diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json index d89796f58c9..ff261c08868 100644 --- a/.openpublishing.publish.config.json +++ b/.openpublishing.publish.config.json @@ -47,12 +47,6 @@ "branch": "main", "branch_mapping": {} }, - { - "path_to_root": "azure_docs", - "url": "https://github.com/MicrosoftDocs/azure-docs/", - "branch": "main", - "branch_mapping": {} - }, { "path_to_root": "entra_docs", "url": "https://github.com/MicrosoftDocs/entra-docs/", diff --git a/api-reference/beta/api/delegatedadmincustomer-list-servicemanagementdetails.md b/api-reference/beta/api/delegatedadmincustomer-list-servicemanagementdetails.md index 8c253600b3b..88530e700a5 100644 --- a/api-reference/beta/api/delegatedadmincustomer-list-servicemanagementdetails.md +++ b/api-reference/beta/api/delegatedadmincustomer-list-servicemanagementdetails.md @@ -12,7 +12,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Get a list of the [delegatedAdminServiceManagementDetail](../resources/delegatedAdminServiceManagementDetail.md) objects and their properties. +Get a list of the [delegatedAdminServiceManagementDetail](../resources/delegatedadminservicemanagementdetail.md) objects and their properties. [!INCLUDE [national-cloud-support](../../includes/global-only.md)] @@ -33,7 +33,7 @@ GET /tenantRelationships/delegatedAdminCustomers/{delegatedAdminCustomerId}/serv ``` ## Optional query parameters -This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). +This method doesn't support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). ## Request headers |Name|Description| @@ -45,12 +45,14 @@ Don't supply a request body for this method. ## Response -If successful, this method returns a `200 OK` response code and a collection of [delegatedAdminServiceManagementDetail](../resources/delegatedAdminServiceManagementDetail.md) objects in the response body. +If successful, this method returns a `200 OK` response code and a collection of [delegatedAdminServiceManagementDetail](../resources/delegatedadminservicemanagementdetail.md) objects in the response body. ## Examples ### Request +The following example shows a request. + # [HTTP](#tab/http) ```http POST /education/classes/{id}/modules/{id}/unpin - ``` + ## Request headers | Header | Value | |:---------------|:--------| @@ -40,13 +40,13 @@ POST /education/classes/{id}/modules/{id}/unpin Don't supply a request body for this method. ## Response -If successful, this method returns a `200 Ok` response code and an [educationModule](../resources/educationmodule.md) object in the response body. +If successful, this method returns a `200 OK` response code and an [educationModule](../resources/educationmodule.md) object in the response body. ## Example The following example shows how to call this API. ### Request -The following is an example of a request. +The following example shows a request. # [HTTP](#tab/http) ```http -HTTP/1.1 200 Ok +HTTP/1.1 200 OK { "@odata.context": "https://graph.microsoft.com/$metadata#educationModule", diff --git a/api-reference/beta/api/federatedtokenvalidationpolicy-get.md b/api-reference/beta/api/federatedtokenvalidationpolicy-get.md new file mode 100644 index 00000000000..389d4c44db1 --- /dev/null +++ b/api-reference/beta/api/federatedtokenvalidationpolicy-get.md @@ -0,0 +1,90 @@ +--- +title: "Get federatedTokenValidationPolicy" +description: "Read the properties and relationships of a federatedTokenValidationPolicy object." +author: "rahul-nagraj" +ms.localizationpriority: medium +ms.prod: "identity-and-sign-in" +doc_type: apiPageType +--- + +# Get federatedTokenValidationPolicy +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +Read the properties and relationships of a [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object. + +## Permissions +Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference). + + +[!INCLUDE [permissions-table](../includes/permissions/federatedtokenvalidationpolicy-get-permissions.md)] + +## HTTP request + + +``` http +GET /policies/federatedTokenValidationPolicy +``` + +## Optional query parameters +This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). + +## Request headers +|Name|Description| +|:---|:---| +|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).| + +## Request body +Don't supply a request body for this method. + +## Response + +If successful, this method returns a `200 OK` response code and a [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object in the response body. + +## Examples + +### Request +The following example shows a request. + +``` http +GET https://graph.microsoft.com/beta/policies/federatedTokenValidationPolicy +``` + +### Response +The following example shows the response +>**Note:** The response object shown here might be shortened for readability. + +``` http +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "value": { + "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy", + "id": "932b8f7f-68c1-6fe5-59ab-56e1ff752f30", + "deletedDateTime": "2023-08-25T07:44:46.2616778Z", + "validatingDomains": { + "@odata.type": "microsoft.graph.validatingDomains", + "rootDomains": "enumerated", + "domainNames": ["contoso.com","fabrikam.com"] + } + } +} +``` diff --git a/api-reference/beta/api/federatedtokenvalidationpolicy-update.md b/api-reference/beta/api/federatedtokenvalidationpolicy-update.md new file mode 100644 index 00000000000..1f6b72e7622 --- /dev/null +++ b/api-reference/beta/api/federatedtokenvalidationpolicy-update.md @@ -0,0 +1,102 @@ +--- +title: "Update federatedTokenValidationPolicy" +description: "Update the properties of a federatedTokenValidationPolicy object." +author: "rahul-nagraj" +ms.localizationpriority: medium +ms.prod: "identity-and-sign-in" +doc_type: apiPageType +--- + +# Update federatedTokenValidationPolicy +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +Update the properties of a [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object. + +## Permissions +Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference). + + +[!INCLUDE [permissions-table](../includes/permissions/federatedtokenvalidationpolicy-update-permissions.md)] + +## HTTP request + + +``` http +PUT /policies/federatedTokenValidationPolicy +``` + +## Request headers +|Name|Description| +|:---|:---| +|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).| +|Content-Type|application/json. Required.| + +## Request body +[!INCLUDE [table-intro](../../includes/update-property-table-intro.md)] + +|Property|Type|Description| +|:---|:---|:---| +|validatingDomains|[validatingDomains](../resources/validatingdomains.md)|Verified domains that Microsoft Entra validates whether the federated account's root domain matches with the mapped Microsoft Entra account's root domain. Required.| + + + +## Response + +If successful, this method returns a `200 OK` response code and an updated [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object in the response body. + +## Examples + +### Request +The following example shows a request. + +``` http +PUT https://graph.microsoft.com/beta/policies/federatedTokenValidationPolicy +Content-Type: application/json + +{ + "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy", + "deletedDateTime": "String (timestamp)", + "validatingDomains": { + "@odata.type": "microsoft.graph.validatingDomains", + "rootDomains": "enumerated", + "domainNames": ["contoso.com","fabrikam.com"] + } +} +``` + +### Response +The following example shows the response +>**Note:** The response object shown here might be shortened for readability. + +``` http +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy", + "id": "932b8f7f-68c1-6fe5-59ab-56e1ff752f30", + "deletedDateTime": "2023-08-25T07:44:46.2616778Z", + "validatingDomains": { + "@odata.type": "microsoft.graph.validatingDomains" + } +} +``` + diff --git a/api-reference/beta/api/peopleadminsettings-list-profilecardproperties.md b/api-reference/beta/api/peopleadminsettings-list-profilecardproperties.md index 9736623ce15..b51dc714154 100644 --- a/api-reference/beta/api/peopleadminsettings-list-profilecardproperties.md +++ b/api-reference/beta/api/peopleadminsettings-list-profilecardproperties.md @@ -60,7 +60,6 @@ If successful, this method returns a `200 OK` response code and a collection of The following example shows a request. -# [HTTP](#tab/http) +[!INCLUDE [permissions-table](../includes/permissions/policyroot-list-federatedtokenvalidationpolicy-permissions.md)] + +## HTTP request + + +``` http +GET /policies/federatedTokenValidationPolicy +``` + +## Optional query parameters +This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). + +## Request headers +|Name|Description| +|:---|:---| +|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).| + +## Request body +Don't supply a request body for this method. + +## Response + +If successful, this method returns a `200 OK` response code and a collection of [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) objects in the response body. + +## Examples + +### Request +The following example shows a request. + +``` http +GET https://graph.microsoft.com/beta/policies/federatedTokenValidationPolicy +``` + +### Response +The following example shows the response +>**Note:** The response object shown here might be shortened for readability. + +``` http +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "value": [ + { + "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy", + "id": "932b8f7f-68c1-6fe5-59ab-56e1ff752f30", + "deletedDateTime": "2023-08-25T07:44:46.2616778Z", + "validatingDomains": { + "@odata.type": "microsoft.graph.validatingDomains" + } + } + ] +} +``` + diff --git a/api-reference/beta/api/profilecardproperty-get.md b/api-reference/beta/api/profilecardproperty-get.md index 9fc7f8fc263..79a0a73c864 100644 --- a/api-reference/beta/api/profilecardproperty-get.md +++ b/api-reference/beta/api/profilecardproperty-get.md @@ -38,7 +38,7 @@ GET /admin/people/profileCardProperties/{id} ## Optional query parameters -This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters). +This method doesn't support OData query parameters to customize the response. For general information, see [OData query parameters](/graph/query-parameters). ## Request headers @@ -60,7 +60,6 @@ If successful, this method returns a `200 OK` response code and the requested [p The following example shows a request. -# [HTTP](#tab/http) +``` json +{ + "@odata.type": "#microsoft.graph.allDomains", + "rootDomains": "String" +} +``` diff --git a/api-reference/beta/resources/columnLink.md b/api-reference/beta/resources/columnlink.md similarity index 57% rename from api-reference/beta/resources/columnLink.md rename to api-reference/beta/resources/columnlink.md index c691dc12e63..911435b4ff1 100644 --- a/api-reference/beta/resources/columnLink.md +++ b/api-reference/beta/resources/columnlink.md @@ -1,14 +1,14 @@ --- -author: daspek -description: A columnLink on a contentType attaches a site columnDefinition to that content type. +author: "daspek" +description: "A columnLink on a contentType attaches a site columnDefinition to that content type." ms.date: 09/12/2017 -title: ColumnLink +title: "columnLink resource type" ms.localizationpriority: medium doc_type: resourcePageType -ms.prod: sites-and-lists +ms.prod: "sites-and-lists" --- -# ColumnLink resource type +# columnLink resource type Namespace: microsoft.graph @@ -18,25 +18,26 @@ A **columnLink** on a [contentType][] attaches a site **columnDefinition** to th [contentType]: contenttype.md +## Properties + +| Property | Type | Description | +| :------- | :----- | :---------------------------------------- | +| id | String | The unique identifier for the column. | +| name | String | The name of the column in this content type. | + ## JSON representation -Here is a JSON representation of a **columnLink** resource. +The following JSON representation shows the resource type. ```json { - "id": "string", - "name": "string" + "id": "String (identifier)", + "name": "String" } ``` -## Properties - -| Property | Type | Description | -| :------- | :----- | :-------------------------------------------- | -| **id** | string | The unique identifier for the column. | -| **name** | string | The name of the column in this content type. | -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/delegatedadminservicemanagementdetail.md b/api-reference/beta/resources/delegatedadminservicemanagementdetail.md index 639041171aa..133951c057b 100644 --- a/api-reference/beta/resources/delegatedadminservicemanagementdetail.md +++ b/api-reference/beta/resources/delegatedadminservicemanagementdetail.md @@ -18,21 +18,21 @@ Contains the management details of a service in the customer tenant that's manag ## Methods |Method|Return type|Description| |:---|:---|:---| -|[List delegatedAdminServiceManagementDetails](../api/delegatedadmincustomer-list-servicemanagementdetails.md)|[delegatedAdminServiceManagementDetail](delegatedadminservicemanagementdetail.md)|Get a list of the **delegatedAdminServiceManagementDetail** objects and their properties.| +|[List delegatedAdminServiceManagementDetails](../api/delegatedadmincustomer-list-servicemanagementdetails.md)|[delegatedAdminServiceManagementDetail](delegatedadminservicemanagementdetail.md) collection|Get a list of the **delegatedAdminServiceManagementDetail** objects and their properties.| ## Properties |Property|Type|Description| |:---|:---|:---| |id|String|The identifier of a managed service. Read-only.| -|serviceName|String|The name of a managed service. Read-only.| |serviceManagementUrl|String|The URL of the management portal for the managed service. Read-only.| +|serviceName|String|The name of a managed service. Read-only.| ## Relationships None. ## JSON representation -Here's a JSON representation of the resource. +The following JSON representation shows the resource type. +``` json +{ + "@odata.type": "#microsoft.graph.enumeratedDomains", + "rootDomains": "String", + "domainNames": [ + "String" + ] +} +``` diff --git a/api-reference/beta/resources/enums.md b/api-reference/beta/resources/enums.md index 510a65ca99a..0f67bc25f7e 100644 --- a/api-reference/beta/resources/enums.md +++ b/api-reference/beta/resources/enums.md @@ -4285,6 +4285,18 @@ Possible values for user account types (group membership), per Windows definitio |tenant| |unknownFutureValue| +### rootDomains values + +| Member| +|:---| +|none| +|all| +|allFederated| +|allManaged| +|enumerated| +|allManagedAndEnumeratedFederated| +|unknownFutureValue| + ### allowedRolePrincipalTypes values |Member| diff --git a/api-reference/beta/resources/federatedtokenvalidationpolicy.md b/api-reference/beta/resources/federatedtokenvalidationpolicy.md new file mode 100644 index 00000000000..1d881d510c8 --- /dev/null +++ b/api-reference/beta/resources/federatedtokenvalidationpolicy.md @@ -0,0 +1,57 @@ +--- +title: "federatedTokenValidationPolicy resource type" +description: "Represents a policy to control enabling or disabling validation of federation authentication tokens. It allows matching an on-premises federated account and a mapped Microsoft Entra ID account's root domain." +author: "rahul-nagraj" +ms.localizationpriority: medium +ms.prod: "identity-and-sign-in" +doc_type: resourcePageType +--- + +# federatedTokenValidationPolicy resource type + +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +Represents a policy to control enabling or disabling validation of federation authentication tokens. It allows matching an on-premises federated account and a mapped Microsoft Entra ID account's root domain. When enabled, Microsoft Entra ID rejects an authentication request if the on-premises federated account and the mapped Microsoft Entra ID account's root domain don't match. + +Inherits from [directoryObject](../resources/directoryobject.md). + +## Methods + +|Method|Return type|Description| +|:---|:---|:---| +|[List federatedTokenValidationPolicies](../api/policyroot-list-federatedtokenvalidationpolicy.md)|[federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) collection|Get a list of the [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) objects and their properties.| +|[Get federatedTokenValidationPolicy](../api/federatedtokenvalidationpolicy-get.md)|[federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md)|Read the properties and relationships of a [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object.| +|[Update federatedTokenValidationPolicy](../api/federatedtokenvalidationpolicy-update.md)|[federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md)|Update the properties of a [federatedTokenValidationPolicy](../resources/federatedtokenvalidationpolicy.md) object.| + +## Properties +|Property|Type|Description| +|:---|:---|:---| +|deletedDateTime|DateTimeOffset|Date and time when this object was deleted. Always `null` when the object wasn't deleted. Inherited from [directoryObject](../resources/directoryobject.md).| +|ID|String|The unique identifier for the object. Key. Not nullable. Read-only. Inherited from [directoryObject](../resources/directoryobject.md).| +|validatingDomains|[validatingDomains](../resources/validatingdomains.md)|Verified Microsoft Entra ID domains that Microsoft Entra ID validates that the federated account's root domain matches with the mapped Microsoft Entra account's root domain.| + +## Relationships +None. + +## JSON representation +The following JSON representation shows the resource type. + +``` json +{ + "@odata.type": "#microsoft.graph.federatedTokenValidationPolicy", + "id": "String (identifier)", + "deletedDateTime": "String (timestamp)", + "validatingDomains": { + "@odata.type": "microsoft.graph.validatingDomains" + } +} +``` diff --git a/api-reference/beta/resources/identitygovernance-overview.md b/api-reference/beta/resources/identitygovernance-overview.md index 25195b602fa..aafd707431c 100644 --- a/api-reference/beta/resources/identitygovernance-overview.md +++ b/api-reference/beta/resources/identitygovernance-overview.md @@ -6,7 +6,6 @@ author: "markwahl-msft" ms.prod: "governance" doc_type: conceptualPageType ms.date: 11/29/2022 -ms.custom: zt-include --- # Overview of Microsoft Entra ID Governance using Microsoft Graph @@ -63,7 +62,7 @@ The [terms of use APIs](/graph/api/resources/agreement) in Microsoft Graph allow -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/networkaccess-global-secure-access-api-overview.md b/api-reference/beta/resources/networkaccess-global-secure-access-api-overview.md index 61c26d289ff..aeaf3284184 100644 --- a/api-reference/beta/resources/networkaccess-global-secure-access-api-overview.md +++ b/api-reference/beta/resources/networkaccess-global-secure-access-api-overview.md @@ -5,7 +5,6 @@ author: Moti-ba ms.localizationpriority: medium ms.prod: global-secure-access doc_type: resourcePageType -ms.custom: zt-include --- # Secure access to cloud, public, and private apps using Microsoft Graph network access APIs (preview) @@ -103,7 +102,7 @@ The Global Secure Access services enable you to enrich the [Microsoft 365 audit -[!INCLUDE [zero-trust](~/../azure_docs/includes/active-directory-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/partners-billing-api-overview.md b/api-reference/beta/resources/partners-billing-api-overview.md index d07d51f9ad1..b7adac429bc 100644 --- a/api-reference/beta/resources/partners-billing-api-overview.md +++ b/api-reference/beta/resources/partners-billing-api-overview.md @@ -5,7 +5,6 @@ author: "sourishdeb" ms.localizationpriority: medium ms.prod: "reports" doc_type: resourcePageType -ms.custom: zt-include --- # Use the Microsoft Graph API to export partner billing data @@ -29,7 +28,7 @@ To export reconciliation data, the calling principal must be in the partner tena -[!INCLUDE [zero-trust](~/../azure_docs/includes/active-directory-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/permissions-management-api-overview.md b/api-reference/beta/resources/permissions-management-api-overview.md index 6504a688d0a..7636f278cfa 100644 --- a/api-reference/beta/resources/permissions-management-api-overview.md +++ b/api-reference/beta/resources/permissions-management-api-overview.md @@ -90,7 +90,7 @@ Other findings include: -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/policy-overview.md b/api-reference/beta/resources/policy-overview.md index 1102c66079d..6762cbdce37 100644 --- a/api-reference/beta/resources/policy-overview.md +++ b/api-reference/beta/resources/policy-overview.md @@ -14,7 +14,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Microsoft Entra ID uses policies to control Microsoft Entra feature behaviors in your organization. Policies are custom rules that you can enforce on applications, service principals, groups, or on the entire organization they are assigned to. +Microsoft Entra ID uses policies to control Microsoft Entra feature behaviors in your organization. Policies are custom rules that you can enforce on applications, service principals, groups, or on the entire organization they're assigned to. ## What policies are available? @@ -26,6 +26,7 @@ Microsoft Entra ID uses policies to control Microsoft Entra feature behaviors in | [authorizationPolicy](authorizationpolicy.md) | Represents a policy that can control authorization settings of Microsoft Entra ID. | Configure Microsoft Entra ID to block MSOL PowerShell in the tenant. | | [claimsMappingPolicies](claimsMappingPolicy.md) | Represents the claim-mapping policies for WS-Fed, SAML, OAuth 2.0, and OpenID Connect protocols, for tokens issued to a specific application. | Create and assign a policy to omit the basic claims from tokens issued to a service principal. | | [deviceRegistrationPolicy](deviceregistrationpolicy.md) | Represents the policy scope that controls quota restrictions, additional authentication, and authorization policies to register device identities to your organization. | Limit the number of devices that can be registered to a user in your organization or, specify users or groups that are allowed to register devices using **Microsoft Entra join** or **Microsoft Entra registered**. | +| [federatedTokenValidationPolicy](federatedtokenvalidationpolicy.md) | Represents a policy to control enabling or disabling validation of federation authentication tokens - matching an on-premises federated account and a mapped Microsoft Entra ID account's root domain. | Configure validation on tenants to check if the domain in the mapped Entra Id account matches the token issuer domain in a token post authentication from the federated IdP. | | [homeRealmDiscoveryPolicies](homeRealmDiscoveryPolicy.md) | Represents a policy to control Microsoft Entra authentication behavior for federated users, in particular for auto-acceleration and user authentication restrictions in federated domains. | Configure all users to skip home realm discovery and be routed directly to ADFS for authentication. | | [tokenLifetimePolicies](tokenlifetimepolicy.md) | Represents the lifetime duration of access tokens used to access protected resources. | Configure a particularly sensitive application with a shorter than default token lifetime. | | [tokenIssuancePolicy](tokenIssuancePolicy.md) | Represents the policy to specify the characteristics of SAML tokens issued by Microsoft Entra ID. | Configure the signing algorithm or SAML token version to be used to issue the SAML token. | diff --git a/api-reference/beta/resources/policyroot.md b/api-reference/beta/resources/policyroot.md index 43338fd796c..383147096f6 100644 --- a/api-reference/beta/resources/policyroot.md +++ b/api-reference/beta/resources/policyroot.md @@ -38,6 +38,7 @@ None | defaultAppManagementPolicy | [tenantAppManagementPolicy](tenantappmanagementpolicy.md) | The tenant-wide policy that enforces app management restrictions for all applications and service principals. | | externalIdentitiesPolicy | [externalIdentitiesPolicy](externalidentitiespolicy.md) | Represents the tenant-wide policy that controls whether guests can leave a Microsoft Entra tenant via self-service controls. | | featureRolloutPolicies | [featureRolloutPolicy](featurerolloutpolicy.md) collection | The feature rollout policy associated with a directory object. | +| federatedTokenValidationPolicy| [federatedTokenValidationPolicy](federatedtokenvalidationpolicy.md) | Represents a policy to control enabling or disabling validation of federation authentication tokens. | | homeRealmDiscoveryPolicies | [homeRealmDiscoveryPolicy](homerealmdiscoverypolicy.md) collection | The policy to control Microsoft Entra authentication behavior for federated users. | | identitySecurityDefaultsEnforcementPolicy | [identitySecurityDefaultsEnforcementPolicy](identitysecuritydefaultsenforcementpolicy.md) | The policy that represents the security defaults that protect against common attacks. | | mobileAppManagementPolicies | [mobilityManagementPolicy](mobilitymanagementpolicy.md) collection | The policy that defines autoenrollment configuration for a mobility management (MDM or MAM) application. | diff --git a/api-reference/beta/resources/privilegedidentitymanagement-for-groups-api-overview.md b/api-reference/beta/resources/privilegedidentitymanagement-for-groups-api-overview.md index 22dac9ea86a..2a610db1b91 100644 --- a/api-reference/beta/resources/privilegedidentitymanagement-for-groups-api-overview.md +++ b/api-reference/beta/resources/privilegedidentitymanagement-for-groups-api-overview.md @@ -114,7 +114,7 @@ When a principal's *temporary active* membership or ownership of a group expires -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/privilegedidentitymanagementv3-overview.md b/api-reference/beta/resources/privilegedidentitymanagementv3-overview.md index ff72a6a013e..0c2c324b2da 100644 --- a/api-reference/beta/resources/privilegedidentitymanagementv3-overview.md +++ b/api-reference/beta/resources/privilegedidentitymanagementv3-overview.md @@ -125,7 +125,7 @@ All activities made through PIM for Microsoft Entra roles are logged in Microsof -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/beta/resources/security-auditlogquery.md b/api-reference/beta/resources/security-auditlogquery.md index 9560710503a..8fffacc6f13 100644 --- a/api-reference/beta/resources/security-auditlogquery.md +++ b/api-reference/beta/resources/security-auditlogquery.md @@ -37,7 +37,7 @@ Inherits from [microsoft.graph.entity](../resources/entity.md). |keywordFilter|String|Free text field to search non-indexed properties of the audit log.| |objectIdFilters|String collection|For SharePoint and OneDrive for Business activity, the full path name of the file or folder accessed by the user. For Exchange admin audit logging, the name of the object that was modified by the cmdlet.| |operationFilters|String collection|The name of the user or admin activity. For a description of the most common operations/activities, see [Search the audit log in the Office 365 Protection Center](https://go.microsoft.com/fwlink/p/?LinkId=708432).| -|recordTypeFilter|microsoft.graph.security.auditLogRecordType|The type of operation indicated by the record. The possible values are: `exchangeAdmin`, `exchangeItem`, `exchangeItemGroup`, `sharePoint`, `syntheticProbe`, `sharePointFileOperation`, `oneDrive`, `azureActiveDirectory`, `azureActiveDirectoryAccountLogon`, `dataCenterSecurityCmdlet`, `complianceDLPSharePoint`, `sway`, `complianceDLPExchange`, `sharePointSharingOperation`, `azureActiveDirectoryStsLogon`, `skypeForBusinessPSTNUsage`, `skypeForBusinessUsersBlocked`, `securityComplianceCenterEOPCmdlet`, `exchangeAggregatedOperation`, `powerBIAudit`, `crm`, `yammer`, `skypeForBusinessCmdlets`, `discovery`, `microsoftTeams`, `threatIntelligence`, `mailSubmission`, `microsoftFlow`, `aeD`, `microsoftStream`, `complianceDLPSharePointClassification`, `threatFinder`, `project`, `sharePointListOperation`, `sharePointCommentOperation`, `dataGovernance`, `kaizala`, `securityComplianceAlerts`, `threatIntelligenceUrl`, `securityComplianceInsights`, `mipLabel`, `workplaceAnalytics`, `powerAppsApp`, `powerAppsPlan`, `threatIntelligenceAtpContent`, `labelContentExplorer`, `teamsHealthcare`, `exchangeItemAggregated`, `hygieneEvent`, `dataInsightsRestApiAudit`, `informationBarrierPolicyApplication`, `sharePointListItemOperation`, `sharePointContentTypeOperation`, `sharePointFieldOperation`, `microsoftTeamsAdmin`, `hrSignal`, `microsoftTeamsDevice`, `microsoftTeamsAnalytics`, `informationWorkerProtection`, `campaign`, `dlpEndpoint`, `airInvestigation`, `quarantine`, `microsoftForms`, `applicationAudit`, `complianceSupervisionExchange`, `customerKeyServiceEncryption`, `officeNative`, `mipAutoLabelSharePointItem`, `mipAutoLabelSharePointPolicyLocation`, `microsoftTeamsShifts`, `secureScore`, `mipAutoLabelExchangeItem`, `cortanaBriefing`, `search`, `wdatpAlerts`, `powerPlatformAdminDlp`, `powerPlatformAdminEnvironment`, `mdatpAudit`, `sensitivityLabelPolicyMatch`, `sensitivityLabelAction`, `sensitivityLabeledFileAction`, `attackSim`, `airManualInvestigation`, `securityComplianceRBAC`, `userTraining`, `airAdminActionInvestigation`, `mstic`, `physicalBadgingSignal`, `teamsEasyApprovals`, `aipDiscover`, `aipSensitivityLabelAction`, `aipProtectionAction`, `aipFileDeleted`, `aipHeartBeat`, `mcasAlerts`, `onPremisesFileShareScannerDlp`, `onPremisesSharePointScannerDlp`, `exchangeSearch`, `sharePointSearch`, `privacyDataMinimization`, `labelAnalyticsAggregate`, `myAnalyticsSettings`, `securityComplianceUserChange`, `complianceDLPExchangeClassification`, `complianceDLPEndpoint`, `mipExactDataMatch`, `msdeResponseActions`, `msdeGeneralSettings`, `msdeIndicatorsSettings`, `ms365DCustomDetection`, `msdeRolesSettings`, `mapgAlerts`, `mapgPolicy`, `mapgRemediation`, `privacyRemediationAction`, `privacyDigestEmail`, `mipAutoLabelSimulationProgress`, `mipAutoLabelSimulationCompletion`, `mipAutoLabelProgressFeedback`, `dlpSensitiveInformationType`, `mipAutoLabelSimulationStatistics`, `largeContentMetadata`, `microsoft365Group`, `cdpMlInferencingResult`, `filteringMailMetadata`, `cdpClassificationMailItem`, `cdpClassificationDocument`, `officeScriptsRunAction`, `filteringPostMailDeliveryAction`, `cdpUnifiedFeedback`, `tenantAllowBlockList`, `consumptionResource`, `healthcareSignal`, `dlpImportResult`, `cdpCompliancePolicyExecution`, `multiStageDisposition`, `privacyDataMatch`, `filteringDocMetadata`, `filteringEmailFeatures`, `powerBIDlp`, `filteringUrlInfo`, `filteringAttachmentInfo`, `coreReportingSettings`, `complianceConnector`, `powerPlatformLockboxResourceAccessRequest`, `powerPlatformLockboxResourceCommand`, `cdpPredictiveCodingLabel`, `cdpCompliancePolicyUserFeedback`, `webpageActivityEndpoint`, `omePortal`, `cmImprovementActionChange`, `filteringUrlClick`, `mipLabelAnalyticsAuditRecord`, `filteringEntityEvent`, `filteringRuleHits`, `filteringMailSubmission`, `labelExplorer`, `microsoftManagedServicePlatform`, `powerPlatformServiceActivity`, `scorePlatformGenericAuditRecord`, `filteringTimeTravelDocMetadata`, `alert`, `alertStatus`, `alertIncident`, `incidentStatus`, `case`, `caseInvestigation`, `recordsManagement`, `privacyRemediation`, `dataShareOperation`, `cdpDlpSensitive`, `ehrConnector`, `filteringMailGradingResult`, `publicFolder`, `privacyTenantAuditHistoryRecord`, `aipScannerDiscoverEvent`, `eduDataLakeDownloadOperation`, `m365ComplianceConnector`, `microsoftGraphDataConnectOperation`, `microsoftPurview`, `filteringEmailContentFeatures`, `powerPagesSite`, `powerAppsResource`, `plannerPlan`, `plannerCopyPlan`, `plannerTask`, `plannerRoster`, `plannerPlanList`, `plannerTaskList`, `plannerTenantSettings`, `projectForTheWebProject`, `projectForTheWebTask`, `projectForTheWebRoadmap`, `projectForTheWebRoadmapItem`, `projectForTheWebProjectSettings`, `projectForTheWebRoadmapSettings`, `quarantineMetadata`, `microsoftTodoAudit`, `timeTravelFilteringDocMetadata`, `teamsQuarantineMetadata`, `sharePointAppPermissionOperation`, `microsoftTeamsSensitivityLabelAction`, `filteringTeamsMetadata`, `filteringTeamsUrlInfo`, `filteringTeamsPostDeliveryAction`, `mdcAssessments`, `mdcRegulatoryComplianceStandards`, `mdcRegulatoryComplianceControls`, `mdcRegulatoryComplianceAssessments`, `mdcSecurityConnectors`, `mdaDataSecuritySignal`, `vivaGoals`, `filteringRuntimeInfo`, `attackSimAdmin`, `microsoftGraphDataConnectConsent`, `filteringAtpDetonationInfo`, `privacyPortal`, `managedTenants`, `unifiedSimulationMatchedItem`, `unifiedSimulationSummary`, `updateQuarantineMetadata`, `ms365DSuppressionRule`, `purviewDataMapOperation`, `filteringUrlPostClickAction`, `irmUserDefinedDetectionSignal`, `teamsUpdates`, `plannerRosterSensitivityLabel`, `ms365DIncident`, `filteringDelistingMetadata`, `complianceDLPSharePointClassificationExtended`, `microsoftDefenderForIdentityAudit`, `supervisoryReviewDayXInsight`, `defenderExpertsforXDRAdmin`, `cdpEdgeBlockedMessage`, `hostedRpa`, `cdpContentExplorerAggregateRecord`, `cdpHygieneAttachmentInfo`, `cdpHygieneSummary`, `cdpPostMailDeliveryAction`, `cdpEmailFeatures`, `cdpHygieneUrlInfo`, `cdpUrlClick`, `cdpPackageManagerHygieneEvent`, `filteringDocScan`, `timeTravelFilteringDocScan`, `mapgOnboard`, `unknownFutureValue`.| +|recordTypeFilters|String collection of microsoft.graph.security.auditLogRecordType|The type of operation indicated by the record. The possible values are: `exchangeAdmin`, `exchangeItem`, `exchangeItemGroup`, `sharePoint`, `syntheticProbe`, `sharePointFileOperation`, `oneDrive`, `azureActiveDirectory`, `azureActiveDirectoryAccountLogon`, `dataCenterSecurityCmdlet`, `complianceDLPSharePoint`, `sway`, `complianceDLPExchange`, `sharePointSharingOperation`, `azureActiveDirectoryStsLogon`, `skypeForBusinessPSTNUsage`, `skypeForBusinessUsersBlocked`, `securityComplianceCenterEOPCmdlet`, `exchangeAggregatedOperation`, `powerBIAudit`, `crm`, `yammer`, `skypeForBusinessCmdlets`, `discovery`, `microsoftTeams`, `threatIntelligence`, `mailSubmission`, `microsoftFlow`, `aeD`, `microsoftStream`, `complianceDLPSharePointClassification`, `threatFinder`, `project`, `sharePointListOperation`, `sharePointCommentOperation`, `dataGovernance`, `kaizala`, `securityComplianceAlerts`, `threatIntelligenceUrl`, `securityComplianceInsights`, `mipLabel`, `workplaceAnalytics`, `powerAppsApp`, `powerAppsPlan`, `threatIntelligenceAtpContent`, `labelContentExplorer`, `teamsHealthcare`, `exchangeItemAggregated`, `hygieneEvent`, `dataInsightsRestApiAudit`, `informationBarrierPolicyApplication`, `sharePointListItemOperation`, `sharePointContentTypeOperation`, `sharePointFieldOperation`, `microsoftTeamsAdmin`, `hrSignal`, `microsoftTeamsDevice`, `microsoftTeamsAnalytics`, `informationWorkerProtection`, `campaign`, `dlpEndpoint`, `airInvestigation`, `quarantine`, `microsoftForms`, `applicationAudit`, `complianceSupervisionExchange`, `customerKeyServiceEncryption`, `officeNative`, `mipAutoLabelSharePointItem`, `mipAutoLabelSharePointPolicyLocation`, `microsoftTeamsShifts`, `secureScore`, `mipAutoLabelExchangeItem`, `cortanaBriefing`, `search`, `wdatpAlerts`, `powerPlatformAdminDlp`, `powerPlatformAdminEnvironment`, `mdatpAudit`, `sensitivityLabelPolicyMatch`, `sensitivityLabelAction`, `sensitivityLabeledFileAction`, `attackSim`, `airManualInvestigation`, `securityComplianceRBAC`, `userTraining`, `airAdminActionInvestigation`, `mstic`, `physicalBadgingSignal`, `teamsEasyApprovals`, `aipDiscover`, `aipSensitivityLabelAction`, `aipProtectionAction`, `aipFileDeleted`, `aipHeartBeat`, `mcasAlerts`, `onPremisesFileShareScannerDlp`, `onPremisesSharePointScannerDlp`, `exchangeSearch`, `sharePointSearch`, `privacyDataMinimization`, `labelAnalyticsAggregate`, `myAnalyticsSettings`, `securityComplianceUserChange`, `complianceDLPExchangeClassification`, `complianceDLPEndpoint`, `mipExactDataMatch`, `msdeResponseActions`, `msdeGeneralSettings`, `msdeIndicatorsSettings`, `ms365DCustomDetection`, `msdeRolesSettings`, `mapgAlerts`, `mapgPolicy`, `mapgRemediation`, `privacyRemediationAction`, `privacyDigestEmail`, `mipAutoLabelSimulationProgress`, `mipAutoLabelSimulationCompletion`, `mipAutoLabelProgressFeedback`, `dlpSensitiveInformationType`, `mipAutoLabelSimulationStatistics`, `largeContentMetadata`, `microsoft365Group`, `cdpMlInferencingResult`, `filteringMailMetadata`, `cdpClassificationMailItem`, `cdpClassificationDocument`, `officeScriptsRunAction`, `filteringPostMailDeliveryAction`, `cdpUnifiedFeedback`, `tenantAllowBlockList`, `consumptionResource`, `healthcareSignal`, `dlpImportResult`, `cdpCompliancePolicyExecution`, `multiStageDisposition`, `privacyDataMatch`, `filteringDocMetadata`, `filteringEmailFeatures`, `powerBIDlp`, `filteringUrlInfo`, `filteringAttachmentInfo`, `coreReportingSettings`, `complianceConnector`, `powerPlatformLockboxResourceAccessRequest`, `powerPlatformLockboxResourceCommand`, `cdpPredictiveCodingLabel`, `cdpCompliancePolicyUserFeedback`, `webpageActivityEndpoint`, `omePortal`, `cmImprovementActionChange`, `filteringUrlClick`, `mipLabelAnalyticsAuditRecord`, `filteringEntityEvent`, `filteringRuleHits`, `filteringMailSubmission`, `labelExplorer`, `microsoftManagedServicePlatform`, `powerPlatformServiceActivity`, `scorePlatformGenericAuditRecord`, `filteringTimeTravelDocMetadata`, `alert`, `alertStatus`, `alertIncident`, `incidentStatus`, `case`, `caseInvestigation`, `recordsManagement`, `privacyRemediation`, `dataShareOperation`, `cdpDlpSensitive`, `ehrConnector`, `filteringMailGradingResult`, `publicFolder`, `privacyTenantAuditHistoryRecord`, `aipScannerDiscoverEvent`, `eduDataLakeDownloadOperation`, `m365ComplianceConnector`, `microsoftGraphDataConnectOperation`, `microsoftPurview`, `filteringEmailContentFeatures`, `powerPagesSite`, `powerAppsResource`, `plannerPlan`, `plannerCopyPlan`, `plannerTask`, `plannerRoster`, `plannerPlanList`, `plannerTaskList`, `plannerTenantSettings`, `projectForTheWebProject`, `projectForTheWebTask`, `projectForTheWebRoadmap`, `projectForTheWebRoadmapItem`, `projectForTheWebProjectSettings`, `projectForTheWebRoadmapSettings`, `quarantineMetadata`, `microsoftTodoAudit`, `timeTravelFilteringDocMetadata`, `teamsQuarantineMetadata`, `sharePointAppPermissionOperation`, `microsoftTeamsSensitivityLabelAction`, `filteringTeamsMetadata`, `filteringTeamsUrlInfo`, `filteringTeamsPostDeliveryAction`, `mdcAssessments`, `mdcRegulatoryComplianceStandards`, `mdcRegulatoryComplianceControls`, `mdcRegulatoryComplianceAssessments`, `mdcSecurityConnectors`, `mdaDataSecuritySignal`, `vivaGoals`, `filteringRuntimeInfo`, `attackSimAdmin`, `microsoftGraphDataConnectConsent`, `filteringAtpDetonationInfo`, `privacyPortal`, `managedTenants`, `unifiedSimulationMatchedItem`, `unifiedSimulationSummary`, `updateQuarantineMetadata`, `ms365DSuppressionRule`, `purviewDataMapOperation`, `filteringUrlPostClickAction`, `irmUserDefinedDetectionSignal`, `teamsUpdates`, `plannerRosterSensitivityLabel`, `ms365DIncident`, `filteringDelistingMetadata`, `complianceDLPSharePointClassificationExtended`, `microsoftDefenderForIdentityAudit`, `supervisoryReviewDayXInsight`, `defenderExpertsforXDRAdmin`, `cdpEdgeBlockedMessage`, `hostedRpa`, `cdpContentExplorerAggregateRecord`, `cdpHygieneAttachmentInfo`, `cdpHygieneSummary`, `cdpPostMailDeliveryAction`, `cdpEmailFeatures`, `cdpHygieneUrlInfo`, `cdpUrlClick`, `cdpPackageManagerHygieneEvent`, `filteringDocScan`, `timeTravelFilteringDocScan`, `mapgOnboard`, `unknownFutureValue`.| |serviceFilter|String|The Office 365 service where the activity occurred.| |status|microsoft.graph.security.auditLogQueryStatus|Describes the current status of the query. The possible values are: `notStarted`, `running`, `succeeded`, `failed`, `cancelled`, `unknownFutureValue`.| |userPrincipalNameFilters|String collection|The UPN (user principal name) of the user who performed the action (specified in the operation property) that resulted in the record being logged; for example, _my_name@my_domain_name_.| @@ -86,4 +86,4 @@ The following JSON representation shows the resource type. ], "status": "String" } -``` \ No newline at end of file +``` diff --git a/api-reference/beta/resources/validatingdomains.md b/api-reference/beta/resources/validatingdomains.md new file mode 100644 index 00000000000..4a6e7fc7ef9 --- /dev/null +++ b/api-reference/beta/resources/validatingdomains.md @@ -0,0 +1,39 @@ +--- +title: "validatingDomains resource type" +description: "Defines the types of domains to which the federated token validation applies." +author: "rahul-nagraj" +ms.localizationpriority: medium +ms.prod: "identity-and-sign-in" +doc_type: resourcePageType +--- + +# validatingDomains resource type + +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +Defines the types of domains to which the federated token validation applies. +This object is an abstract type from which the [allDomains](../resources/alldomains.md) and [enumeratedDomains](../resources/enumerateddomains.md) resources derive. + +## Properties +|Property|Type|Description| +|:---|:---|:---| +|rootDomains|rootDomains|Defines the types of domains to which the validation applies. The possible values are: `none`, `all`, `allFederated`, `allManaged`, `enumerated`, `allManagedAndEnumeratedFederated`, `unknownFutureValue`.| + +## Relationships +None. + +## JSON representation +The following JSON representation shows the resource type. + +``` json +{ + "@odata.type": "#microsoft.graph.validatingDomains", + "rootDomains": "String" +} +``` \ No newline at end of file diff --git a/api-reference/beta/resources/verifieddomain.md b/api-reference/beta/resources/verifieddomain.md index 34ea5aeddd1..8a45cc03599 100644 --- a/api-reference/beta/resources/verifieddomain.md +++ b/api-reference/beta/resources/verifieddomain.md @@ -17,6 +17,7 @@ Specifies a domain for a tenant. The **verifiedDomains** property of the [organi ## Properties + | Property | Type | Description | |:-------------|:--------|:-------------------------------------------------------------------------------------| | capabilities | String | For example, `Email`, `OfficeCommunicationsOnline`. | @@ -27,7 +28,7 @@ Specifies a domain for a tenant. The **verifiedDomains** property of the [organi ## JSON representation -Here's a JSON representation of the resource +The following JSON representation shows the resource type. ```http -HTTP/1.1 200 Ok +HTTP/1.1 200 OK { "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#educationModule", diff --git a/api-reference/v1.0/api/peopleadminsettings-list-profilecardproperties.md b/api-reference/v1.0/api/peopleadminsettings-list-profilecardproperties.md index e0220563a84..bc615b53a86 100644 --- a/api-reference/v1.0/api/peopleadminsettings-list-profilecardproperties.md +++ b/api-reference/v1.0/api/peopleadminsettings-list-profilecardproperties.md @@ -56,7 +56,6 @@ If successful, this method returns a `200 OK` response code and a collection of The following example shows a request. -# [HTTP](#tab/http) -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/v1.0/resources/delegatedadminservicemanagementdetail.md b/api-reference/v1.0/resources/delegatedadminservicemanagementdetail.md index c6e6f699f4f..730b3ecb6ad 100644 --- a/api-reference/v1.0/resources/delegatedadminservicemanagementdetail.md +++ b/api-reference/v1.0/resources/delegatedadminservicemanagementdetail.md @@ -16,21 +16,21 @@ Contains the management details of a service in the customer tenant that's manag ## Methods |Method|Return type|Description| |:---|:---|:---| -|[List delegatedAdminServiceManagementDetails](../api/delegatedadmincustomer-list-servicemanagementdetails.md)|[delegatedAdminServiceManagementDetail](delegatedadminservicemanagementdetail.md)|Get a list of the **delegatedAdminServiceManagementDetail** objects and their properties.| +|[List delegatedAdminServiceManagementDetails](../api/delegatedadmincustomer-list-servicemanagementdetails.md)|[delegatedAdminServiceManagementDetail](delegatedadminservicemanagementdetail.md) collection|Get a list of the **delegatedAdminServiceManagementDetail** objects and their properties.| ## Properties |Property|Type|Description| |:---|:---|:---| |id|String|The identifier of a managed service. Read-only.| -|serviceName|String|The name of a managed service. Read-only.| |serviceManagementUrl|String|The URL of the management portal for the managed service. Read-only.| +|serviceName|String|The name of a managed service. Read-only.| ## Relationships None. ## JSON representation -Here's a JSON representation of the resource. +The following JSON representation shows the resource type. -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/v1.0/resources/partners-billing-api-overview.md b/api-reference/v1.0/resources/partners-billing-api-overview.md index c26ad368900..4fb4f4c965e 100644 --- a/api-reference/v1.0/resources/partners-billing-api-overview.md +++ b/api-reference/v1.0/resources/partners-billing-api-overview.md @@ -5,7 +5,6 @@ author: "sourishdeb" ms.localizationpriority: medium ms.prod: "reports" doc_type: resourcePageType -ms.custom: zt-include --- # Use the Microsoft Graph API to export partner billing data @@ -27,7 +26,7 @@ To export reconciliation data, the calling principal must be in the partner tena -[!INCLUDE [zero-trust](~/../azure_docs/includes/active-directory-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/v1.0/resources/privilegedidentitymanagement-for-groups-api-overview.md b/api-reference/v1.0/resources/privilegedidentitymanagement-for-groups-api-overview.md index 2593c4e7394..964560cc16a 100644 --- a/api-reference/v1.0/resources/privilegedidentitymanagement-for-groups-api-overview.md +++ b/api-reference/v1.0/resources/privilegedidentitymanagement-for-groups-api-overview.md @@ -114,7 +114,7 @@ When a principal's *temporary active* membership or ownership of a group expires -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] diff --git a/api-reference/v1.0/resources/privilegedidentitymanagementv3-overview.md b/api-reference/v1.0/resources/privilegedidentitymanagementv3-overview.md index a19cf73cdd1..8a8bbde28af 100644 --- a/api-reference/v1.0/resources/privilegedidentitymanagementv3-overview.md +++ b/api-reference/v1.0/resources/privilegedidentitymanagementv3-overview.md @@ -89,7 +89,7 @@ For more information about using Microsoft Graph to configure rules, see [Overvi -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [zero-trust](../../../includes/identity-zero-trust.md)] -[!INCLUDE [zero-trust](~/../entra_docs/docs/includes/entra-zero-trust.md)] +[!INCLUDE [identity-zero-trust](../includes/identity-zero-trust.md)] diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index db6b53a8957..07227f543c4 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -7,7 +7,7 @@ ms.localizationpriority: high # What's new in Microsoft Graph -Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This topic provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more. +Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more. For more detailed API-level updates, see the [Microsoft Graph API changelog](https://developer.microsoft.com/graph/changelog/). @@ -22,6 +22,12 @@ For details about previous updates to Microsoft Graph, see [Microsoft Graph what Microsoft Graph Toolkit v4 is now available. For details about changes in the latest release, see [Upgrade to the latest version of Microsoft Graph Toolkit](/graph/toolkit/upgrade). +### Identity and access | Identity and sign-in + +- Introduced the following more granular delegated and application permissions for managing tenant branding through the [organizationalBranding](/graph/api/resources/organizationalbranding?view=graph-rest-beta&preserve-view=true) and [organizationalBrandingLocalization](/graph/api/resources/organizationalbrandinglocalization?view=graph-rest-beta&preserve-view=true) resource types: + - Use *OrganizationalBranding.Read.All* permission for read operations instead of the *Organization.Read.All* permission. + - Use *OrganizationalBranding.ReadWrite.All* permission for read and write operations instead of the *Organization.ReadWrite.All* permission. + ## February 2024: New in preview only ### Calendars @@ -30,12 +36,17 @@ Use the **iCalUId** property on [event](/graph/api/resources/event?view=graph-re ### Education -- Teachers can [activate](/graph/api/educationassignment-activate) an inactive [assignment](/graph/api/resources/educationassignment) to signal that the assignment has further action items for teachers or students. -- Teachers can [deactivate](/graph/api/educationassignment-deactivate) and mark an assignment as inactive to signal that the assignment has no further action items for teachers and students. +- Teachers can [activate](/graph/api/educationassignment-activate?view=graph-rest-beta&preserve-view=true) an inactive [assignment](/graph/api/resources/educationassignment?view=graph-rest-beta&preserve-view=true) to signal that the assignment has further action items for teachers or students. +- Teachers can [deactivate](/graph/api/educationassignment-deactivate?view=graph-rest-beta&preserve-view=true) and mark an assignment as inactive to signal that the assignment has no further action items for teachers and students. ### Identity and access | Directory management -Updated the descriptions of the **model** and **manufacturer** properties in the [device](/graph/api/resources/device?view=graph-rest-beta&preserve-view=true) resource to clarify their read-only status, replacing the outdated descriptions related to Project Rome sign-ins. +- Updated the descriptions of the **model** and **manufacturer** properties in the [device](/graph/api/resources/device?view=graph-rest-beta&preserve-view=true) resource to clarify their read-only status, replacing the outdated descriptions related to Project Rome sign-ins. +- Enabled tenants to [update](/graph/api/organization-update?view=graph-rest-beta&preserve-view=true) the following properties of the [organization](/graph/api/resources/organization?view=graph-rest-beta&preserve-view=true) entity: **businessPhones**, **city**, **postalCode**, **preferredLanguage**, **state**, **street**. +- You can now invite external users to Teams and manage the lifecycle of their invitation through the [pendingExternalUserProfile resource type](/graph/api/resources/pendingexternaluserprofile?view=graph-rest-beta&preserve-view=true) and its associated methods. After the user redeems their pending profile, you can manage their profile in your tenant through the [externalUserProfile resource type](/graph/api/resources/externaluserprofile?view=graph-rest-beta&preserve-view=true) and its associated methods. + +### Identity and access | Identity and sign-in +- Added the ability to target the device code authentication flow using Microsoft Entra Conditional Access. Configure the [conditionalAccessPolicy](/graph/api/resources/conditionalaccesspolicy?view=graph-rest-beta&preserve-view=true) > **conditions** property > **authenticationFlows** property of [conditionalAccessConditionSet complex type](/graph/api/resources/conditionalaccessconditionset?view=graph-rest-beta&preserve-view=true) > **transferMethods** property of [conditionalAccessAuthenticationFlows complex type](/graph/api/resources/conditionalaccessauthenticationflows?view=graph-rest-beta&preserve-view=true). ### Reports | Partner billing reports @@ -58,7 +69,7 @@ Microsoft Teams custom meeting templates allow you to specify values for many of - Added the ability to [get shifts](/graph/api/team-getshifts?view=graph-rest-beta&preserve-view=true) and [get time offs](/graph/api/team-gettimesoff?view=graph-rest-beta&preserve-view=true) across all teams that a user is a direct member of. - Added the **isCrossLocationShiftRequestApprovalRequired** and **isCrossLocationShiftsEnabled** properties on [schedule](/graph/api/resources/schedule?view=graph-rest-beta&preserve-view=true) to support two cross location scenarios. -- Added the ability to [get](/graph/api/shiftsroledefinition-get) and [update](/graph/api/shiftsroledefinition-update) front-line managers' capabilities in a Shifts schedule. +- Added the ability to [get](/graph/api/shiftsroledefinition-get) and [update](/graph/api/shiftsroledefinition-update) frontline managers' capabilities in a Shifts schedule. ## January 2024: New and generally available @@ -143,7 +154,7 @@ Are there scenarios you'd like Microsoft Graph to support? - Suggest and vote for new features by using the [Microsoft Graph Feedback Portal](https://aka.ms/graphfeedback). Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (`https://graph.microsoft.com/beta`) and v1.0 (`https://graph.microsoft.com/v1.0`) endpoints. -- [Join](https://aka.ms/m365-dev-call) the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. +- [Join](https://aka.ms/m365-dev-call) the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. Visit the [Microsoft 365 and Power Platform community page](https://aka.ms/community/calls) to discover the full calendar of developer calls. - [Join](https://ux.microsoft.com/Panel/M365Devs?utm_source=graphDocs) our research panel to provide your input on our developer experiences. diff --git a/includes/identity-zero-trust.md b/includes/identity-zero-trust.md new file mode 100644 index 00000000000..361790a0691 --- /dev/null +++ b/includes/identity-zero-trust.md @@ -0,0 +1,13 @@ +--- +ms.service: entra-id +ms.topic: include +--- +## Zero Trust + +This feature helps organizations to align their [identities](/security/zero-trust/deploy/identity) with the three guiding principles of a Zero Trust architecture: + +- Verify explicitly +- Use least privilege +- Assume breach + +To find out more about Zero Trust and other ways to align your organization to the guiding principles, see the [Zero Trust Guidance Center](/security/zero-trust/). diff --git a/includes/profilecardproperty-all-clouds-note.md b/includes/profilecardproperty-all-clouds-note.md new file mode 100644 index 00000000000..d5d1ed8d4c2 --- /dev/null +++ b/includes/profilecardproperty-all-clouds-note.md @@ -0,0 +1,13 @@ +--- +author: rwaithera +ms.topic: include +ms.date: 01/03/2024 +--- + + + +Profile card properties APIs are available in the following [national cloud deployments](/graph/deployments). + +| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet | +|--------------------|--------------------|------------------------|----------------------------| +| :white_check_mark: | :white_check_mark: | :white_check_mark: | :white_check_mark: |