, you can now specify whether a delegate, mailbox owner, or both receive meeting messages and meeting responses.
  • Create or update an event as an online meeting:
    • For each calendar, specify the allowed and the default online meeting providers.
    • Create or update an event to be available online, and provide details for attendees to join the meeting online.
    • In particular, use the new onlineMeetingProvider and onlineMeeting properties of event to set or identify Microsoft Teams as an online meeting provider, a workaround for a known issue with the onlineMeetingUrl property.
  • Add file attachments up to 150MB to an event.

Files

  • Check out or check in a file to OneDrive to manage updating the file and making updates available to others when the updates are ready.
  • Apply optional password and expiration date/time as parameters of the invite and create sharing link actions to share a driveItem.
  • Get or set password and expiration date/time of a permission, and track the identitySet of users granted the permission to share a driveItem.
  • Get the permission of a shared drive item by using the permission navigation property.
  • Limit users with a sharing link to only view and may not download the contents of a shareddriveItem on OneDrive for Business or SharePoint.

Identity and access

  • To manage roles and assign access to resources in role-based access control (RBAC) providers such as Microsoft Intune, use unifiedRoleAssignmentMultiple. The unifiedRoleAssignmentMultiple resource supports defining a single role over an array of scopes, and assigning the role to multiple principals (such as users).
  • Access specific types of policies for an organization using the /policies URL segment and specifying the policy type. For example, an organization can enforce a policy to automatically sign a user out from a web session after a period of inactivity; see CRUD operations for instances of activityBasedTimeoutPolicy. This is a breaking change to make it easier to discover all policies, by grouping all typed policies under the /policies segment. Access other typed policies in a similar approach: claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenLifetimePolicy, and tokenIssuancePolicy.

Mail

Add file attachments up to 150MB to a message.

Sites and lists

  • List sites that the signed-in user has followed.
  • Identify the geographic region of a site collection by using the dataLocationCode property.
  • Identify the tenant of a file, folder, or other item on SharePoint by accessing the tenantId property that is part of the sharepointIds of a driveItem.

April 2020: New in preview only

Devices and apps | Cloud printing

Designate allowed users and groups to use specific printer shares on Universal Print, the Microsoft 365 cloud-based print infrastructure. To experience robust and centralized print management capabilities, and offer a simple yet rich and secure print experience for print users, see the Universal Print announcement and join their preview program.

Devices and apps | Corporate management

Intune April updates.

Groups

Identify the app that created a group by its app ID.

Identity and access

Reports | Identity and access reports

List relying parties configured in Active Directory Federation Services.

Reports | Microsoft 365 usage reports

View Meeting Created and Meeting Interacted data in CSV reports for email activity counts, email activity user counts, and email activity user detail.

March 2020: New and generally available

Cloud communications

  • Get the call routing and incoming context of a call.
  • Update the recording status of a call.
  • Specify recording information for a participant, including the initiator and status of the recording.
  • Uniquely identify participants in a conference or participant-to-participant call using the callChainId property.
  • Identify as part of participantInfo the country code and endpoint type (such as Skype for Business, or Skype for Business VOIP) of the participant.
  • Third-party video teleconferencing (VTC) device partners can log and provide media quality data for their video teleconferencing devices through a Cloud Video Interop (CVI) bot and using the logTeleconferenceDeviceQuality function. Media quality includes open-type data for audio, video, and screen-sharing.

Files

  • Remote items that are shared with a user, added to the user's OneDrive, or returned as a search result can contain metadata for an image or video.
  • Follow a driveItem for convenient access, or for faciliating actions such as move, copy, and save-as. Use unfollow to stop following the drive item.
  • Grant permissions to users to access a sharing link, in order to share the corresponding drive item.

Identity and access

  • Track changes for organizational contacts.
  • Use the riskEventTypes_v2 property to get the risk event types associated with a sign-in.
  • Use the User.ManageIdentities.All delegated permission to allow an app to read, update, or delete identities that are associated with a user's account, that the signed-in user has access to. Use that permission at the application-level without a signed-in user present. This allows the app to manage which identities a user can sign-in with.

Reports

Use Teams Service Administrator and Teams Communications Administrator as accepted user roles to allow apps to read Microsoft 365 service usage reports on behalf of a user, as forms of user-delegated authorization.

Sites

March 2020: New in preview only

Calendar

  • Use the calendarGroupId property to get the calendar group in which a calendar has been created.
  • Use the isDraft property to identify an event as a meeting that the user has updated in Outlook but has not sent to update attendees.

Cloud communications

  • Use createOrGet to get an online meeting instance by a custom external ID, and create one when none already exists.
  • Have the option to use the externalId property to identify an online meeting with the custom external ID.
  • Use the optional Accept-Language HTTP request header to create or get an instance of online meeting, so that the successful operation displays the content of the joinInformation property in the specified language and locale variant.

Devices and apps

Intune March updates.

Identity and access

  • Use the AuditLog.Read.All permission to list the sign-in activity of a user.
  • Use the PrivilegedAccess.Read.AzureResources application-level permission for Privileged Identity Management (PIM) of Azure resources, to set up just-in-time access workflow for Azure infrastructure roles at a management group, subscription, resource group, or resource level.
  • Use the identitySecurityDefaultsEnforcementPolicy entity to get or update pre-configured default security settings that protect organizations against common attacks.
  • Use an identity segment when calling the conditional access APIs. For example, to get a conditional access policy: GET https://graph.microsoft.com/beta/identity/conditionalAccess/policies/{id}.
  • Use the authenticationRequirement property to get the highest level of authentication that is needed through all the sign-in steps in order for sign-in to succeed.
  • Use pagination when listing provisioning events that occurred in your tenant.

Search

  • To add data in a file to search results, index the data simply as an externalItem. The externalFile type has been deprecated.
  • Update an item in the index, by specifically updating the plain-text representation of the item (represented by the content property), or the properties bag of the item (represented by the properties property). Updating any property in the properties bag overwrites the entire properties bag, so make sure to explicitly include all the properties of the item in the update.
  • Check for HTTP 429 and the Retry-After response header after calling the create, update, or delete operation of externalItem. Backing off requests using the Retry-After delay is the fastest way to recover from throttling.

Teamwork

Use the ChannelMessage.Read.All application-level permission to read chatMessage instances in channels without a signed-in user.

Universal Print

Debut of the Universal Print API which allows users to print on the web or from an app. The API lets IT administrators manage user and group access to printers in the Microsoft 365 cloud, remote printer sharing to maintain availability, monitor printer status, and report on archived print jobs and usage.

Note that as of March 2020, the Universal Print service is in private preview. See Announcing Universal Print: a cloud-based print solution for information regarding participation.

February 2020: New and generally available

Calendar

Walk through an example of creating an event in a shared or delegated calendar, and the actions and properties available to the delegate, invitees, and calendar owner during this process.

Identity and access

Users

Reprocess all group-based license assignments for a user.

February 2020: New in preview only

Calendar

See tasks supported by preview APIs that manage calendar sharing and delegation.

Cloud communications

  • Use the new call records resource to get metadata of calls and online meetings on Microsoft Teams and Skype for Business for an organization.
  • For a participant in a meeting, use the initiator property to get the identity information of the initiator of a recording, if there is one.

Devices and apps

Intune February updates.

Groups

Use the assignLicense method to assign licences for products, such as Microsoft 365 or Enterprise Mobility + Security, to a group. Since Azure AD ensures licences are assigned to members of the group, members joining or leaving a group no longer requires licence management at the individual level.

Identity and access

Teamwork

January 2020: New and generally available

Security

As part of customer alert management, use the update alert method and update the comments field as either Closed in IPC or Closed in MCAS.

Teamwork

Use the primaryChannel navigation property of a team to access its default channel, General.

Users

Use the identities property to access one or more identities that a user can use to sign in to an Azure AD user account. The identities can be provided by Microsoft, organizations, or social identity providers such as Facebook, Google, or Microsoft. This property allows the user to sign in to the user account with any of these identities.

January 2020: New in preview

Devices and apps

Intune January updates.

December 2019: New and generally available

Cloud communications

The cloud communications API has GA'd and APIs for call and onlineMeeting are available in v1.0.

Education

Use the classSettings property to manage class-specific settings, such as enabling the sending of weekly assignment digests. This property is available on the team resource when the team represents an education class.

Identity and access

Attempting to get container objects with limited permissions returns partial data. An example is a group instance that's associated with a user, another group, and a device. An app having only the permissions User.Read.All and Group.Read.All and attempting to access this group instance would get the user and group objects, but limited data for the device object (only data type and object ID and not property values).

People and workplace intelligence

The insights API has GA'd. Use the API in production apps to identify the most relevant documents that are:

Reports

To get Microsoft 365 usage reports using permissions delegated by a user, administrators must have assigned the user an Azure AD limited administrator role. This can be one of the following roles: company administrator, Exchange administrator, SharePoint administrator, Lync administrator, global reader, or reports reader. See Authorization for APIs to read Microsoft 365 usage reports for details.

Toolkit

Microsoft Graph Toolkit v1.1 has released. For a list of enhancements and bug fixes, see the December 2019 section of the changelog.

December 2019: New in preview

Cloud communications

  • Use the new presence resource to get information about the availability and current activity of one or more users.
  • Delete an instance of an onlineMeeting.
  • See the December 2019 section of the changelog for the renaming and removal of a few members of the call and onlineMeeting resources, to be in parity with the v1 version of these resources.

Devices and apps

Intune December updates

Identity and access

Teamwork

November 2019: New and generally available

Groups

  • Use delegated or application permissions, GroupMember.Read.All and GroupMember.ReadWrite.All, to list groups, read basic group properties, read (and update if read/write permission) the membership of the groups the app has access to.
  • Use the application permission, Group.Create, to create groups without a signed-in user.
  • For a specified group, check for membership in other groups or directory roles.

Identity and access

  • Register applications that authenticate with Azure Active Directory (Azure AD). Use delegated permissions, Application.Read.All and Application.ReadWrite.All, or application permission, Application.Read.All, as appropriate.
  • For a specified device, check for membership in other groups or directory roles.

Mail

  • Use the conversationIndex property to get the position of a message in an Outlook email conversation.
  • Use the delegated permission, Mail.ReadBasic, and application permission, Mail.ReadBasic.All, to get message or mail folder resources, track their changes, and manage subscriptions for change notifications on messages.

Users

  • Check for group memberships for a specified user.
  • Use the creationType property to find how a user account was created, for example, whether the account was created as a regular school or work account or as an external account, etc.

November 2019: New in preview

Calendar

Cloud communication

The call resource type supports the following additional features:

Devices and apps

Intune November updates

Education

Administrators can enable class-wide settings through the classSettings property of the team associated with the class. Currently, there is a setting to notify guardians about weekly assignments.

Identity and access

  • Use the application permission, Policy.Read.All, to read all your organization's conditional access policies and named locations, without a signed-in user present.
  • Allow a conditional access policy to be in a report-only state, enabledForReportingButNotEnforced.
  • Use the delegated permission, ThreatAssessment.ReadWrite.All, or application permission, ThreatAssessment.Read.All, to read (or create, if read/write permission) requests to assess threats in an organization.

Mail

Use the delegated permission, Mail.ReadBasic, and application permission, Mail.ReadBasic.All, to manage subscriptions for change notifications on the message resource.

Notifications

Use the new light-weight notifications web SDK in place of the Project Rome SDK, to take advantage of an improved authentication model and support for web apps using web push.

People and workplace intelligence

Debut of the profile resource which is a rich representation of the next generation of people entities in Microsoft services. This resource relates to common and practical people attributes, including information for any meaningful dates such as anniversaries, education, employment positions, interests, language and skill proficiencies, project participation, web site association, and other account and contact information.

Search

Debut of the Microsoft Search API which allows app users to get more up-to-date, personalized, and relevant search results powered by Microsoft Graph. Use the query capability that by default, searches Outlook messages and events, and OneDrive and SharePoint files in the Microsoft cloud. Use connectors, available in the Microsoft Graph connectors gallery, to include search data outside of the Microsoft cloud. Alternatively, build your own connectors, index external custom items and files, and query specific external data sources.

Teamwork

Get the file resources associated with a team and channel by using the following HTTP request syntax:

HTTP 
GET /teams/{teamId}/channels/{channelId}/filesFolder

Users

Use the creationType property to find how a user account was created, for example, whether the account was created as a regular school or work account or as an external account, etc.

October 2019: New and generally available

Identity and access

Mail

Use the new message parameter to update any writeable message properties when replying to a message, for example, adding a recipient to the reply.

Microsoft Graph data connect

Developers and data scientists can now use tools to translate Office 365 data into Common Data Model format, making it schematically consistent with other Open Data Initiative (ODI)-ready datasets.

Microsoft Graph SDKs

  • Use chaos handlers in the JavaScript SDK to verify if an app is resilient to server failures that are tricky to initiate.
  • Read about making API calls using the SDKs.

Users

October 2019: New in preview

Calendar

  • Meeting organizers can allow invitees to propose alternate meeting times. When receiving a meeting response that includes a proposed alternate time, the organizer can decide to accept the proposal and update the meeting time.
  • Programmatic calendar sharing is in closer parity with the Outlook user experience. In addition to tracking the current user's permissions and sharing status for a calendar:
    • For each calendar, you can now manage the permissions of each user with whom the calendar is shared.
    • For each mailbox, you can now specify whether a delegate, mailbox owner, or both receive meeting messages and meeting responses.
  • Additional online meeting support:
    • For each calendar, specify the allowed and the default online meeting providers.
    • Create or update an event to be available online, and provide details for attendees to join the meeting online.
    • In particular, use the new onlineMeetingProvider and onlineMeeting properties of event to set or identify Microsoft Teams as an online meeting provider, a workaround for a known issue with the onlineMeetingUrl property.

Devices and apps

Intune October updates

Graph Explorer

Try the next version of Graph Explorer and see handy contextual information such as permissions, access tokens, and SDK code snippets in the new Permissions, Auth, and Snippets tabs. Use the Preview slider to switch between the production and new preview version of Graph Explorer.

Groups

  • Use the hideFromAddressLists and hideFromOutlookClients properties to control the visibility of a group in certain parts of the Outlook user interface or in an Outlook client.
  • Assign or remove licenses on users in a group.

Identity and access

  • Use conditional access policies to customize access rules for an organization. These rules consider signals about a user or a device identity, such as user or group membership, IP location, and behaviors such as attempts to access specific applications, and risky sign-in behaviors.
  • Use entitlement management to manage access to groups, applications, and SharePoint Online sites for users in and outside of an organization.
  • Add and remove password credentials for applications and service principals.
  • Manage Azure AD B2C trust framework policy keys.
  • Define Azure AD B2C user flow policies for sign in, sign up, combined sign up and sign in, password reset, and profile update.
  • Configure information protection labels to classify sensitivity for a user or tenant.
  • Existing apps using APIs for identity risk events should transition to those for risk detection in Azure AD Identity Protection. See the related blog post for more details and deprecation timeline.

Mail

Attach large files up to 150MB to a message instance, by creating an upload session, and iteratively uploading ranges of the file until all the bytes of the file have been uploaded.

Microsoft Graph Security API

  • Preview integration with RSA NetWitness, ServiceNow, and Splunk, to correlate and synchronize alerts, and improve threat protection and response.
  • New triggers added to the Microsoft Graph security connector and playbooks for Logic Apps and Flow. See playbook examples.
  • Support for sending threat indicators to Microsoft Defender for Endpoint to block or alert on threats using their own intelligence sources. Integrations with partners like ThreatConnect enable customers to send indicators directly from threat intelligence and automation solutions.

Notifications

  • Create and send notifications to all app clients on all device endpoints that a user is signed in to, without having to manage user-delegated permissions.
  • Use target policy endpoints on user notifications to specifically target notifications for the Windows, iOS, Android, or WebPush platform.
  • Specify a fall back policy on notifications for iOS endpoints, to send high-priority raw notifications that might not be delivered to devices otherwise due to platform specific restrictions, such as battery saver mode.

 

PowerShell SDK

Developers and IT professionals can note the coming of the Microsoft Graph Powershell SDK, which will generate modules that contain cmdlets to make Microsoft Graph REST API requests.

September 2019: New and generally available

Calendar, mail, and group

Get the raw content of a file, or the MIME content of an item that has been added as an attachment to an event, message, or group post.

Calendar, mail, Outlook task, personal contact

Use the translateExchangeId function to convert an Outlook item ID between supported formats, including the Microsoft Graph default ID format and immutable ID format.

The following resources support ID format conversion:

Mail

Get the MIME content of a message.

Microsoft Graph Toolkit

Use the Microsoft Graph Toolkit to develop production apps that offer a consistent Microsoft 365 look-and-feel, and save time in authenticating and accessing data from Microsoft Graph.

September 2019: New in preview

Importante

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

Intune September updates

Files

  • Enhanced synchronization support:

    • Use the new pendingOperations property to identify operations that may affect the binary content of a driveItem.
    • Restore a deleted driveItem.

  • Use Secure Hash Algorithm (SHA-256) to enhance file data security and integrity.

  • Get or set the orientation of a photo. Setting is supported on OneDrive Personal.

Identity and access

  • Use the new identities property and get the identities that a user can use to sign in to an account. Identities can be provided by organizations, or social identity providers such as Facebook, Google, and Microsoft.

  • Incremental enhancements for synchronizing identities in a cloud application for a tenant:

Teamwork

Use the General channel of a team, or customize member settings to let team members create private channels in the team.

Users

  • Get or update the identities with which a user can sign in to an account. These identities can be provided by business organizations, or by social identity providers such as Facebook, Google, and Microsoft.
  • Get or update a user's preferred date and time format settings for the mailbox.

August 2019: New and generally available

Reports

Security

August 2019: New in preview

Importante

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

Intune August updates

Education

  • Associate a teacher or assignment with a grading rubric to account for specific qualities and levels in assignments. An example of a quality is spelling and grammar, and examples of levels are "good" and "poor". You can further associate points and weights to the rubric. For more information, see education rubric overview.
  • Evaluate an assignment and present the results in terms of feedback, a numeric grade, or rubric.

Files

Up until this point, you have been able to follow a driveItem for convenient access, or for faciliating actions such as move, copy, and save-as. You can now use the unfollow action to stop following such drive items.

Identity and access

  • Providers of role-based access control (RBAC) can manage roles in Azure Active Directory, by defining role actions that can be performed on specific resources, and assigning roles to users based on such role definitions, giving them the corresponding access to those resources.
  • Administrators can list access reviews to efficiently facilitate reviewing group memberships, access to enterprise applications, and role assignments. Regular access reviews make sure only the appropriate people have continued access to resources in specific ways.

Social and workplace intelligence

End users have been able to use the Microsoft 365 MyAnalytics app to get insights on managing time, collaboration at work, and work-life balance. Now, you can use the analytics API to integrate data on time spent on work activities such as calls, chats, and email, to help improve a user's productivity and wellbeing.

July 2019: New and generally available

Example code snippets

There are now Objective-C code snippets in all API topics in the v1.0 and beta references. See the Objective-C example for getting an event.

Group

  • Use the validateProperties function to make sure the display name or mail nickname of an existing Microsoft 365 group complies with naming policies.
  • Alternatively, before creating the group, you can use the validateProperties function for a directoryObject to validate the names first.

Identity and access

July 2019: New in preview

Importante

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Calendar

Use the new places API to make use of rich location types such as room and room list, as set up by Exchange Online administrators.

Devices and apps

Intune July updates

Files

Apply expiration date/time or password when creating a sharing link to a file, folder, or some other driveItem.

Identity and access

Mail

Use more granular application permission, Mail.ReadBasic.All, to read a user's mailbox except for any message body, preview body, attachments, and extended properties, and except for searching the mailbox. Now applicable to mailFolder and change tracking for message and mailFolder.

Reports

Teamwork

May - June, 2019: New and generally available

Calendar, mail, and personal contacts

Exchange administrators can grant application permissions to an app and limit the app to access only a subset of mailboxes, instead of the default which is access to all mailboxes in the organization. Such restricted access would apply to any application permissions granted to the app for calendars, contacts, and mail and mailbox settings. See related blog announcement.

Mail

Use mail search folders API to search messages and access Outlook email search results. See related blog announcement.

Postman

As an alternative to Graph Explorer, try the Microsoft Graph API on the Microsoft Graph Postman collection to learn the API behavior and speed up app development.

Tutorials

Try the new tutorial to build a Java console app to get information about a user calendar.

User

Administrators or users can revoke all issued refresh tokens for a user. This is usually used to prevent apps on a lost or stolen device from accessing an organization's data.

May - June, 2019: New in preview

Importante

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

  • Intune May updates
  • Intune June updates

Education

Group

Get sensitivity labels to help protect sensitive data of a Microsoft 365 group and meet compliance policies. These labels are assignedLabel objects, published by administrators in Microsoft 365 Security & Compliance Center, as part of Microsoft Purview Information Protection capabilities.

Identity and access

  • Get an instance of an application, or add an instance from the Azure AD application gallery into your directory as a template.
  • Get a log of all directory provisioning events in a tenant.
  • Get information about detected user or sign-in risks in an Azure AD environment. This risk detection functionality is part of Azure AD Identity Protection.

Mail

Use more granular delegated permission, Mail.ReadBasic, to read a user's mailbox except for any message body, preview body, attachments, and extended properties, and except for searching the mailbox. Available to read methods of mailFolder, and change tracking for message and mailFolder.

Microsoft Graph toolkit

The Microsoft Graph toolkit is a set of framework-agnostic web components and helpers that provides convenience to authenticate and access data in Microsoft Graph. Because the Microsoft Graph toolkit is in preview status, use toolkit providers and components in only non-production apps.

Reports

Sites

Let users follow or unfollow SharePoint sites.

Teamwork

January - April, 2019: New and generally available

Microsoft Graph data connect

Calendar

Get free-busy schedule

Identity and access

Identity providers Improved auth guides Migrating apps from Azure AD Graph to Microsoft Graph

SDKs

SDK guides

API snippets (example)

Security

Tenant secure score

January - April, 2019: New in preview

Calendar, group, mail, to-do tasks

Get raw/MIME content of file or item attachments in an event, message, Outlook task, or group post

Change notifications

Reduce missing change notifications

Devices and apps

Files

Sharing invitation includes expiration and password

Financials

Dynamics 365 Business Central

Identity and access

Access reviews support application permissions Audit and sign-in logs Custom sign-in and sign-up in Azure AD B2C Risky user and history

Mail

Get MIME content of messages

Reports

Application sign-in reports

Security

Security actions Threat indicators

Teamwork

1:1 chats Shifts management

Related content