From 01cca7cae49a97a8a20f41533268734240137759 Mon Sep 17 00:00:00 2001 From: raghuchek Date: Thu, 5 Oct 2023 21:54:44 +0530 Subject: [PATCH 001/156] Updated changes --- concepts/permissions-reference.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index 09be278ee9a..b131956235a 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -982,8 +982,8 @@ For more complex scenarios involving multiple permissions, see [Permission scena | :------------------------------ | :--------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | :-------------------------- | | _EduAdministration.Read_ | Read education app settings | Allows the app to read education app settings on behalf of the user. | Yes | No | | _EduAdministration.ReadWrite_ | Manage education app settings | Allows the app to manage education app settings on behalf of the user. | Yes | No | -| _EduAssignments.ReadBasic_ | Read users' class assignments without grades | Allows the app to read assignments without grades on behalf of the user | Yes | No | -| _EduAssignments.ReadWriteBasic_ | Read and write users' class assignments without grades | Allows the app to read and write assignments without grades on behalf of the user | Yes | No | +| _EduAssignments.ReadBasic_ | Read users' class assignments information without reading any feedback or outcomes | Allows the app to read assignments information on behalf of the user without reading any feedback or outcomes. | Yes | No | +| _EduAssignments.ReadWriteBasic_ | Read and write users' class assignments information without impacting or reading any feedback or outcomes | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | Yes | No | | _EduAssignments.Read_ | Read users' view of class assignments and their grades | Allows the app to read assignments and their grades on behalf of the user | Yes | No | | _EduAssignments.ReadWrite_ | Read and write users' view of class assignments and their grades | Allows the app to read and write assignments and their grades on behalf of the user | Yes | No | | _EduCurricula.Read_ | Read the user's class modules and resources. | Allows the app to read the user's modules and resources on behalf of the signed-in user. | Yes | No | @@ -998,9 +998,9 @@ For more complex scenarios involving multiple permissions, see [Permission scena | :---------------------------------- | :-------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | | _EduAdministration.Read.All_ | Read Education app settings | Read the state and settings of all Microsoft education apps on behalf of the user. | Yes | | _EduAdministration.ReadWrite.All_ | Manage education app settings | Manage the state and settings of all Microsoft education apps on behalf of the user. | yes | -| _EduAssignments.ReadBasic.All_ | Read all class assignments without grades | Allows the app to read all class assignments without grades for all users without a signed-in user. | Yes | -| _EduAssignments.ReadWriteBasic.All_ | Create, read, update, and delete all class assignments without grades | Allows the app to create, read, update and delete all class assignments without grades for all users without a signed-in user. | Yes | -| _EduAssignments.Read.All_ | Read all class assignments with grades | Allows the app to read all class assignments with grades for all users without a signed-in user. | Yes | +| _EduAssignments.ReadBasic.All_ | Read all class assignments information without reading any feedback or outcomes | Allows the app to read all class assignments information for all users without a signed-in user without reading any feedback or outcomes. | Yes | +| _EduAssignments.ReadWriteBasic.All_ | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | Yes | +| _EduAssignments.Read.All_ | Read all class assignments with grades | Allows the app to create, read, update, and delete all class assignments information for all users without a signed-in user without accessing or impacting any feedback or outcomes. | Yes | | _EduAssignments.ReadWrite.All_ | Create, read, update, and delete all class assignments with grades | Allows the app to create, read, update and delete all class assignments with grades for all users without a signed-in user. | Yes | | _EduCurricula.Read.All_ | Read all class modules and resources | Allows the app to read all modules and resources, without a signed-in user. | Yes | | _EduCurricula.ReadWrite.All_ | Read and write all class modules and resources | Allows the app to read and write all modules and resources, without a signed-in user. | Yes | From e8dbaaf0541a1221373046852d3a94fe93a16732 Mon Sep 17 00:00:00 2001 From: raghuchek Date: Fri, 6 Oct 2023 14:50:28 +0530 Subject: [PATCH 002/156] reverted --- concepts/permissions-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index b131956235a..ca73621121e 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -1000,7 +1000,7 @@ For more complex scenarios involving multiple permissions, see [Permission scena | _EduAdministration.ReadWrite.All_ | Manage education app settings | Manage the state and settings of all Microsoft education apps on behalf of the user. | yes | | _EduAssignments.ReadBasic.All_ | Read all class assignments information without reading any feedback or outcomes | Allows the app to read all class assignments information for all users without a signed-in user without reading any feedback or outcomes. | Yes | | _EduAssignments.ReadWriteBasic.All_ | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | Yes | -| _EduAssignments.Read.All_ | Read all class assignments with grades | Allows the app to create, read, update, and delete all class assignments information for all users without a signed-in user without accessing or impacting any feedback or outcomes. | Yes | +| _EduAssignments.Read.All_ | Read all class assignments with grades | Allows the app to read all class assignments with grades for all users without a signed-in user. | Yes | | _EduAssignments.ReadWrite.All_ | Create, read, update, and delete all class assignments with grades | Allows the app to create, read, update and delete all class assignments with grades for all users without a signed-in user. | Yes | | _EduCurricula.Read.All_ | Read all class modules and resources | Allows the app to read all modules and resources, without a signed-in user. | Yes | | _EduCurricula.ReadWrite.All_ | Read and write all class modules and resources | Allows the app to read and write all modules and resources, without a signed-in user. | Yes | From 725bc72c41f47d3d12dc7780126feaddfd9b33b2 Mon Sep 17 00:00:00 2001 From: jagritee Date: Sun, 5 Nov 2023 23:24:27 +0530 Subject: [PATCH 003/156] Learning Course Activity adding Error Codes --- ...ienceuser-post-learningcourseactivities.md | 18 +++++++++++++-- .../v1.0/api/learningcourseactivity-delete.md | 14 +++++++++++ .../v1.0/api/learningcourseactivity-get.md | 14 +++++++++++ .../v1.0/api/learningcourseactivity-update.md | 23 +++++++++++++++++-- 4 files changed, 65 insertions(+), 4 deletions(-) diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index 96d54cc3caa..0178b8842c1 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -56,7 +56,7 @@ In the request body, use @odata.type to specify the type of [learningCourseActiv |:---|:---|:---| |assignedDateTime|DateTimeOffset|Assigned date for the course activity. Optional. | |assignmentType|assignmentType|The assignment type for the course activity. Possible values are: `required`, `recommended`, `unknownFutureValue`. Required.| -|assignerUserId|String|The user ID of the assigner. Optional. | +|assignerUserId|String|The Microsoft Entra ID of the assigner. Optional. | |completedDateTime|DateTimeOffset|The date and time when the assignment was completed. Optional. | |completionPercentage|Int32|The percentage of the course completed by the user. Optional. If a value is provided, it must be between `0` and `100` (inclusive).| |dueDateTime|DateTimeOffset|Due date for the course activity. Optional. | @@ -64,7 +64,7 @@ In the request body, use @odata.type to specify the type of [learningCourseActiv |id|String|The generated ID for a request that can be used to make further interactions to the course activity APIs.| |learningContentId|String| The ID of the learning content created in Viva Learning. Required.| |learningProviderId|String|The registration ID of the provider. Required.| -|learnerUserId|String|The user ID of the learner to whom the activity is assigned. Required.| +|learnerUserId|String|The Microsoft Entra ID of the learner to whom the activity is assigned. Required.| |notes|String|Notes for the course activity. Optional. | |registrationId|String|ID of the provider. The ID is generated when the provider registers on Viva Learning. Required.| |startedDateTime|DateTimeOffset|The date and time when the self-initiated course was started by the learner. Optional.| @@ -274,3 +274,17 @@ Content-Type: application/json "status": "inProgress" } ``` + +### Error Conditions + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| +|Multiple Field validations fail|400|BadRequest|BadRequest|[{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}]| +|Forbidden|403|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| +|Forbidden|403|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index e9abd1dd3df..d3978dfb567 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -109,3 +109,17 @@ The following example shows the response. ``` http HTTP/1.1 204 No Content ``` + +### Error Conditions + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have appropriate permission scope|403|Forbidden|Your account does not have access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| +|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index 7259c7985bc..68ba90013c2 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -299,3 +299,17 @@ Content-Type: application/json "status": "notStarted" } ``` + +### Error Conditions + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have appropriate permission scope|403|Forbidden|Your account does not have access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| +|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-update.md b/api-reference/v1.0/api/learningcourseactivity-update.md index 16a472aef87..515511fc8d9 100644 --- a/api-reference/v1.0/api/learningcourseactivity-update.md +++ b/api-reference/v1.0/api/learningcourseactivity-update.md @@ -49,7 +49,6 @@ The following table lists the properties that you can change for an assigned lea |Property|Type|Description| |:---|:---|:---| |assignedDateTime|DateTimeOffset|Assigned date for the course activity. Optional.| -|assignmentType|assignmentType|The assignment type for the course activity. Possible values are: `required`, `recommended`, `unknownFutureValue`. Required.| |completedDateTime|DateTimeOffset|Date and time when the assignment was completed. Optional.| |completionPercentage|Int32|The percentage of the course completed by the user. If a value is provided, it must be between `0` and `100` (inclusive). Optional.| |dueDateTime|DateTimeOffset|Due date for the course activity. Optional.| @@ -62,7 +61,7 @@ The following table lists the properties that you can change for a self-initiate |:---|:---|:---| |completedDateTime|DateTimeOffset|Date and time when the assignment was completed. Optional.| |completionPercentage|Int32|The percentage of the course completed by the user. If a value is provided, it must be between `0` and `100` (inclusive). Optional.| -|status|courseStatus|The status of the course activity. Possible values are: `notStarted`, `inProgress`, `completed`. Required.| +|status|courseStatus|The status of the course activity. Possible values are: `inProgress`, `completed`. Required.| |startedDateTime|DateTimeOffset|The date and time when the self-initiated course was started by the learner.| @@ -224,3 +223,23 @@ The following example shows the response. ``` http HTTP/1.1 204 No Content ``` + + +### Error Conditions + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have appropriate permission scope|403|Forbidden|Your account does not have access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| +|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| +|Bad Request|400|BadRequest|Required fields are missing|[{"code": "badRequest","message": "Input Field {fieldName} is required"}] +|Bad Request|400|BadRequest|Input fields are invalid|[{"code": "badRequest","message": "Input Field {fieldName} is invalid"}] +|Bad Request|400|BadRequest|BadRequest|[{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}] +|Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| +|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file From 6145aceb6ced47e75c627ae1dd877a7a721dd757 Mon Sep 17 00:00:00 2001 From: jagritee Date: Tue, 7 Nov 2023 11:19:46 +0530 Subject: [PATCH 004/156] build failure fix --- ...oyeeexperienceuser-post-learningcourseactivities.md | 4 ++-- .../v1.0/api/learningcourseactivity-delete.md | 4 ++-- api-reference/v1.0/api/learningcourseactivity-get.md | 4 ++-- .../v1.0/api/learningcourseactivity-update.md | 10 +++++----- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index 0178b8842c1..e64674e1d0b 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -284,7 +284,7 @@ Content-Type: application/json |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| -|Multiple Field validations fail|400|BadRequest|BadRequest|[{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}]| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| +|Multiple Field validations fail|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| |Forbidden|403|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index d3978dfb567..18a57f04eb4 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -121,5 +121,5 @@ HTTP/1.1 204 No Content |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| -|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| \ No newline at end of file +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index 68ba90013c2..48d9ac470f3 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -311,5 +311,5 @@ Content-Type: application/json |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| -|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| \ No newline at end of file +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-update.md b/api-reference/v1.0/api/learningcourseactivity-update.md index 515511fc8d9..a3cece57568 100644 --- a/api-reference/v1.0/api/learningcourseactivity-update.md +++ b/api-reference/v1.0/api/learningcourseactivity-update.md @@ -236,10 +236,10 @@ HTTP/1.1 204 No Content |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|[{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}]| -|Service Unavailable|503|Service Unavailable|[{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}]| -|Bad Request|400|BadRequest|Required fields are missing|[{"code": "badRequest","message": "Input Field {fieldName} is required"}] -|Bad Request|400|BadRequest|Input fields are invalid|[{"code": "badRequest","message": "Input Field {fieldName} is invalid"}] -|Bad Request|400|BadRequest|BadRequest|[{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}] +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| +|Bad Request|400|BadRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| +|Bad Request|400|BadRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| +|Bad Request|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file From 936ec148255afbf1afdad656e9a8edc051806abc Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 9 Nov 2023 15:38:20 -0600 Subject: [PATCH 005/156] Apply suggestions from code review --- api-reference/v1.0/api/learningcourseactivity-delete.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index 18a57f04eb4..4c839c19c2b 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -110,9 +110,9 @@ The following example shows the response. HTTP/1.1 204 No Content ``` -### Error Conditions +### Error conditions -|Scenario|HTTP Code|Code|Message|Details| +|Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| |Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| |User doesn't have appropriate permission scope|403|Forbidden|Your account does not have access to this report or data. Please contact your global administrator to request access.| From 9f9e245e8888cbb87baeecb8ee34ef8a50f8f684 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 9 Nov 2023 15:41:42 -0600 Subject: [PATCH 006/156] Update learningcourseactivity-delete.md --- .../v1.0/api/learningcourseactivity-delete.md | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index 4c839c19c2b..e951c22dd27 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -114,12 +114,12 @@ HTTP/1.1 204 No Content |Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| -|User doesn't have appropriate permission scope|403|Forbidden|Your account does not have access to this report or data. Please contact your global administrator to request access.| +|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| -|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| -|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| -|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| -|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal server error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| \ No newline at end of file +|Service unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| From a13897724185f97b63b96683419a95a911969ad9 Mon Sep 17 00:00:00 2001 From: Raul Fernandes Date: Sat, 11 Nov 2023 05:40:38 +0000 Subject: [PATCH 007/156] Added documentation for cross team open shifts API --- .../beta/api/openshift-stagefordeletion.md | 75 ++++++++++++ api-reference/beta/api/team-getopenshifts.md | 115 ++++++++++++++++++ .../openshift-stagefordeletion-permissions.md | 6 + .../team-getopenshifts-permissions.md | 6 + api-reference/beta/resources/openshift.md | 88 ++++++++------ api-reference/beta/resources/openshiftitem.md | 13 +- changelog/Microsoft.Teams.Shifts.json | 42 +++++++ 7 files changed, 302 insertions(+), 43 deletions(-) create mode 100644 api-reference/beta/api/openshift-stagefordeletion.md create mode 100644 api-reference/beta/api/team-getopenshifts.md create mode 100644 api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md create mode 100644 api-reference/beta/includes/permissions/team-getopenshifts-permissions.md diff --git a/api-reference/beta/api/openshift-stagefordeletion.md b/api-reference/beta/api/openshift-stagefordeletion.md new file mode 100644 index 00000000000..5e47755769d --- /dev/null +++ b/api-reference/beta/api/openshift-stagefordeletion.md @@ -0,0 +1,75 @@ +--- +title: "openShift: stageForDeletion" +description: "Stage an openShift for deletion" +author: "raulfernandes" +ms.localizationpriority: medium +ms.prod: "microsoft-teams" +doc_type: apiPageType +--- + +# openShift: stageForDeletion +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +This stages an open shift to be deletion. Staged (Draft) changes are only visible to managers until the changes are [shared](../api/schedule-share.md) with the team. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). + + +[!INCLUDE [permissions-table](../includes/permissions/openshift-stagefordeletion-permissions.md)] + +## HTTP request + + +``` http +POST /teams/{teamsId}/schedule/openShifts/{openShiftId}/stageForDeletion +``` + +## Request headers +|Name|Description| +|:---|:---| +|Authorization|Bearer {token}. Required.| +| MS-APP-ACTS-AS | A user ID (GUID). Required only if the authorization token is an application token; otherwise, optional. | + +## Request body +Do not supply a request body for this method. + +## Response + +If successful, this action returns a `204 No Content` response code. + +## Examples + +### Request +The following is an example of a request. + +``` http +POST https://graph.microsoft.com/beta/teams/{teamsId}/schedule/openShifts/{openShiftId}/stageForDeletion +``` + + +### Response +The following is an example of the response +>**Note:** The response object shown here might be shortened for readability. + +``` http +HTTP/1.1 204 No Content +``` + diff --git a/api-reference/beta/api/team-getopenshifts.md b/api-reference/beta/api/team-getopenshifts.md new file mode 100644 index 00000000000..3ef60c4d901 --- /dev/null +++ b/api-reference/beta/api/team-getopenshifts.md @@ -0,0 +1,115 @@ +--- +title: "Open Shifts in All Schedules" +description: "Gets a list of open shifts from across all schedules the user has access to" +author: "raulfernandes" +ms.localizationpriority: medium +ms.prod: "microsoft-teams" +doc_type: apiPageType +--- + +# Joined Teams: getOpenShifts +Namespace: microsoft.graph + +[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] + +Gets a list of [openShift](../resources/conversationmember.md) objects from across all schedules a user has access to. + +## Permissions +One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference). + + +[!INCLUDE [permissions-table](../includes/permissions/team-getopenshifts-permissions.md)] + +## HTTP request + + +``` http +GET /me/joinedTeams/getOpenShifts +GET /users/{id | user-principal-name}/joinedTeams/getOpenShifts +``` + +## Optional query parameters + +This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response. + +> [!NOTE] +> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query will not work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/startDateTime le 2024-05-09T23:59:59Z`. +> However, the following query will work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/endDateTime le 2024-05-09T23:59:59Z`. + + +## Request headers +|Name|Description| +|:---|:---| +|Authorization|Bearer {token}. Required.| +| MS-APP-ACTS-AS | A user ID (GUID). Required only if the authorization token is an application token; otherwise, optional. | + +## Request body +Don't supply a request body for this method. + +## Response + +If successful, this function returns a `200 OK` response code and a [openShift](../resources/openshift.md) collection in the response body. + +## Examples + +### Request +The following url is an example of a request. + +```msgraph-interactive +GET https://graph.microsoft.com/beta/me/joinedTeams/getOpenShifts +``` + + +### Response +The following payload is an example of the response +>**Note:** The response object shown here might be shortened for readability. + +``` http +HTTP/1.1 200 OK +Content-Type: application/json + +{ + "value": [ + { + "@odata.type": "#microsoft.graph.openShift", + "id": "String (identifier)", + "createdBy": { + "@odata.type": "microsoft.graph.identitySet" + }, + "createdDateTime": "String (timestamp)", + "lastModifiedDateTime": "String (timestamp)", + "lastModifiedBy": { + "@odata.type": "microsoft.graph.identitySet" + }, + "sharedOpenShift": { + "@odata.type": "microsoft.graph.openShiftItem" + }, + "draftOpenShift": { + "@odata.type": "microsoft.graph.openShiftItem" + }, + "schedulingGroupId": "String", + "isStagedForDeletion": "Boolean", + "schedulingGroupName": "String", + "teamId": "String", + "teamName": "String" + } + ] +} +``` + diff --git a/api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md b/api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md new file mode 100644 index 00000000000..47d106e40f4 --- /dev/null +++ b/api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md @@ -0,0 +1,6 @@ +|Permission type|Least privileged permissions|Higher privileged permissions| +|:---|:---|:---| +|Delegated (work or school account)|Schedule.ReadWrite.All|Group.ReadWrite.All| +|Delegated (personal Microsoft account)|Not supported.|Not supported.| +|Application|Schedule.ReadWrite.All|Not available.| + diff --git a/api-reference/beta/includes/permissions/team-getopenshifts-permissions.md b/api-reference/beta/includes/permissions/team-getopenshifts-permissions.md new file mode 100644 index 00000000000..755a2115b46 --- /dev/null +++ b/api-reference/beta/includes/permissions/team-getopenshifts-permissions.md @@ -0,0 +1,6 @@ +|Permission type|Least privileged permissions|Higher privileged permissions| +|:---|:---|:---| +|Delegated (work or school account)|Schedule.Read.All|Schedule.ReadWrite.All| +|Delegated (personal Microsoft account)|Not supported.|Not supported.| +|Application|Schedule.Read.All|Schedule.ReadWrite.All| + diff --git a/api-reference/beta/resources/openshift.md b/api-reference/beta/resources/openshift.md index 29e0f590624..1b6be18fb89 100644 --- a/api-reference/beta/resources/openshift.md +++ b/api-reference/beta/resources/openshift.md @@ -1,10 +1,10 @@ --- title: "openShift resource type" description: "Represents an unassigned open shift in a schedule." +author: "raulfernandes" ms.localizationpriority: medium -author: "akumar39" ms.prod: "microsoft-teams" -doc_type: "resourcePageType" +doc_type: resourcePageType --- # openShift resource type @@ -16,55 +16,63 @@ Namespace: microsoft.graph Represents an unassigned, open shift in a [schedule](../resources/schedule.md). ## Methods - -| Method | Return Type | Description | -|:-------------|:------------|:------------| -| [Create](../api/openshift-post.md) | [openShift](openshift.md) | Create an instance of an **openShift** object. | -| [List](../api/openshift-list.md) | Collection of [openShift](openshift.md) | List the properties and relationships of **openShift** objects in a team.| -| [Get](../api/openshift-get.md) | [openShift](openshift.md) | Read the properties and relationships of an **openShift** object. | -| [Update](../api/openshift-update.md) | [openShift](openshift.md) | Update an **openShift** object. | -| [Delete](../api/openshift-delete.md) | None | Delete an **openShift** object. | +|Method|Return type|Description| +|:---|:---|:---| +|[List openShifts in schedule](../api/openshift-list.md)|[openShift](../resources/openshift.md) collection|Get a list of the [openShift](../resources/openshift.md) objects and their properties.| +|[Create openShift](../api/openshift-post.md)|[openShift](../resources/openshift.md)|Create a new [openShift](../resources/openshift.md) object.| +|[Get openShift](../api/openshift-get.md)|[openShift](../resources/openshift.md)|Read the properties and relationships of an [openShift](../resources/openshift.md) object.| +|[Update openShift](../api/openshift-update.md)|[openShift](../resources/openshift.md)|Update the properties of an [openShift](../resources/openshift.md) object.| +|[Delete openShift](../api/openshift-delete.md)|None|Delete an [openShift](../resources/openshift.md) object.| +|[stageForDeletion](../api/openshift-stagefordeletion.md)|None|Stage an [openShift](../resources/openshift.md) for deletion (The open shift draft state is set to be deleted, the open shift will be deleted when the schedule is shared).| +|[List openShifts in joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get a list of the [openShift](../resources/openshift.md) objects and their properties.| ## Properties - -| Property | Type | Description | -|:-------------|:------------|:------------| -|draftOpenShift|[openShiftItem](openshiftitem.md)|An unpublished open shift.| -|schedulingGroupId|String|ID for the scheduling group that the open shift belongs to.| -|sharedOpenShift|[openShiftItem](openshiftitem.md)|A published open shift.| +|Property|Type|Description| +|:---|:---|:---| +|draftOpenShift|[openShiftItem](../resources/openshiftitem.md)|Draft changes in the open shift (only visible to managers until [shared](../api/schedule-share.md)).| +|isStagedForDeletion|Boolean|The open shift is marked for deletion (finalized when the schedule is [shared](../api/schedule-share.md))| +|schedulingGroupId|String|The ID of the schedule group the open shift is in| +|schedulingGroupName|String|The name of the scheduling group the open shift is in (computed)| +|sharedOpenShift|[openShiftItem](../resources/openshiftitem.md)|Published changes in the open shift (Shared with team).| +|teamId|String|The ID of the team the open shift is in (computed)| +|teamName|String|The name of the team the open shift is in (computed)| ## Relationships - None. ## JSON representation - -The following is a JSON representation of the resource. - +The following payload is a JSON representation of the resource. - -```json + "keyProperty": "id", + "@odata.type": "microsoft.graph.openShift", + "baseType": "microsoft.graph.changeTrackedEntity", + "openType": false +} +--> +``` json { - "draftOpenShift": {"@odata.type": "microsoft.graph.openShiftItem"}, + "@odata.type": "#microsoft.graph.openShift", + "id": "String (identifier)", + "createdBy": { + "@odata.type": "microsoft.graph.identitySet" + }, + "createdDateTime": "String (timestamp)", + "lastModifiedDateTime": "String (timestamp)", + "lastModifiedBy": { + "@odata.type": "microsoft.graph.identitySet" + }, + "sharedOpenShift": { + "@odata.type": "microsoft.graph.openShiftItem" + }, + "draftOpenShift": { + "@odata.type": "microsoft.graph.openShiftItem" + }, "schedulingGroupId": "String", - "sharedOpenShift": {"@odata.type": "microsoft.graph.openShiftItem"} + "isStagedForDeletion": "Boolean", + "schedulingGroupName": "String", + "teamId": "String", + "teamName": "String" } ``` - - - - diff --git a/api-reference/beta/resources/openshiftitem.md b/api-reference/beta/resources/openshiftitem.md index 503b8b3dfbc..b3d31df1e06 100644 --- a/api-reference/beta/resources/openshiftitem.md +++ b/api-reference/beta/resources/openshiftitem.md @@ -1,6 +1,6 @@ --- title: "openShiftItem resource type" -description: "Represents a single count of an open shift." +description: "Represents the details of an open shift." ms.localizationpriority: medium author: "akumar39" ms.prod: "microsoft-teams" @@ -13,7 +13,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Represents a single count of an [openshift](../resources/openshift.md). +Represents the details of an [open shift](../resources/openshift.md). ## Properties @@ -36,7 +36,14 @@ Here's a JSON representation of the resource. ```json { - "openSlotCount": 1024 + "openSlotCount": 1024, + "displayName": "Day Shift", + "startDateTime": "2023-06-11T01:45:00Z", + "endDateTime": "2023-06-11T02:15:00Z", + "theme": "blue", + "notes": null, + "openSlotCount": 6, + "activities": [] } ``` diff --git a/changelog/Microsoft.Teams.Shifts.json b/changelog/Microsoft.Teams.Shifts.json index 1c3c02c955a..96a19405334 100644 --- a/changelog/Microsoft.Teams.Shifts.json +++ b/changelog/Microsoft.Teams.Shifts.json @@ -319,6 +319,48 @@ "CreatedDateTime": "2023-07-05T01:15:33.264Z", "WorkloadArea": "Teamwork and communications", "SubArea": "Shift management" + }, + { + "ChangeList": [ + { + "Id": "958cb6cc-4eb0-4dec-a19d-7fe3da86b3ec", + "ApiChange": "Property", + "ChangedApiName": "schedulingGroupName", + "ChangeType": "Addition", + "Description": "Added the `schedulingGroupName` property to the [openShift](https://learn.microsoft.com/en-us/graph/api/resources/openShift?view=graph-rest-beta) resource.", + "Target": "openShift" + }, + { + "Id": "958cb6cc-4eb0-4dec-a19d-7fe3da86b3ec", + "ApiChange": "Property", + "ChangedApiName": "teamId", + "ChangeType": "Addition", + "Description": "Added the `teamId` property to the [openShift](https://learn.microsoft.com/en-us/graph/api/resources/openShift?view=graph-rest-beta) resource.", + "Target": "openShift" + }, + { + "Id": "958cb6cc-4eb0-4dec-a19d-7fe3da86b3ec", + "ApiChange": "Property", + "ChangedApiName": "teamName", + "ChangeType": "Addition", + "Description": "Added the `teamName` property to the [openShift](https://learn.microsoft.com/en-us/graph/api/resources/openShift?view=graph-rest-beta) resource.", + "Target": "openShift" + }, + { + "Id": "958cb6cc-4eb0-4dec-a19d-7fe3da86b3ec", + "ApiChange": "Method", + "ChangedApiName": "getOpenShifts", + "ChangeType": "Addition", + "Description": "Added the [getOpenShifts](https://learn.microsoft.com/en-us/graph/api/team?view=graph-rest-beta) method to the [team](https://learn.microsoft.com/en-us/graph/api/team?view=graph-rest-beta) resource.", + "Target": "team" + } + ], + "Id": "958cb6cc-4eb0-4dec-a19d-7fe3da86b3ec", + "Cloud": "Prod", + "Version": "beta", + "CreatedDateTime": "2023-11-10T16:41:58.7764213Z", + "WorkloadArea": "Teamwork", + "SubArea": "" } ] } From 88029f91d4d00f75abf606de55e4faff4dc02ee9 Mon Sep 17 00:00:00 2001 From: jagritee Date: Tue, 14 Nov 2023 16:42:37 +0530 Subject: [PATCH 008/156] Update Documentation for score correctness --- ...oyeeexperienceuser-post-learningcourseactivities.md | 2 +- .../v1.0/api/learningcourseactivity-delete.md | 6 +++--- api-reference/v1.0/api/learningcourseactivity-get.md | 10 +++++----- .../v1.0/api/learningcourseactivity-update.md | 8 ++++---- 4 files changed, 13 insertions(+), 13 deletions(-) diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index e64674e1d0b..34b7fa0c426 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -284,7 +284,7 @@ Content-Type: application/json |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| |Multiple Field validations fail|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| |Forbidden|403|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index e951c22dd27..3c34d161db7 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -114,12 +114,12 @@ HTTP/1.1 204 No Content |Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method is not supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity| +|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity| |User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| -|Forbidden|403|Forbidden|You do not have a service plan adequate for this request.| +|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| |Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal server error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message":"Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index 48d9ac470f3..3eeb4113bca 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -83,7 +83,7 @@ If successful, this method returns a `200 OK` response code and a [learningCours #### Request -The following examples shows a request to get an learning course activity using an ID. +The following examples shows a request to get a learning course activity using an ID. # [HTTP](#tab/http) + -#### Delegated permissions +## All permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _AccessReview.Read.All_ | Read all access reviews | Allows the app to read access reviews on behalf of the signed-in user. | Yes | No | -| _AccessReview.ReadWrite.All_ | Manage all access reviews | Allows the app to read and write access reviews on behalf of the signed-in user. | Yes | No | -| _AccessReview.ReadWrite.Membership_ | Manage access reviews for group and app memberships | Allows the app to read and write access reviews of groups and apps on behalf of the signed-in user. | Yes | No | +### AccessReview.Read.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | d07a8cc0-3d51-4b77-b3b0-32704d1f69fa | ebfcd32b-babb-40f4-a14b-42706e83bd28 +| DisplayText | Read all access reviews | Read all access reviews that user can access +| Description | Allows the app to read access reviews, reviewers, decisions and settings in the organization, without a signed-in user. | Allows the app to read access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | Yes +--- -#### Application permissions +### AccessReview.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _AccessReview.Read.All_ | Read all access reviews | Allows the app to read access reviews without a signed-in user. | Yes | -| _AccessReview.ReadWrite.All_ | Manage all access reviews | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user. | Yes | -| _AccessReview.ReadWrite.Membership_ | Manage access reviews for group and app memberships | Allows the app to manage access reviews of groups and apps without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | ef5f7d5c-338f-44b0-86c3-351f46c8bb5f | e4aa47b9-9a69-4109-82ed-36ec70d85ff1 +| DisplayText | Manage all access reviews | Manage all access reviews that user can access +| Description | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization, without a signed-in user. | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | Yes +--- -### Remarks +### AccessReview.ReadWrite.Membership -_AccessReview.Read.All_, _AccessReview.ReadWrite.All_, _AccessReview.ReadWrite.Membership_ are valid only for work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 18228521-a591-40f1-b215-5fad4488c117 | 5af8c3f5-baca-439a-97b0-ea58a435e269 +| DisplayText | Manage access reviews for group and app memberships | Manage access reviews for group and app memberships +| Description | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings in the organization for group and app memberships, without a signed-in user. | Allows the app to read, update, delete and perform actions on access reviews, reviewers, decisions and settings for group and app memberships that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | Yes -For an app with delegated permissions to read access reviews of a group or app, the signed-in user must be a member of one of the following administrator roles: Global Administrator, Security Administrator, Security Reader or User Administrator. For an app with delegated permissions to write access reviews of a group or app, the signed-in user must be a member of one of the following administrator roles: Global Administrator or User Administrator. +--- -For an app with delegated permissions to read access reviews of an Azure AD role, the signed-in user must be a member of one of the following administrator roles: Global Administrator, Security Administrator, Security Reader or Privileged Role Administrator. For an app with delegated permissions to write access reviews of an Azure AD role, the signed-in user must be a member of one of the following administrator roles: Global Administrator or Privileged Role Administrator. +### Acronym.Read.All -For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8c0aed2c-0c61-433d-b63c-6370ddc73248 | 9084c10f-a2d6-4713-8732-348def50fe02 +| DisplayText | Read all acronyms | Read all acronyms that the user can access +| Description | Allows an app to read all acronyms without a signed-in user. | Allows an app to read all acronyms that the signed-in user can access. +| AdminConsentRequired | Yes | No --- -## Administrative units permissions +### AdministrativeUnit.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 134fd756-38ce-4afd-ba33-e9623dbe66c2 | 3361d15d-be43-4de6-b441-3c746d05163d +| DisplayText | Read all administrative units | Read administrative units +| Description | Allows the app to read administrative units and administrative unit membership without a signed-in user. | Allows the app to read administrative units and administrative unit membership on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _AdministrativeUnit.Read.All_ | Read administrative units | Allows the app to read administrative units and administrative unit membership on behalf of the signed-in user. | Yes | No | -| _AdministrativeUnit.ReadWrite.All_ | Read and write administrative units | Allows the app to create, read, update, and delete administrative units and manage administrative unit membership on behalf of the signed-in user. | Yes | No | +### AdministrativeUnit.ReadWrite.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5eb59dd3-1da2-4329-8733-9dabdc435916 | 7b8a2d34-6b3f-4542-a343-54651608ad81 +| DisplayText | Read and write all administrative units | Read and write administrative units +| Description | Allows the app to create, read, update, and delete administrative units and manage administrative unit membership without a signed-in user. | Allows the app to create, read, update, and delete administrative units and manage administrative unit membership on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _AdministrativeUnit.Read.All_ | Read all administrative units | Allows the app to read administrative units and administrative unit membership without a signed-in user. | Yes | -| _AdministrativeUnit.ReadWrite.All_ | Read and write all administrative units | Allows the app to create, read, update, and delete administrative units and manage administrative unit membership without a signed-in user. | Yes | +### Agreement.Read.All -### Remarks -With the _AdministrativeUnit.Read.All_ permission an application can read administrative unit information including members. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2f3e6f8c-093b-4c57-a58b-ba5ce494a169 | af2819c9-df71-4dd3-ade7-4d7c9dc653b7 +| DisplayText | Read all terms of use agreements | Read all terms of use agreements +| Description | Allows the app to read terms of use agreements, without a signed in user. | Allows the app to read terms of use agreements on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -With the _AdministrativeUnit.ReadWrite.All_ permission an application can create, read, update, and delete administrative unit information including members. +--- -_AdministrativeUnit.Read.All_ and _AdministrativeUnit.ReadWrite.All_ are valid only for work or school accounts. +### Agreement.ReadWrite.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | c9090d00-6101-42f0-a729-c41074260d47 | ef4b5d93-3104-4664-9053-a5c49ab44218 +| DisplayText | Read and write all terms of use agreements | Read and write all terms of use agreements +| Description | Allows the app to read and write terms of use agreements, without a signed in user. | Allows the app to read and write terms of use agreements on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -> [!NOTE] -> The `v1.0` endpoint for the administrative units API is `/v1.0/directory/administrativeUnits`. +--- -- _AdministrativeUnit.Read.All_: Read administrative units (`GET /beta/administrativeUnits`) -- _AdministrativeUnit.Read.All_: Read members list of an administrative unit (`GET /beta/administrativeUnits//members`) -- _AdministrativeUnit.ReadWrite.All_: Create an administrative unit (`POST /beta/administrativeUnits`) -- _AdministrativeUnit.ReadWrite.All_: Update an administrative unit (`PATCH /beta/administrativeUnits/`) -- _AdministrativeUnit.ReadWrite.All_: Add members to an administrative unit (`POST /beta/administrativeUnits//members`) +### AgreementAcceptance.Read -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0b7643bb-5336-476f-80b5-18fbfbc91806 +| DisplayText | - | Read user terms of use acceptance statuses +| Description | - | Allows the app to read terms of use acceptance statuses on behalf of the signed-in user. +| AdminConsentRequired | - | Yes --- -## Analytics resource permissions +### AgreementAcceptance.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | d8e4ec18-f6c0-4620-8122-c8b1f2bf400e | a66a5341-e66e-4897-9d52-c2df58c2bfb9 +| DisplayText | Read all terms of use acceptance statuses | Read terms of use acceptance statuses that user can access +| Description | Allows the app to read terms of use acceptance statuses, without a signed in user. | Allows the app to read terms of use acceptance statuses on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Analytics.Read_ | Read user activity statistics. | Allows the app to read the signed-in user's activity statistics, such as how much time the user has spent on emails, in meetings, or in chat sessions. | No | +### Analytics.Read -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | e03cf23f-8056-446a-8994-7d93dfc8b50e +| DisplayText | - | Read user activity statistics +| Description | - | Allows the app to read the signed-in user's activity statistics, such as how much time the user has spent on emails, in meetings, or in chat sessions. +| AdminConsentRequired | - | No -None. +--- -### Example usage +### APIConnectors.Read.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | b86848a7-d5b1-41eb-a9b4-54a4e6306e97 | 1b6ff35f-31df-4332-8571-d31ea5a4893f +| DisplayText | Read API connectors for authentication flows | Read API connectors for authentication flows +| Description | Allows the app to read the API connectors used in user authentication flows, without a signed-in user. | Allows the app to read the API connectors used in user authentication flows, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* _Analytics.Read_: [List related settings for a user](/graph/api/useranalytics-get-settings?view=graph-rest-beta&preserve-view=true) (`GET /beta/me/analytics/settings`) +--- -#### Application +### APIConnectors.ReadWrite.All -None. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1dfe531a-24a6-4f1b-80f4-7a0dc5a0a171 | c67b52c5-7c69-48b6-9d48-7b3af3ded914 +| DisplayText | Read and write API connectors for authentication flows | Read and write API connectors for authentication flows +| Description | Allows the app to read, create and manage the API connectors used in user authentication flows, without a signed-in user. | Allows the app to read, create and manage the API connectors used in user authentication flows, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## AppCatalog resource permissions +### AppCatalog.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | e12dae10-5a57-4817-b79d-dfbec5348930 | 88e58d74-d3df-44f3-ad47-e89edf4472e4 +| DisplayText | Read all app catalogs | Read all app catalogs +| Description | Allows the app to read apps in the app catalogs without a signed-in user. | Allows the app to read the apps in the app catalogs. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| :----------| -| _AppCatalog.Read.All_ | Read all app catalogs | Allows the app to read the apps in the app catalogs.| No | No | -| _AppCatalog.ReadWrite.All_ | Read and write to all app catalogs | Allows the app to create, read, update, and delete apps in the app catalogs. | Yes | No | -|_AppCatalog.Submit_|Submit an app for admin review|Allows the user to submit and app for admin review for publication in an organization's app catalog and allows user to cancel past submissions that have not been published.
𝐍𝐎𝐓𝐄: Non-admin users submit apps for review by including the `requiresReview=true` query parameter.|Yes|No| +--- -#### Application permissions +### AppCatalog.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _AppCatalog.Read.All_ | Read all app catalogs | Allows the app to read apps in the app catalogs without a signed-in user. | Yes | -| _AppCatalog.ReadWrite.All_ | Read and write to all app catalogs | Allows the app to create, read, update, and delete apps in the app catalogs without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | dc149144-f292-421e-b185-5953f2e98d7f | 1ca167d5-1655-44a1-8adf-1414072e1ef9 +| DisplayText | Read and write to all app catalogs | Read and write to all app catalogs +| Description | Allows the app to create, read, update, and delete apps in the app catalogs without a signed-in user. | Allows the app to create, read, update, and delete apps in the app catalogs. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -Currently the only catalog is the list of applications in [Microsoft Teams](teams-concept-overview.md). +### AppCatalog.Submit -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 3db89e36-7fa6-4012-b281-85f3d9d9fd2e +| DisplayText | - | Submit application packages to the catalog and cancel pending submissions +| Description | - | Allows the app to submit application packages to the catalog and cancel submissions that are pending review on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Delegated -* _AppCatalog.ReadWrite.All_: [List all applications in catalog](/graph/api/appcatalogs-list-teamsapps) (`GET /beta/appCatalogs/teamsApps`) -* _AppCatalog.ReadWrite.All_: [Publish an app](/graph/api/teamsapp-publish?view=graph-rest-beta&preserve-view=true) (`POST /beta/appCatalogs/teamsApps`) -* _AppCatalog.ReadWrite.All_: [Update a published app](/graph/api/teamsapp-update?view=graph-rest-beta&preserve-view=true) (`PATCH /beta/appCatalogs/teamsApps/{id}`) -* _AppCatalog.ReadWrite.All_: [Remove a published app](/graph/api/teamsapp-delete?view=graph-rest-beta&preserve-view=true) (`DELETE /beta/appCatalogs/teamsApps/{id}`) +--- -#### Application +### AppCertTrustConfiguration.Read.All -None. +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | af281d3a-030d-4122-886e-146fb30a0413 +| DisplayText | - | Read the trusted certificate authority configuration for applications +| Description | - | Allows the app to read the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes --- -## Application resource permissions +### AppCertTrustConfiguration.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 4bae2ed4-473e-4841-a493-9829cfd51d48 +| DisplayText | - | Read and write the trusted certificate authority configuration for applications +| Description | - | Allows the app to create, read, update and delete the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Application.Read.All_ | Read applications | Allows the app to read applications and service principals on behalf of the signed-in user. | Yes | -| _Application.ReadWrite.All_ | Read and write all apps | Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. | Yes | -| _AppRoleAssignment.ReadWrite.All_ | Manage app permission grants and app role assignments | Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user. | Yes | -| _DelegatedPermissionGrant.ReadWrite.All_ | Manage delegated permission grants | Allows the app to manage delegated permission grants for any API (including Microsoft Graph), on behalf of the signed-in user. | Yes | +### Application.Read.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9a5d68dd-52b0-4cc2-bd40-abcf44ac3a30 | c79f8feb-a9db-4090-85f9-90d820caa0eb +| DisplayText | Read all applications | Read applications +| Description | Allows the app to read all applications and service principals without a signed-in user. | Allows the app to read applications and service principals on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Application.Read.All_ | Read applications | Allows the app to read applications and service principals without a signed-in user. | Yes | -| _Application.ReadWrite.All_ | Read and write all apps | Allows the calling app to create, and manage (read, update, update application secrets and delete) applications and service principals without a signed-in user. Does not allow management of consent grants or application assignments to users or groups. | Yes | -| _Application.ReadWrite.OwnedBy_ | Manage apps that this app creates or owns | Allows the calling app to create other applications and service principals, and fully manage those applications and service principals (read, update, update application secrets and delete), without a signed-in user. It cannot update any applications that it is not an owner of. | Yes | -| _AppRoleAssignment.ReadWrite.All_ | Manage app permission grants and app role assignments | Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user. | Yes | -| _DelegatedPermissionGrant.ReadWrite.All_ | Manage all delegated permission grants | Allows the app to grant or revoke any delegated permission for any API (including Microsoft Graph), without a signed-in user. | Yes | +--- -### Remarks +### Application.ReadWrite.All -> [!CAUTION] -> Permissions that allow granting authorization, such as _AppRoleAssignment.ReadWrite.All_, allow an application to grant additional privileges to itself, other applications, or any user. Likewise, permissions that allow managing credentials, such as _Application.ReadWrite.All_, allow an application to act as other entities, and use the privileges they were granted. Use caution when granting any of these permissions. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9 | bdfbf15f-ee85-4955-8675-146e8e5296b5 +| DisplayText | Read and write all applications | Read and write all applications +| Description | Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. | Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. +| AdminConsentRequired | Yes | Yes -The _Application.ReadWrite.OwnedBy_ permission allows the same operations as _Application.ReadWrite.All_ except that the former allows these operations only on applications and service principals that the calling app is an owner of. Ownership is indicated by the `owners` navigation property on the target [application](/graph/api/application-list-owners?view=graph-rest-beta&preserve-view=true) or [service principal](/graph/api/serviceprincipal-list-owners?view=graph-rest-beta&preserve-view=true) resource. +[!INCLUDE [Application.ReadWrite.All](../includes/permissions-notes/Application.ReadWrite.All.md)] -> [!NOTE] -> The *Application.ReadWrite.OwnedBy* permission allows an app to call `GET /applications` and `GET /servicePrincipals` to list all applications and service principals in the tenant. This scope of access has been allowed for the permission. +--- -### Example usage +### Application.ReadWrite.OwnedBy -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | 18a4783c-866b-4cc7-a460-3d5e5662c884 | - +| DisplayText | Manage apps that this app creates or owns | - +| Description | Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user.  It cannot update any apps that it is not an owner of. | - +| AdminConsentRequired | Yes | - -* _Application.Read.All_: List all applications (`GET /v1.0/applications`) -* _Application.ReadWrite.All_: Update a service principal (`PATCH /v1.0/servicePrincipals/{id}`) +[!INCLUDE [Application.ReadWrite.OwnedBy](../includes/permissions-notes/Application.ReadWrite.OwnedBy.md)] -#### Application +--- -* _Application.Read.All_: List all applications (`GET /v1.0/applications`) -* _Application.ReadWrite.All_: Delete a service principal (`DELETE /v1.0/servicePrincipals/{id}`) -* _Application.ReadWrite.OwnedBy_: Create an application (`POST /v1.0/applications`) -* _Application.ReadWrite.OwnedBy_: List all applications owned by the calling application (`GET /v1.0/servicePrincipals/{id}/ownedObjects`) -* _Application.ReadWrite.OwnedBy_: Add another owner to an owned application (`POST /v1.0/applications/{id}/owners/$ref`). +### Application-RemoteDesktopConfig.ReadWrite.All - > NOTE: This may require additional permissions. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3be0012a-cc4e-426b-895b-f9c836bf6381 | ffa91d43-2ad8-45cc-b592-09caddeb24bb +| DisplayText | Read and write the remote desktop security configuration for all apps | Read and write the remote desktop security configuration for apps +| Description | Allows the app to read and write the remote desktop security configuration for all apps in your organization, without a signed-in user. | Allows the app to read and write other apps' remote desktop security configuration, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Audit log permissions +### AppRoleAssignment.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 06b708a9-e830-4db3-a914-8e69da51d44f | 84bccea3-f856-4a8a-967b-dbe0a3d53a64 +| DisplayText | Manage app permission grants and app role assignments | Manage app permission grants and app role assignments +| Description | Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, without a signed-in user. | Allows the app to manage permission grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _AuditLog.Read.All_ | Read audit log data | Allows the app to read and query your audit log activities, on behalf of the signed-in user. | Yes | No | +[!INCLUDE [AppRoleAssignment.ReadWrite.All](../includes/permissions-notes/AppRoleAssignment.ReadWrite.All.md)] + +--- -#### Application permissions +### AttackSimulation.Read.All -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_AuditLog.Read.All_ |Read all audit log data |Allows the app to read and query your audit log activities, without a signed-in user. |Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 93283d0a-6322-4fa8-966b-8c121624760d | 104a7a4b-ca76-4677-b7e7-2f4bc482f381 +| DisplayText | Read attack simulation data of an organization | Read attack simulation data of an organization +| Description | Allows the app to read attack simulation and training data for an organization without a signed-in user. | Allows the app to read attack simulation and training data for an organization for the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Authentication events flow permissions +### AttackSimulation.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | e125258e-8c8a-42a8-8f55-ab502afa52f3 | 27608d7c-2c66-4cad-a657-951d575f5a60 +| DisplayText | Read, create, and update all attack simulation data of an organization | Read, create, and update attack simulation data of an organization +| Description | Allows the app to read, create, and update attack simulation and training data for an organization without a signed-in user. | Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:-----------|:---------------|:------------|:-----------------------|:----------------------------| -|EventListener.Read.All|Read your organization's authentication event listeners|Allows the app to read your organization's authentication event listeners on behalf of the signed-in user.|Yes|No| -|EventListener.ReadWrite.All|Read and write your organization's authentication event listeners|Allows the app to read or write your organization's authentication event listeners on behalf of the signed-in user.|Yes|No| +--- -#### Application permissions +### AuditLog.Read.All -| Permission | Display String | Description | Admin Consent Required | -|--------------|:-----------------|:--------------|:-------------------------| -|EventListener.Read.All|Read all authentication event listeners|Allows the app to read your organization's authentication event listeners without a signed-in user.|Yes| -| EventListener.ReadWrite.All | Read and write all authentication event listeners | Allows the app to read or write your organization's authentication event listeners without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | b0afded3-3588-46d8-8b3d-9842eff778da | e4c9e354-4dc5-45b8-9e7c-e1393b0b1a20 +| DisplayText | Read all audit log data | Read audit log data +| Description | Allows the app to read and query your audit log activities, without a signed-in user. | Allows the app to read and query your audit log activities, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## BitLocker recovery key permissions +### AuthenticationContext.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 381f742f-e1f8-4309-b4ab-e3d91ae4c5c1 | 57b030f1-8c35-469c-b0d9-e4a077debe70 +| DisplayText | Read all authentication context information | Read all authentication context information +| Description | Allows the app to read the authentication context information in your organization without a signed-in user. | Allows the app to read all authentication context information in your organization on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _BitlockerKey.ReadBasic.All_ | Read basic BitLocker key information | Allows an app to read the BitLocker key's properties for all devices in the tenant. The recovery key is not returned. | Yes | No | -| _BitlockerKey.Read.All_ | Read the BitLocker key | Allows an app to read the BitLocker keys for all devices in the tenant. The recovery key is returned. | Yes | No | +--- -#### Application permissions +### AuthenticationContext.ReadWrite.All -None. +| Category | Application | Delegated | +|--|--|--| +| Identifier | a88eef72-fed0-4bf7-a2a9-f19df33f8b83 | ba6d575a-1344-4516-b777-1404f5593057 +| DisplayText | Read and write all authentication context information | Read and write all authentication context information +| Description | Allows the app to read and update the authentication context information in your organization without a signed-in user. | Allows the app to read and update all authentication context information in your organization on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Example usage +--- -#### Delegated +### BillingConfiguration.ReadWrite.All -* _BitlockerKey.ReadBasic.All_: List the BitLocker recovery keys for all devices in the tenant without returning the 'key' property (`GET /bitlocker/recoveryKeys`). -* _BitlockerKey.Read.All_: Get a BitLocker recovery key with the recovery key (`GET /bitlocker/recoveryKeys/{bitlockerRecoveryKeyId}?$select=key`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9e8be751-7eee-4c09-bcfd-d64f6b087fd8 | 2bf6d319-dfca-4c22-9879-f88dcfaee6be +| DisplayText | Read and write application billing configuration | Read and write application billing configuration +| Description | Allows the app to read and write the billing configuration on all applications without a signed-in user. | Allows the app to read and write the billing configuration on all applications on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Bookings permissions +### BitlockerKey.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b27a61ec-b99c-4d6a-b126-c4375d08ae30 +| DisplayText | - | Read BitLocker keys +| Description | - | Allows the app to read BitLocker keys on behalf of the signed-in user, for their owned devices. Allows read of the recovery key. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Bookings.Read.All_ | Allows an app to read Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. | Intended for read-only applications. Typical target user is the customer of a booking business. | No | No | -| _BookingsAppointment.ReadWrite.All_ | Allows an app to read and write Bookings appointments and customers, and additionally allows reading businesses, services, and staff on behalf of the signed-in user. | Intended for scheduling applications which need to manipulate appointments and customers. Cannot change fundamental information about the booking business, nor its services and staff members. Typical target user is the customer of a booking business.| No | No | -| _Bookings.ReadWrite.All_ | Allows an app to read and write Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. Does not allow create, delete, or publish of Bookings businesses. | Intended for management applications that manipulate existing businesses, their services and staff members. Cannot create, delete, or change the publishing status of a booking business. Typical target user is the support staff of an organization.| No | No | -| _Bookings.Manage.All_ | Allows an app to read, write, and manage Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. | Allows the app to have full access.
Intended for a full management experience. Typical target user is the administrator of an organization.| No | No | +--- -#### Application permissions +### BitlockerKey.ReadBasic.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Bookings.Read.All_ | Allows an app to read Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. | Intended for read-only applications. Typical target user is the customer of a booking business. | Yes | No | -| _BookingsAppointment.ReadWrite.All_ | Allows an app to read and write Bookings appointments and customers, and additionally allows reading businesses, services, and staff on behalf of the signed-in user. | Intended for scheduling applications which need to manipulate appointments and customers. Cannot change fundamental information about the booking business, nor its services and staff members. Typical target user is the customer of a booking business.| Yes | No | -| _Bookings.ReadWrite.All_ | Allows an app to read and write Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. Does not allow create, delete, or publish of Bookings businesses. | Intended for management applications that manipulate existing businesses, their services and staff members. Cannot create, delete, or change the publishing status of a booking business. Typical target user is the support staff of an organization.| Yes | No | -| _Bookings.Manage.All_ | Allows an app to read, write, and manage Bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. | Allows the app to have full access.
Intended for a full management experience. Typical target user is the administrator of an organization.| Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5a107bfc-4f00-4e1a-b67e-66451267bc68 +| DisplayText | - | Read BitLocker keys basic information +| Description | - | Allows the app to read basic BitLocker key properties on behalf of the signed-in user, for their owned devices. Does not allow read of the recovery key itself. +| AdminConsentRequired | - | Yes -### Example usage +--- -#### Delegated +### Bookings.Manage.All -* _Bookings.Read.All_: Get the ID and names of the collection of Bookings businesses that has been created for a tenant (`GET /bookingBusinesses`). -* _BookingsAppointment.ReadWrite.All_: Create an appointment for a service at a Bookings business (`POST /bookingBusinesses/{id}/appointments`). -* _Bookings.ReadWrite.All_: Create a new service for the specified Bookings business (`POST /bookingBusinesses/{id}/services`). -* _Bookings.Manage.All_: Make the scheduling page of this business available to external customers (`POST /bookingBusinesses/{id}/publish`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 7f36b48e-542f-4d3b-9bcb-8406f0ab9fdb +| DisplayText | - | Manage bookings information +| Description | - | Allows an app to read, write and manage bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. +| AdminConsentRequired | - | No --- -## Browser management permissions +### Bookings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6e98f277-b046-4193-a4f2-6bf6a78cd491 | 33b1df99-4b29-4548-9339-7a7b83eaeebc +| DisplayText | Read all Bookings related resources. | Read bookings information +| Description | Allows an app to read Bookings appointments, businesses, customers, services, and staff without a signed-in user. | Allows an app to read bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _BrowserSiteLists.Read.All_ | Read browser site lists for your organization | Allows an app to read the browser site lists configured for your organization, on behalf of the signed-in user. | No | No | -| _BrowserSiteLists.ReadWrite.All_ | Read and write browser site lists for your organization | Allows an app to read and write the browser site lists configured for your organization, on behalf of the signed-in user. | No | No | +### Bookings.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 948eb538-f19d-4ec5-9ccc-f059e1ea4c72 +| DisplayText | - | Read and write bookings information +| Description | - | Allows an app to read and write bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. Does not allow create, delete and publish of booking businesses. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _BrowserSiteLists.Read.All_ | Read all browser site lists for your organization | Allows an app to read all browser site lists configured for your organization, without a signed-in user. | Yes | No | -| _BrowserSiteLists.ReadWrite.All_ | Read and write all browser site lists for your organization | Allows an app to read and write all browser site lists configured for your organization, without a signed-in user. | Yes | No | +--- -### Example usage +### BookingsAppointment.ReadWrite.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9769393e-5a9f-4302-9e3d-7e018ecb64a7 | 02a5a114-36a6-46ff-a102-954d89d9ab02 +| DisplayText | Read and write all Bookings related resources. | Read and write booking appointments +| Description | Allows an app to read and write Bookings appointments and customers, and additionally allows reading businesses, services, and staff without a signed-in user. | Allows an app to read and write bookings appointments and customers, and additionally allows read businesses information, services, and staff on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -* _BrowserSiteLists.Read.All_: List all browser site lists, on behalf of a signed-in user (`GET /beta/admin/edge/internetExplorerMode/siteLists`) -* _BrowserSiteLists.ReadWrite.All_: Update a browser site list, on behalf of a signed-in user (`PATCH /beta/admin/edge/internetExplorerMode/siteLists/{browserSiteListId}`) +--- -#### Application +### Bookmark.Read.All -* _BrowserSiteLists.Read.All_: List all browser site lists, without a signed-in user (`GET /beta/admin/edge/internetExplorerMode/siteLists`) -* _BrowserSiteLists.ReadWrite.All_: Delete a browser site list, without a signed-in user (`DELETE /beta/admin/edge/internetExplorerMode/siteLists/{browserSiteListId}`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | be95e614-8ef3-49eb-8464-1c9503433b86 | 98b17b35-f3b1-4849-a85f-9f13733002f0 +| DisplayText | Read all bookmarks | Read all bookmarks that the user can access +| Description | Allows an app to read all bookmarks without a signed-in user. | Allows an app to read all bookmarks that the signed-in user can access. +| AdminConsentRequired | Yes | No --- -## Business scenarios permissions +### BrowserSiteLists.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | c5ee1f21-fc7f-4937-9af0-c91648ff9597 | fb9be2b7-a7fc-4182-aec1-eda4597c43d5 +| DisplayText | Read all browser site lists for your organization | Read browser site lists for your organization +| Description | Allows an app to read all browser site lists configured for your organization, without a signed-in user. | Allows an app to read the browser site lists configured for your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|BusinessScenarioConfig.Read.All|Read business scenario configurations|Allows the app to read the configurations for the business scenarios of your organization, on behalf of the signed-in user.|Yes|No| -|BusinessScenarioConfig.Read.OwnedBy|Read business scenario configurations this app creates or owns|Allows the app to read the configurations of business scenarios it owns, on behalf of the signed-in user.|Yes|No| -|BusinessScenarioConfig.ReadWrite.All|Read and write business scenario configurations|Allows the app to read and write the configurations for the business scenarios of your organization, on behalf of the signed-in user.|Yes|No| -|BusinessScenarioConfig.ReadWrite.OwnedBy|Read and write business scenario configurations this app creates or owns|Allows the app to create new business scenarios and fully manage the configurations of scenarios it owns, on behalf of the signed-in user.|Yes|No| -|BusinessScenarioData.Read.OwnedBy|Read all data for business scenarios this app creates or owns|Allows the app to read all data associated with the business scenarios it owns. Data access will be attributed to the signed-in user.|Yes|No| -|BusinessScenarioData.ReadWrite.OwnedBy|Read and write all data for business scenarios this app creates or owns|Allows the app to fully manage all data associated with the business scenarios it owns. Data access and changes will be attributed to the signed-in user.|Yes|No| +### BrowserSiteLists.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8349ca94-3061-44d5-9bfb-33774ea5e4f9 | 83b34c85-95bf-497b-a04e-b58eca9d49d0 +| DisplayText | Read and write all browser site lists for your organization | Read and write browser site lists for your organization +| Description | Allows an app to read and write all browser site lists configured for your organization, without a signed-in user. | Allows an app to read and write the browser site lists configured for your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|BusinessScenarioConfig.Read.OwnedBy|Read all business scenario configurations this app creates or owns|Allows the app to read the configurations of business scenarios it owns, without a signed-in user.|Yes| -|BusinessScenarioConfig.ReadWrite.OwnedBy|Read and write all business scenario configurations this app creates or owns|Allows the app to create new business scenarios and fully manage the configurations of scenarios it owns, without a signed-in user.|Yes| -|BusinessScenarioData.Read.OwnedBy|Read data for all business scenarios this app creates or owns|Allows the app to read the data associated with the business scenarios it owns, without a signed-in user.|Yes| -|BusinessScenarioData.ReadWrite.OwnedBy|Read and write data for all business scenarios this app creates or owns|Allows the app to fully manage the data associated with the business scenarios it owns, without a signed-in user.|Yes| +--- -### Example usage +### BusinessScenarioConfig.Read.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | d16480b2-e469-4118-846b-d3d177327bee +| DisplayText | - | Read business scenario configurations +| Description | - | Allows the app to read the configurations of your organization's business scenarios, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -* _BusinessScenarioConfig.ReadWrite.OwnedBy_: Create a new business scenario (`POST /solutions/businessScenarios`) -* _BusinessScenarioConfig.Read.All_: Get a list of all business scenarios in an organization (`GET /solutions/businessScenarios`) +--- -#### Application +### BusinessScenarioConfig.Read.OwnedBy -* _BusinessScenarioConfig.ReadWrite.OwnedBy_: Update the Planner plan configuration for a business scenario (`PATCH /solutions/businessScenarios/c5d514e6c6864911ac46c720affb6e4d/planner/planConfiguration`) -* _BusinessScenarioData.ReadWrite.OwnedBy_: Delete a Planner task in a business scenario (`DELETE /solutions/businessScenarios/c5d514e6c6864911ac46c720affb6e4d/planner/tasks/M60dlXLEkk-ZocLUTDvBSpcAGRaa`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | acc0fc4d-2cd6-4194-8700-1768d8423d86 | c47e7b6e-d6f1-4be9-9ffd-1e00f3e32892 +| DisplayText | Read all business scenario configurations this app creates or owns | Read business scenario configurations this app creates or owns +| Description | Allows the app to read the configurations of business scenarios it owns, without a signed-in user. | Allows the app to read the configurations of business scenarios it owns, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Calendars permissions +### BusinessScenarioConfig.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 755e785b-b658-446f-bb22-5a46abd029ea +| DisplayText | - | Read and write business scenario configurations +| Description | - | Allows the app to read and write the configurations of your organization's business scenarios, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Calendars.Read_ |Read user calendars |Allows the app to read events in user calendars. |No | Yes | -| _Calendars.Read.Shared_ |Read user and shared calendars |Allows the app to read events in all calendars that the user can access, including delegate and shared calendars. |No | No | -| _Calendars.ReadWrite_ |Have full access to user calendars |Allows the app to create, read, update, and delete events in user calendars. |No | Yes | -| _Calendars.ReadWrite.Shared_ |Read and write user and shared calendars |Allows the app to create, read, update and delete events in all calendars the user has permissions to access. This includes delegate and shared calendars.|No | No | -| _Calendars.ReadBasic_ |Read basic details of user calendars |Allows the app to read events in user calendars, except for properties such as body, attachments, and extensions.|Yes | No | +--- -
+### BusinessScenarioConfig.ReadWrite.OwnedBy -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | bbea195a-4c47-4a4f-bff2-cba399e11698 | b3b7fcff-b4d4-4230-bf6f-90bd91285395 +| DisplayText | Read and write all business scenario configurations this app creates or owns | Read and write business scenario configurations this app creates or owns +| Description | Allows the app to create new business scenarios and fully manage the configurations of scenarios it owns, without a signed-in user. | Allows the app to create new business scenarios and fully manage the configurations of scenarios it owns, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_Calendars.Read_ |Read calendars in all mailboxes |Allows the app to read events of all calendars without a signed-in user. |Yes | -|_Calendars.ReadWrite_ |Read and write calendars in all mailboxes |Allows the app to create, read, update, and delete events of all calendars without a signed-in user. |Yes | -| _Calendars.ReadBasic.All_ |Read basic details of calendars in all mailboxes|Allows the app to read events of all calendars, except for properties such as body, attachments, and extensions, without a signed-in user. |Yes | +--- -> **Important** -Administrators can configure [application access policy](auth-limit-mailbox-access.md) to limit app access to _specific_ mailboxes and not to all the mailboxes in the organization, even if the app has been granted the application permissions of Calendars.Read or Calendars.ReadWrite. -
+### BusinessScenarioData.Read.OwnedBy -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6c0257fd-cffe-415b-8239-2d0d70fdaa9c | 25b265c4-5d34-4e44-952d-b567f6d3b96d +| DisplayText | Read data for all business scenarios this app creates or owns | Read all data for business scenarios this app creates or owns +| Description | Allows the app to read the data associated with the business scenarios it owns, without a signed-in user. | Allows the app to read all data associated with the business scenarios it owns. Data access will be attributed to the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated +--- -* _Calendars.Read_: Get events on the user's calendar between April 23, 2017 and April 29, 2017 (`GET /me/calendarView?startDateTime=2017-04-23T00:00:00&endDateTime=2017-04-29T00:00:00`). -* _Calendars.Read.Shared_: Find meeting times where all attendees are available (`POST /users/{id|userPrincipalName}/findMeetingTimes`). -* _Calendars.ReadWrite_: Add an event to the user's calendar (`POST /me/events`). +### BusinessScenarioData.ReadWrite.OwnedBy -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | f2d21f22-5d80-499e-91cc-0a8a4ce16f54 | 19932d57-2952-4c60-8634-3655c79fc527 +| DisplayText | Read and write data for all business scenarios this app creates or owns | Read and write all data for business scenarios this app creates or owns +| Description | Allows the app to fully manage the data associated with the business scenarios it owns, without a signed-in user. | Allows the app to fully manage all data associated with the business scenarios it owns. Data access and changes will be attributed to the signed-in user. +| AdminConsentRequired | Yes | Yes -* _Calendars.Read_: Find events in a conference room's calendar organized by bob@contoso.com (`GET /users/{id | userPrincipalName}/events?$filter=organizer/emailAddress/address eq 'bob@contoso.com'`). -* _Calendars.Read_: List all events on a user's calendar for the month of May (`GET /users/{id | userPrincipalName}/calendarView?startDateTime=2017-05-01T00:00:00&endDateTime=2017-06-01T00:00:00`) -* _Calendars.ReadWrite_: Add an event to a user's calendar for approved time off (`POST /users/{id | userPrincipalName}/events`). +--- -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +### Calendars.Read -## Calls permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 798ee544-9d2d-430c-a058-570e29e34338 | 465a38f9-76ea-45b9-9f34-9e8b0d4b0b42 +| DisplayText | Read calendars in all mailboxes | Read user calendars +| Description | Allows the app to read events of all calendars without a signed-in user. | Allows the app to read events in user calendars . +| AdminConsentRequired | Yes | No -#### Delegated permissions +[!INCLUDE [Calendars.Read](../includes/permissions-notes/Calendars.Read.md)] -None. +--- -
+### Calendars.Read.Shared -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2b9c4092-424d-4249-948d-b43879977640 +| DisplayText | - | Read user and shared calendars +| Description | - | Allows the app to read events in all calendars that the user can access, including delegate and shared calendars. +| AdminConsentRequired | - | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_Calls.Initiate.All_|Initiate outgoing 1:1 calls from the app|Allows the app to place outbound calls to a single user and transfer calls to users in your organization's directory, without a signed-in user.|Yes| -|_Calls.InitiateGroupCall.All_|Initiate outgoing group calls from the app|Allows the app to place outbound calls to multiple users and add participants to meetings in your organization, without a signed-in user.|Yes| -|_Calls.JoinGroupCall.All_|Join group calls and meetings as an app|Allows the app to join group calls and scheduled meetings in your organization, without a signed-in user. The app will be joined with the privileges of a directory user to meetings in your tenant.|Yes| -|_Calls.JoinGroupCallasGuest.All_|Join group calls and meetings as a guest|Allows the app to anonymously join group calls and scheduled meetings in your organization, without a signed-in user. The app will be joined as a guest to meetings in your tenant.|Yes| -|_Calls.AccessMedia.All_\*|Access media streams in a call as an app|Allows the app to get direct access to media streams in a call, without a signed-in user.|Yes| +--- -> \***Important:** You may NOT use the Cloud Communications APIs to record or otherwise persist media content from calls or meetings that your application accesses, or data derived from that media content. Make sure that you are compliant with the laws and regulations in your area regarding data protection and confidentiality of communications. Please see the [Terms of Use](/legal/microsoft-apis/terms-of-use) and consult with your legal counsel for more information. +### Calendars.ReadBasic -
+| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 662d75ba-a364-42ad-adee-f5f880ea4878 +| DisplayText | - | Read basic details of user calendars +| Description | - | Allows the app to read events in user calendars, except for properties such as body, attachments, and extensions. +| AdminConsentRequired | - | No -### Example usage +--- -#### Application +### Calendars.ReadBasic.All -* _Calls.Initiate.All_: Make a peer-to-peer call from the application to a user in the organization (`POST /beta/communications/calls`). -* _Calls.InitiateGroupCall.All_: Make a group call from the application to a group of users in the organization (`POST /beta/communications/calls`). -* _Calls.JoinGroupCall.All_: Join a group call or online meeting from the application (`POST /beta/communications/calls`). -* _Calls.JoinGroupCallasGuest.All_: Join a group call or online meeting from the application, but the application only has guest privileges in the meeting (`POST /beta/communications/calls`). -* _Calls.AccessMedia.All_: Create or join a call and the app gets direct access to participant media streams in the call (`POST /beta/communications/calls`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8ba4a692-bc31-4128-9094-475872af8a53 | - +| DisplayText | Read basic details of calendars in all mailboxes | - +| Description | Allows the app to read events of all calendars, except for properties such as body, attachments, and extensions, without a signed-in user. | - +| AdminConsentRequired | Yes | - -> **Note:** For request examples, see [Create call](/graph/api/application-post-calls?view=graph-rest-beta&preserve-view=true). +--- -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +### Calendars.ReadWrite -## Call records permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | ef54d2bf-783f-4e0f-bca1-3210c0444d99 | 1ec239c2-d7c9-4623-a91a-a9775856bb36 +| DisplayText | Read and write calendars in all mailboxes | Have full access to user calendars +| Description | Allows the app to create, read, update, and delete events of all calendars without a signed-in user. | Allows the app to create, read, update, and delete events in user calendars. +| AdminConsentRequired | Yes | No -#### Delegated permissions +[!INCLUDE [Calendars.ReadWrite](../includes/permissions-notes/Calendars.ReadWrite.md)] -None. +--- -
+### Calendars.ReadWrite.Shared -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 12466101-c9b8-439a-8589-dd09ee67e8e9 +| DisplayText | - | Read and write user and shared calendars +| Description | - | Allows the app to create, read, update and delete events in all calendars in the organization user has permissions to access. This includes delegate and shared calendars. +| AdminConsentRequired | - | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_CallRecords.Read.All_|Read all call records|Allows the app to read call records for all calls and online meetings without a signed-in user.|Yes| -|_CallRecord-PstnCalls.Read.All_|Read PSTN and direct routing call log data|Allows the app to read all PSTN and direct routing call log data without a signed-in user.|Yes| +--- -### Remarks +### CallEvents.Read.All -The _CallRecords.Read.All_ permission grants an application privileged access to [callRecords](/graph/api/resources/callrecords-callrecord) for every call and online meeting within your organization, including calls to and from external phone numbers. This includes potentially sensitive details about who participated in the call, as well as technical information pertaining to these calls and meetings that can be used for network troubleshooting, such as IP addresses, device details, and other network information. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1abb026f-7572-49f6-9ddd-ad61cbba181e | - +| DisplayText | Read all call events | - +| Description | Allows the app to read call event information for all users in your organizatio, without a signed-in user. | - +| AdminConsentRequired | Yes | - -The _CallRecord-PstnCalls.Read.All_ permission grants an application access to [PSTN (calling plans)](/graph/api/callrecords-callrecord-getpstncalls) and [direct routing](/graph/api/callrecords-callrecord-getdirectroutingcalls) call logs. This includes potentially sensitive information about users as well as calls to and from external phone numbers. +--- -> **Important:** Discretion should be used when granting these permissions to applications. Call records can provide insights into the operation of your business, and so can be a target for malicious actors. Only grant these permissions to applications you trust to meet your data protection requirements. +### CallRecord-PstnCalls.Read.All -> **Important:** Make sure that you are compliant with the laws and regulations in your area regarding data protection and confidentiality of communications. Please see the [Terms of Use](/legal/microsoft-apis/terms-of-use) and consult with your legal counsel for more information. +| Category | Application | Delegated | +|--|--|--| +| Identifier | a2611786-80b3-417e-adaa-707d4261a5f0 | - +| DisplayText | Read PSTN and direct routing call log data | - +| Description | Allows the app to read all PSTN and direct routing call log data without a signed-in user. | - +| AdminConsentRequired | Yes | - -
+[!INCLUDE [CallRecord-PstnCalls.Read.All](../includes/permissions-notes/CallRecord-PstnCalls.Read.All.md)] -### Example usage +--- -#### Application +### CallRecords.Read.All -* _CallRecords.Read.All_: Retrieve a call record (`GET /v1.0/communications/callRecords/{id}`). -* _CallRecords.Read.All_: Subscribe to new call records (`POST /v1.0/subscriptions`). -* _CallRecords.Read.All_: Retrieve direct routing call records within the specified time range (`GET /v1.0/communications/callRecords/microsoft.graph.callRecords.getDirectRoutingCalls(fromDateTime={start date and time),toDateTime={end date and time))`) -* _CallRecord-PstnCalls.Read.All_: Retrieve PSTN call records within the specified time range (`GET /v1.0/communications/callRecords/microsoft.graph.callRecords.getPstnCalls(fromDateTime={start date and time),toDateTime={end date and time))`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 45bbb07e-7321-4fd7-a8f6-3ff27e6a81c8 | - +| DisplayText | Read all call records | - +| Description | Allows the app to read call records for all calls and online meetings without a signed-in user. | - +| AdminConsentRequired | Yes | - -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +[!INCLUDE [CallRecords.Read.All](../includes/permissions-notes/CallRecords.Read.All.md)] -## Channel permissions +--- -#### Delegated permissions +### Calls.AccessMedia.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Channel.ReadBasic.All_ | Read the names and descriptions of channels. | Read channel names and channel descriptions, on behalf of the signed-in user. | No | No | -| _Channel.Create_ | Create channels. | Create channels in any team, on behalf of the signed-in user. | Yes | No | -| _Channel.Delete.All_ | Delete channels. | Delete channels in any team, on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | a7a681dc-756e-4909-b988-f160edc6655f | - +| DisplayText | Access media streams in a call as an app | - +| Description | Allows the app to get direct access to media streams in a call, without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Channel.ReadBasic.All_ | Read the names and descriptions of all channels. | Read all channel names and channel descriptions, without a signed-in user. | Yes | No | -| _Channel.Create_ | Create channels. | Create channels in any team, without a signed-in user. | Yes | No | -| _Channel.Delete.All_ | Delete channels. | Delete channels in any team, without a signed-in user. | Yes | No | -|_Teamwork.Migrate.All_|Manage migration to Microsoft Teams|Creating and managing resources for migration to Microsoft Teams|Yes|Yes| +### Calls.Initiate.All -## Channel member permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 284383ee-7f6e-4e40-a2a8-e85dcb029101 | - +| DisplayText | Initiate outgoing 1 to 1 calls from the app | - +| Description | Allows the app to place outbound calls to a single user and transfer calls to users in your organization’s directory, without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_ChannelMember.Read.All_ |Read the members of channels. |Read the members of channels, on behalf of the signed-in user. |Yes | No | -|_ChannelMember.ReadWrite.All_ | Add and remove members from channels.| Add and remove members from channels, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner.| Yes | No | +### Calls.InitiateGroupCall.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4c277553-8a09-487b-8023-29ee378d8324 | - +| DisplayText | Initiate outgoing group calls from the app | - +| Description | Allows the app to place outbound calls to multiple users and add participants to meetings in your organization, without a signed-in user. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_ChannelMember.Read.All_ |Read the members of all channels. |Read the members of all channels, without a signed-in user. |Yes | No | -|_ChannelMember.ReadWrite.All_ |Add and remove members from all channels.|Add and remove members from all channels, without a signed-in user. Also allows changing a member's role, for example from owner to non-owner.| Yes | No | +--- -## Channel message permissions +### Calls.JoinGroupCall.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f6b49018-60ab-4f81-83bd-22caeabfed2d | - +| DisplayText | Join group calls and meetings as an app | - +| Description | Allows the app to join group calls and scheduled meetings in your organization, without a signed-in user.  The app will be joined with the privileges of a directory user to meetings in your organization. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_ChannelMessage.Edit_ (private preview)|Edit user's channel messages |Allows an app to edit channel messages in Microsoft Teams, on behalf of the signed-in user. |Yes | No | -|_ChannelMessage.Read.All_ |Read user channel messages |Allows an app to read a channel's messages in Microsoft Teams, on behalf of the signed-in user. |Yes | No | -|_ChannelMessage.Send_ |Send channel messages |Allows an app to send channel messages in Microsoft Teams, on behalf of the signed-in user. |No| No | +--- -#### Application permissions +### Calls.JoinGroupCallAsGuest.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_ChannelMessage.Read.All_ |Read all channel messages  |Allows the app to read all channel messages in Microsoft Teams, without a signed-in user. |Yes | No | -|_ChannelMessage.UpdatePolicyViolation.All_ |Flag channel messages for violating policy |Allows the app to update Microsoft Teams channel messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | fd7ccf6b-3d28-418b-9701-cd10f5cd2fd4 | - +| DisplayText | Join group calls and meetings as a guest | - +| Description | Allows the app to anonymously join group calls and scheduled meetings in your organization, without a signed-in user.  The app will be joined as a guest to meetings in your organization. | - +| AdminConsentRequired | Yes | - -> **Note:** See also [Group.Read.All](#group-permissions). +--- -## Channel settings permissions +### Channel.Create -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f3a65bd4-b703-46df-8f7e-0174fea562aa | 101147cf-4178-4455-9d58-02b5c164e759 +| DisplayText | Create channels | Create channels +| Description | Create channels in any team, without a signed-in user. | Create channels in any team, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ChannelSettings.Read.All_ | Read the names, descriptions, and settings of channels. | Read all channel names, channel descriptions, and channel settings, on behalf of the signed-in user.| Yes | No | -| _ChannelSettings.ReadWrite.All_ | Read and write the names, descriptions, and settings of channels. | Read and write the names, descriptions, and settings of all channels, on behalf of the signed-in user.| Yes | No | +--- -#### Application permissions +### Channel.Delete.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ChannelSettings.Read.All_ | Read the names, descriptions, and settings of all channels. | Read all channel names, channel descriptions, and channel settings, without a signed-in user.| Yes | No | -| _ChannelSettings.ReadWrite.All_ | Read and write the names, descriptions, and settings of all channels. | Read and write the names, descriptions, and settings of all channels, without a signed-in user.| Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6a118a39-1227-45d4-af0c-ea7b40d210bc | cc83893a-e232-4723-b5af-bd0b01bcfe65 +| DisplayText | Delete channels | Delete channels +| Description | Delete channels in any team, without a signed-in user. | Delete channels in any team, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Chat permissions +--- -#### Delegated permissions +### Channel.ReadBasic.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_Chat.Read_ |Read your chat messages.  |Allows an app to read your 1:1 or group chat messages in Microsoft Teams, on your behalf. |No | No | -|_Chat.ReadBasic_ |Read names and members of user chat threads. |Allows an app to read the members and descriptions of 1:1 and group chats threads, on behalf of the signed-in user. |No | No | -|_Chat.ReadWrite_ |Read your chat messages and send new ones.  |Allows an app to read and send your 1:1 or group chat messages in Microsoft Teams, on your behalf. |No | No | -|_Chat.ManageDeletion.All_ |Delete and recover deleted chats.  |Allows the app to delete and recover deleted chats, on behalf of the signed-in user. |Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 59a6b24b-4225-4393-8165-ebaec5f55d7a | 9d8982ae-4365-4f57-95e9-d6032a4c0b87 +| DisplayText | Read the names and descriptions of all channels | Read the names and descriptions of channels +| Description | Read all channel names and channel descriptions, without a signed-in user. | Read channel names and channel descriptions, on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_Chat.Read.WhereInstalled_ |Read all chat messages for chats where the associated Teams application is installed. |Allows the app to read all one-to-one or group chat messages in Microsoft Teams for chats where the associated Teams application is installed, without a signed-in user. | Yes | No | -|_Chat.Read.All_ |Read all chat messages.  |Allows the app to read all 1:1 or group chat messages in Microsoft Teams, without a signed-in user. |Yes | No | -|_Chat.ReadBasic.WhereInstalled_ |Read names and members of all chat threads where the associated Teams application is installed. |Allows the app to read names and members of all one-to-one and group chats in Microsoft Teams where the associated Teams application is installed, without a signed-in user. | Yes | No | -|_Chat.ReadBasic.All_ |Read names and members of user chat threads. |Read names and members of all chat threads. |Yes | No | -|_Chat.UpdatePolicyViolation.All_ |Flag chat messages for violating policy. |Allows the app to update Microsoft Teams 1:1 or group chat messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. | Yes | No | -|_Chat.ReadWrite.WhereInstalled_ |Read and write all chat messages for chats where the associated Teams application is installed. |Allows the app to read and write all chat messages in Microsoft Teams for chats where the associated Teams application is installed, without a signed-in user. | Yes | No | -|_Chat.ReadWrite.All_ |Read and write all chat messages. |Allows an app to read and write all one-to-one and group chats in Microsoft Teams, without a signed-in user. Does not allow sending messages. | Yes | No | -|_Chat.ManageDeletion.All_ |Delete and recover deleted chats. |Allows the app to delete and recover deleted chats, without a signed-in user. | Yes | No | +### ChannelMember.Read.All -> **Note:** For messages in a channel, see [ChannelMessage permissions](#channel-message-permissions). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3b55498e-47ec-484f-8136-9013221c06a9 | 2eadaff8-0bce-4198-a6b9-2cfc35a30075 +| DisplayText | Read the members of all channels | Read the members of channels +| Description | Read the members of all channels, without a signed-in user. | Read the members of channels, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Chat membership permissions +--- -#### Delegated permissions +### ChannelMember.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| :--------------------- | :--------------------------------- | :----------------------------------------------------------- | :--------------------- | :-------------------------- | -| _ChatMember.Read_ | Read the members of chats. | Read the members of chats on behalf of the signed-in user. | Yes | No | -| _ChatMember.ReadWrite_ | Add and remove members from chats. | Add and remove members from chats on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 35930dcf-aceb-4bd1-b99a-8ffed403c974 | 0c3e411a-ce45-4cd1-8f30-f99a3efa7b11 +| DisplayText | Add and remove members from all channels | Add and remove members from channels +| Description | Add and remove members from all channels, without a signed-in user. Also allows changing a member's role, for example from owner to non-owner. | Add and remove members from channels, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner. +| AdminConsentRequired | Yes | Yes -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| :------------------------------------ | :----------------------------------------------------------- | :----------------------------------------------------------- | :--------------------- | :-------------------------- | -| _ChatMember.Read.WhereInstalled_ | Read the members of all chats where the associated Teams application is installed. | Allows the app to read the members of all chats where the associated Teams application is installed, without a signed-in user. | Yes | No | -| _ChatMember.Read.All_ | Read the members of all chats. | Allows the app to read all 1:1 or group chat messages in Microsoft Teams, without a signed-in user. | Yes | No | -| _ChatMember.ReadWrite.WhereInstalled_ | Add and remove members from all chats where the associated Teams application is installed. | Allows the app to add and remove members from all chats where the associated Teams application is installed, without a signed-in user. | Yes | No | -| _ChatMember.ReadWrite.All_ | Add and remove members of all chats. | Read names and members of all chat threads. | Yes | No | +### ChannelMessage.Edit -## Chat resource-specific consent permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2b61aa8a-6d36-4b2f-ac7b-f29867937c53 +| DisplayText | - | Edit user's channel messages +| Description | - | Allows an app to edit channel messages in Microsoft Teams, on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:-------------------------------|:--------------------------------------------------------------|:-------------|:-----------------------|:----------------------------| -| _ChatSettings.Read.Chat_ | Read this chat's settings. | Allows the app to read this chat's settings, without a signed-in user. |No | No | -| _ChatSettings.ReadWrite.Chat_ | Read and write this chat's settings. | Allows the app to read and write this chat's settings, without a signed-in user. |No | No | -| _ChatMessage.Read.Chat_ | Read this chat's messages. | Allows the app to read this chat's messages, without a signed-in user. |No | No | -| _ChatMember.Read.Chat_ | Read this chat's members. | Allows the app to read this chat's members, without a signed-in user. |No | No | -| _Chat.Manage.Chat_ | Manage this chat. | Allows the app to manage the chat, the chat's members, and grant access to the chat's data, without a signed-in user. |No | No | -| _TeamsTab.Read.Chat_ | Read this chat's tabs. | Allows the app to read this chat's tabs, without a signed-in user. |No | No | -| _TeamsTab.Create.Chat_ | Create tabs in this chat. | Allows the app to create tabs in this chat, without a signed-in user. |No | No | -| _TeamsTab.Delete.Chat_ | Delete this chat's tabs. | Allows the app to delete this chat's tabs, without a signed-in user. |No | No | -| _TeamsTab.ReadWrite.Chat_ | Manage this chat's tabs. | Allows the app to manage this chat's tabs, without a signed-in user. |No | No | -| _TeamsAppInstallation.Read.Chat_ | Read which apps are installed in this chat. | Allows the app to read the Teams apps that are installed in this chat along with the permissions granted to each app, without a signed-in user. |No | No | -| _OnlineMeeting.ReadBasic.Chat_ | Read basic properties of a meeting associated with this chat. | Allows the app to read basic properties—such as name, schedule, organizer, and join link—of a meeting associated with this chat, without a signed-in user. |No | No | -| _Calls.AccessMedia.Chat_ | Access media streams in calls associated with this chat or meeting. | Allows the app to access media streams in calls associated with this chat or meeting, without a signed-in user. |No | No | -| _Calls.JoinGroupCalls.Chat_ | Join calls associated with this chat or meeting. | Allows the app to join calls associated with this chat or meeting, without a signed-in user. |No | No | -| _TeamsActivity.Send.Chat_ | Send activity feed notifications to users in this chat. | Allows the app to create new notifications in the teamwork activity feeds of the users in this chat, without a signed-in user. | No | No | +### ChannelMessage.Read.All ->[!NOTE] -> Currently, these permissions are supported only in the beta version of Microsoft Graph. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7b2449af-6ccd-4f4d-9f78-e550c193f0d1 | 767156cb-16ae-4d10-8f8b-41b657c8c8c8 +| DisplayText | Read all channel messages | Read user channel messages +| Description | Allows the app to read all channel messages in Microsoft Teams | Allows an app to read a channel's messages in Microsoft Teams, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## ChatMessage permissions +--- -#### Delegated permissions +### ChannelMessage.ReadWrite -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ChatMessage.Send_ | Send user chat messages | Allows an app to send 1:1 and group chat messages in Microsoft Teams, on behalf of the signed-in user. | No | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5922d31f-46c8-4404-9eaf-2117e390a8a4 +| DisplayText | - | Read and write user channel messages +| Description | - | Allows the app to read and write channel messages, on behalf of the signed-in user. This doesn't allow the app to edit the policyViolation of a channel message. +| AdminConsentRequired | - | Yes --- -## Cloud PC permissions +### ChannelMessage.Send -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ebf0f66e-9fb1-49e4-a278-222f76911cf4 +| DisplayText | - | Send channel messages +| Description | - | Allows an app to send channel messages in Microsoft Teams, on behalf of the signed-in user. +| AdminConsentRequired | - | No + +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_CloudPC.Read.All_ | Read Cloud PCs | Allows the app to read Cloud PC objects such as provisioning policies, on behalf of the signed-in user. | No | No | -|_CloudPC.ReadWrite.All_ | Read and write Cloud PCs | Allows the app to create, read, update, and delete Cloud PC objects such as Azure network connections, provisioning policies, and device images, on behalf of the user. | Yes | No | +### ChannelMessage.UpdatePolicyViolation.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4d02b0cc-d90b-441f-8d82-4fb55c34d6bb | - +| DisplayText | Flag channel messages for violating policy | - +| Description | Allows the app to update Microsoft Teams channel messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_CloudPC.Read.All_ | Read Cloud PCs | Allows the app to read Cloud PC objects such as provisioning policies, without a signed-in user. | Yes | No | -|_CloudPC.ReadWrite.All_ | Read and write Cloud PCs | Allows the app to create, read, update, and delete Cloud PC objects such as Azure network connections, provisioning policies, and device images, without a signed-in user. | Yes | No | +--- -### Example usage +### ChannelSettings.Read.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | c97b873f-f59f-49aa-8a0e-52b32d762124 | 233e0cf1-dd62-48bc-b65b-b38fe87fcf8e +| DisplayText | Read the names, descriptions, and settings of all channels | Read the names, descriptions, and settings of channels +| Description | Read all channel names, channel descriptions, and channel settings, without a signed-in user. | Read all channel names, channel descriptions, and channel settings, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* _CloudPC.Read.All_: View the properties of all Cloud PCs (`GET /deviceManagement/virtualEndpoint/cloudPCs`). -* _CloudPC.ReadWrite.All_: Edit the Cloud PC provisioning policy (`PATCH /deviceManagement/virtualEndpoint/provisioningPolicies/{id}`). +--- -#### Application +### ChannelSettings.ReadWrite.All -* _CloudPC.Read.All_: View the properties of all Cloud PCs (`GET /deviceManagement/virtualEndpoint/cloudPCs`). -* _CloudPC.ReadWrite.All_: Edit the Cloud PC provisioning policy (`PATCH /deviceManagement/virtualEndpoint/provisioningPolicies/{id}`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 243cded2-bd16-4fd6-a953-ff8177894c3d | d649fb7c-72b4-4eec-b2b4-b15acf79e378 +| DisplayText | Read and write the names, descriptions, and settings of all channels | Read and write the names, descriptions, and settings of channels +| Description | Read and write the names, descriptions, and settings of all channels, without a signed-in user. | Read and write the names, descriptions, and settings of all channels, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Consent requests permissions +### Chat.Create -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | d9c48af6-9ad9-47ad-82c3-63757137b9af | 38826093-1258-4dea-98f0-00003be2b8d0 +| DisplayText | Create chats | Create chats +| Description | Allows the app to create chats without a signed-in user.  | Allows the app to create chats on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_ConsentRequest.Read.All_ |Read consent requests |Allows the app to read consent requests and approvals on behalf of the signed-in user. |Yes | No | -|_ConsentRequest.ReadWrite.All_ |Read and write consent requests |Allows the app to read app consent requests and approvals, and deny or approve those requests on behalf of the signed-in user. |Yes | No | - -#### Application permissions +--- -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_ConsentRequest.Read.All_ |Read consent requests |Allows the app to read app consent requests and approvals without a signed-in user. |Yes | -|_ConsentRequest.ReadWrite.All_ |Read and write consent requests |Allows the app to read app consent requests and approvals, and deny or approve those requests without a signed-in user. |Yes | +### Chat.ManageDeletion.All -## Cross-tenant user profile sharing permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9c7abde0-eacd-4319-bf9e-35994b1a1717 | bb64e6fc-6b6d-4752-aea0-dd922dbba588 +| DisplayText | Delete and recover deleted chats | Delete and recover deleted chats +| Description | Allows the app to delete and recover deleted chats, without a signed-in user. | Allows the app to delete and recover deleted chats, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_CrossTenantUserProfileSharing.Read_ |Read shared cross-tenant user profile and export data  |Allows the application to list and query user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), associated with the current tenant on behalf of the signed-in user. |Yes | Yes | -|_CrossTenantUserProfileSharing.Read.All_ |Read all shared cross-tenant user profiles and export their data  |Allows the application to list and query any shared user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant on behalf of the signed-in user. |Yes | Yes | -|_CrossTenantUserProfileSharing.ReadWrite_ |Read shared cross-tenant user profile and export or delete data |Allows the application to list and query user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), associated with the current tenant on behalf of the signed-in user. |Yes |No| -|_CrossTenantUserProfileSharing.ReadWrite.All_ |Allows the application to list and query any shared user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant on behalf of the signed-in user. |Yes |No| +### Chat.Read -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f501c180-9344-439a-bca0-6cbf209fd270 +| DisplayText | - | Read user chat messages +| Description | - | Allows an app to read 1 on 1 or group chats threads, on behalf of the signed-in user. +| AdminConsentRequired | - | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_CrossTenantUserProfileSharing.Read.All_ |Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user. | Yes | -|_CrossTenantUserProfileSharing.ReadWrite.All_ |Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user. |Yes| +--- -## Contacts permissions +### Chat.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6b7d71aa-70aa-4810-a8d9-5d9fb2830017 | - +| DisplayText | Read all chat messages | - +| Description | Allows the app to read all 1-to-1 or group chat messages in Microsoft Teams. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_Contacts.Read_ |Read user contacts  |Allows the app to read user contacts. |No | Yes | -|_Contacts.Read.Shared_ |Read user and shared contacts |Allows the app to read contacts that the user has permissions to access, including the user's own and shared contacts. |No |No| -|_Contacts.ReadWrite_ |Have full access to user contacts |Allows the app to create, read, update, and delete user contacts. |No |Yes| -|_Contacts.ReadWrite.Shared_ |Read and write user and shared contacts |Allows the app to create, read, update and delete contacts that the user has permissions to, including the user's own and shared contacts. |No |No| +--- -#### Application permissions +### Chat.Read.WhereInstalled -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_Contacts.Read_ |Read contacts in all mailboxes |Allows the app to read all contacts in all mailboxes without a signed-in user. |Yes | -|_Contacts.ReadWrite_ |Read and write contacts in all mailboxes |Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user. |Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1c1b4c8e-3cc7-4c58-8470-9b92c9d5848b | - +| DisplayText | Read all chat messages for chats where the associated Teams application is installed. | - +| Description | Allows the app to read all one-to-one or group chat messages in Microsoft Teams for chats where the associated Teams application is installed, without a signed-in user. | - +| AdminConsentRequired | Yes | - -> **Important** -Administrators can configure [application access policy](auth-limit-mailbox-access.md) to limit app access to _specific_ mailboxes and not all the mailboxes in the organization, even if the app has been granted the application permissions of Contacts.Read or Contacts.ReadWrite. +--- -### Example usage -#### Delegated +### Chat.ReadBasic -* _Contacts.Read_: Read a contact from one of the top-level contact folders of the signed-in user (`GET /me/contactfolders/{Id}/contacts/{id}`). -* _Contacts.ReadWrite_: Update the contact photo of one of the signed-in user's contacts (`PUT /me/contactfolders/{contactFolderId}/contacts/{id}/photo/$value`). -* _Contacts.ReadWrite_: Add contacts to the root folder of the signed-in user (`POST /me/contacts`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9547fcb5-d03f-419d-9948-5928bbf71b0f +| DisplayText | - | Read names and members of user chat threads +| Description | - | Allows an app to read the members and descriptions of one-to-one and group chat threads, on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Application +--- -* _Contacts.Read_: Read contacts from one of the top-level contact folders of any user in the organization (`GET /users/{id | userPrincipalName}/contactfolders/{Id}/contacts/{id}`). -* _Contacts.ReadWrite_: Update the photo for any contact of any user in an organization (`PUT /users/{id | userPrincipalName}/contactfolders/{contactFolderId}/contacts/{id}/photo/$value`). -* _Contacts.ReadWrite_: Add contacts to the root folder of any user in the organization (`POST /users/{id | userPrincipalName}/contacts`). +### Chat.ReadBasic.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | b2e060da-3baf-4687-9611-f4ebc0f0cbde | - +| DisplayText | Read names and members of all chat threads | - +| Description | Read names and members of all one-to-one and group chats in Microsoft Teams, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Custom authentication extensions permissions +### Chat.ReadBasic.WhereInstalled + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 818ba5bd-5b3e-4fe0-bbe6-aa4686669073 | - +| DisplayText | Read names and members of all chat threads where the associated Teams application is installed. | - +| Description | Allows the app to read names and members of all one-to-one and group chats in Microsoft Teams where the associated Teams application is installed, without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:-----------|:---------------|:------------|:-----------------------|:----------------------------| -|CustomAuthenticationExtension.Read.All|Read your oganization's custom authentication extensions|Allows the app to read your organization's custom authentication extensions on behalf of the signed-in user.|Yes|No| -|CustomAuthenticationExtension.ReadWrite.All|Read and write your organization's custom authentication extensions|Allows the app to read or write your organization's custom authentication extensions on behalf of the signed-in user.|Yes|No| +### Chat.ReadWrite -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9ff7295e-131b-4d94-90e1-69fde507ac11 +| DisplayText | - | Read and write user chat messages +| Description | - | Allows an app to read and write 1 on 1 or group chats threads, on behalf of the signed-in user. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | -|--------------|:-----------------|:--------------|:-------------------------| -| CustomAuthenticationExtension.Read.All | Read all custom authentication extensions | Allows the app to read your organization's custom authentication extensions without a signed-in user. | Yes | -| CustomAuthenticationExtension.ReadWrite.All | Read and write all custom authentication extensions | Allows the app to read or write your organization's custom authentication extensions without a signed-in user. | Yes | +--- -## Custom security attributes permissions +### Chat.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 294ce7c9-31ba-490a-ad7d-97a7d075e4ed | - +| DisplayText | Read and write all chat messages | - +| Description | Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _CustomSecAttributeAssignment.Read.All_ | Read custom security attribute assignments | Allows the app to read custom security attribute assignments for all principals in the tenant on behalf of a signed in user. | Yes | No | -| _CustomSecAttributeAssignment.ReadWrite.All_ | Read and write custom security attribute assignments | Allows the app to read and write custom security attribute assignments for all principals in the tenant on behalf of a signed in user. | Yes | No | -| _CustomSecAttributeDefinition.Read.All_ | Read custom security attribute definitions | Allows the app to read custom security attribute definitions for the tenant on behalf of a signed in user. | Yes | No | -| _CustomSecAttributeDefinition.ReadWrite.All_ | Read and write custom security attribute definitions | Allows the app to read and write custom security attribute definitions for the tenant on behalf of a signed in user. | Yes | No | +--- -#### Application permissions +### Chat.ReadWrite.WhereInstalled -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _CustomSecAttributeAssignment.Read.All_ | Read custom security attribute assignments | Allows the app to read custom security attribute assignments for all principals in the tenant without a signed in user. | Yes | -| _CustomSecAttributeAssignment.ReadWrite.All_ | Read and write custom security attribute assignments | Allows the app to read and write custom security attribute assignments for all principals in the tenant without a signed in user. | Yes | -| _CustomSecAttributeDefinition.Read.All_ | Read custom security attribute definitions | Allows the app to read custom security attribute definitions for the tenant without a signed in user. | Yes | -| _CustomSecAttributeDefinition.ReadWrite.All_ | Read and write custom security attribute definitions | Allows the app to read and write custom security attribute definitions for the tenant without a signed in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | ad73ce80-f3cd-40ce-b325-df12c33df713 | - +| DisplayText | Read and write all chat messages for chats where the associated Teams application is installed. | - +| Description | Allows the app to read and write all chat messages in Microsoft Teams for chats where the associated Teams application is installed, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Device local credential permissions +### Chat.UpdatePolicyViolation.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7e847308-e030-4183-9899-5235d7270f58 | - +| DisplayText | Flag chat messages for violating policy | - +| Description | Allows the app to update Microsoft Teams 1-to-1 or group chat messages by patching a set of Data Loss Prevention (DLP) policy violation properties to handle the output of DLP processing. | - +| AdminConsentRequired | Yes | - -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _DeviceLocalCredential.ReadBasic.All_ | Read basic device local credential information | Allows the app to read device local credential properties excluding passwords, on behalf of the signed-in user. | Yes | No | -| _DeviceLocalCredential.Read.All_ | Read device local credential information | Allows the app to read device local credential properties including passwords, on behalf of the signed-in user. | Yes | No | +### ChatMember.Read -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c5a9e2b1-faf6-41d4-8875-d381aa549b24 +| DisplayText | - | Read the members of chats +| Description | - | Read the members of chats, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _DeviceLocalCredential.ReadBasic.All_ | Read basic device local credential information | Allows the app to read device local credential properties excluding passwords. | Yes | No | -| _DeviceLocalCredential.Read.All_ | Read device local credential information | Allows the app to read device local credential properties including passwords. | Yes | No | +--- -### Example usage +### ChatMember.Read.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | a3410be2-8e48-4f32-8454-c29a7465209d | - +| DisplayText | Read the members of all chats | - +| Description | Read the members of all chats, without a signed-in user. | - +| AdminConsentRequired | Yes | - -* DeviceLocalCredential.ReadBasic.All_: List the device local credential for all devices in the tenant without returning the 'credentials' property (`GET /deviceLocalCredentials`). -* DeviceLocalCredential.Read.All_: Get a device local credential with the local administrator account password in Base64 encoded value (`GET /deviceLocalCredentials/{deviceId}?$select=credentials`). +--- -#### Application +### ChatMember.Read.WhereInstalled -* DeviceLocalCredential.ReadBasic.All_: List the device local credential for all devices in the tenant without returning the 'credentials' property (`GET /deviceLocalCredentials`). -* DeviceLocalCredential.Read.All_: Get a device local credential with the local administrator account password in Base64 encoded value (`GET /deviceLocalCredentials/{deviceId}?$select=credentials`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 93e7c9e4-54c5-4a41-b796-f2a5adaacda7 | - +| DisplayText | Read the members of all chats where the associated Teams application is installed. | - +| Description | Allows the app to read the members of all chats where the associated Teams application is installed, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Granular delegated admin privileges (GDAP) permissions +### ChatMember.ReadWrite -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | dea13482-7ea6-488f-8b98-eb5bbecf033d +| DisplayText | - | Add and remove members from chats +| Description | - | Add and remove members from chats, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _DelegatedAdminRelationship.Read.All_ | Read Delegated Admin relationships with customers | Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups on behalf of the signed-in user. | Yes | No | -| _DelegatedAdminRelationship.ReadWrite.All_ | Manage Delegated Admin relationships with customers | Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers and role assignments to security groups for active Delegated Admin relationships on your behalf. | Yes | No | +--- -#### Application permissions +### ChatMember.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _DelegatedAdminRelationship.Read.All_ | Read Delegated Admin relationships with customers | Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups without a signed-in user. | Yes | No | -| _DelegatedAdminRelationship.ReadWrite.All_ | Manage Delegated Admin relationships with customers | Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers and role assignments to security groups for active Delegated Admin relationships without a signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 57257249-34ce-4810-a8a2-a03adf0c5693 | - +| DisplayText | Add and remove members from all chats | - +| Description | Add and remove members from all chats, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Device permissions +### ChatMember.ReadWrite.WhereInstalled -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | e32c2cd9-0124-4e44-88fc-772cd98afbdb | - +| DisplayText | Add and remove members from all chats where the associated Teams application is installed. | - +| Description | Allows the app to add and remove members from all chats where the associated Teams application is installed, without a signed-in user. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_Device.Read_ |Read user devices |Allows the app to read a user's list of devices on behalf of the signed-in user. |No | Yes | -|_Device.Read.All_ |Read all devices |Allows the app to read your organization's devices' configuration information on behalf of the signed-in user.|Yes | Yes | -|_Device.Command_ |Communicate with user devices |Allows the app to launch another app or communicate with another app on a user's device on behalf of the signed-in user. |No | Yes | +--- +### ChatMessage.Read -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | cdcdac3a-fd45-410d-83ef-554db620e5c7 +| DisplayText | - | Read user chat messages +| Description | - | Allows an app to read one-to-one and group chat messages, on behalf of the signed-in user. +| AdminConsentRequired | - | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_Device.Read.All_ |Read all devices |Allows the app to read your organization's devices' configuration information without a signed-in user. |Yes | -|_Device.ReadWrite.All_ |Read and write devices |Allows the app to read and write all device properties without a signed in user. Does not allow device creation or update of device alternative security identifiers. |Yes | +--- -> [!NOTE] -> Before December 3rd, 2020, when the application permission *Device.ReadWrite.All* was granted, the [Device Managers](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#deprecated-roles) directory role was also assigned to the app's service principal. This directory role assignment is not removed automatically when the associated application permissions is revoked. To ensure that an application's access to read or write to devices is removed, customers must also remove any related directory roles that were granted to the application. -> -> A service update disabling this behavior began rolling out on December 3rd, 2020. Deployment to all customers completed on January 11th, 2021. Directory roles are no longer automatically assigned when application permissions are granted. +### ChatMessage.Read.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | b9bb2381-47a4-46cd-aafb-00cb12f68504 | - +| DisplayText | Read all chat messages | - +| Description | Allows the app to read all one-to-one and group chats messages in Microsoft Teams, without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Application +--- -* _Device.ReadWrite.All_: Read all registered devices in the organization (`GET /devices`). +### ChatMessage.Send -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 116b7235-7cc6-461e-b163-8e55691d839e +| DisplayText | - | Send user chat messages +| Description | - | Allows an app to send one-to-one and group chat messages in Microsoft Teams, on behalf of the signed-in user. +| AdminConsentRequired | - | No --- -## Directory permissions - -#### Delegated permissions +### CloudApp-Discovery.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Directory.Read.All_ |Read directory data | Allows the app to read data in your organization's directory, such as users, groups and apps. **Note**: Users may consent to applications that require this permission if the application is registered in their own organization's tenant.| Yes | No | -| _Directory.ReadWrite.All_ |Read and write directory data | Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. | Yes | No | -| _Directory.AccessAsUser.All_ |Access directory as the signed-in user | Allows the app to have the same access to information in the directory as the signed-in user. | Yes | No | -| _Directory.Write.Restricted_ |Manage restricted resources in the directory | Allows the app to manage restricted resources based on the other permissions granted to the app, on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 64a59178-dad3-4673-89db-84fdcd622fec | ad46d60e-1027-4b75-af88-7c14ccf43a19 +| DisplayText | Read all discovered cloud applications data | Read discovered cloud applications data +| Description | Allows the app to read all details of discovered cloud apps in the organization, without a signed-in user. | Allows the app to read details of discovered cloud apps in the organization, on behalf of the signed in user. +| AdminConsentRequired | Yes | No -
+--- -#### Application permissions +### CloudPC.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Directory.Read.All_ | Read directory data | Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. | Yes | -| _Directory.ReadWrite.All_ | Read and write directory data | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. | Yes | -| _Directory.Write.Restricted_ |Manage restricted resources in the directory | Allows the app to manage restricted resources based on the other permissions granted to the app, without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | a9e09520-8ed4-4cde-838e-4fdea192c227 | 5252ec4e-fd40-4d92-8c68-89dd1d3c6110 +| DisplayText | Read Cloud PCs | Read Cloud PCs +| Description | Allows the app to read the properties of Cloud PCs, without a signed-in user. | Allows the app to read the properties of Cloud PCs on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -### Remarks +--- -Directory permissions provide the highest level of privilege for accessing directory resources such as [user](/graph/api/resources/user), [group](/graph/api/resources/group), and [device](/graph/api/resources/device) in an organization. +### CloudPC.ReadWrite.All -They also exclusively control access to other directory resources like: [organizational contacts](/graph/api/resources/orgcontact?view=graph-rest-beta&preserve-view=true), [schema extension APIs](/graph/api/resources/schemaextension?view=graph-rest-beta&preserve-view=true), [Privileged Identity Management (PIM) APIs](/graph/api/resources/privilegedidentitymanagement-root?view=graph-rest-beta&preserve-view=true), as well as many of the resources and APIs listed under the **Azure Active Directory** node in the v1.0 and beta API reference documentation. These include administrative units, directory roles, directory settings, policy, and many more. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3b4349e1-8cf5-45a3-95b7-69d1751d3e6a | 9d77138f-f0e2-47ba-ab33-cd246c8b79d1 +| DisplayText | Read and write Cloud PCs | Read and write Cloud PCs +| Description | Allows the app to read and write the properties of Cloud PCs, without a signed-in user. | Allows the app to read and write the properties of Cloud PCs on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -> [!NOTE] -> Before December 3rd, 2020, when the application permission *Directory.Read.All* was granted, the [Directory Readers](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#directory-readers-permissions) directory role was also assigned to the app's service principal. When *Directory.ReadWrite.All* was granted, the [Directory Writers](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#directory-writers-permissions) directory role was also assigned. These directory roles are not removed automatically when the associated application permissions are revoked. To remove an application's access to read or write to the directory, customers must also remove any directory roles that were granted to the application. -> -> A service update disabling this behavior began rolling out on December 3rd, 2020. Deployment to all customers completed on January 11th, 2021. Directory roles are no longer automatically assigned when application permissions are granted. +--- -The _Directory.ReadWrite.All_ permission grants the following privileges: +### ConsentRequest.Read.All -- Full read of all directory resources (both declared properties and navigation properties) -- Create and update users -- Disable and enable users (but not Company Administrator) -- Set user alternative security ID (but not administrators) -- Create and update groups -- Manage group memberships -- Update group owner -- Manage license assignments -- Define schema extensions on applications -- Manage directory settings -- Manage admin consent workflow configuration (but not whether admin consent is required or who is authorized to grant admin consent) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1260ad83-98fb-4785-abbb-d6cc1806fd41 | f3bfad56-966e-4590-a536-82ecf548ac1e +| DisplayText | Read all consent requests | Read consent requests +| Description | Allows the app to read consent requests and approvals without a signed-in user. | Allows the app to read consent requests and approvals on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -> **Note**: -> - No rights to reset user passwords. -> - Updating another user's **businessPhones**, **mobilePhone**, or **otherMails** property is only allowed on users who are non-administrators or assigned one of the following roles: Directory Readers, Guest Inviter, Message Center Reader and Reports Reader. For more details, see Helpdesk (Password) Administrator in [Azure AD available roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles). This is the case for apps granted either the User.ReadWrite.All or Directory.ReadWrite.All delegated or application permissions. -> - No rights to delete resources (including users or groups). -> - Specifically excludes create or update for resources not listed above. This includes: application, oAuth2PermissionGrant, appRoleAssignment, device, servicePrincipal, organization, domains, and so on. +--- +### ConsentRequest.ReadWrite.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9f1b81a7-0223-4428-bfa4-0bcb5535f27d | 497d9dfa-3bd1-481a-baab-90895e54568c +| DisplayText | Read and write all consent requests | Read and write consent requests +| Description | Allows the app to read app consent requests and approvals, and deny or approve those requests without a signed-in user. | Allows the app to read app consent requests and approvals, and deny or approve those requests on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated -* _Directory.Read.All_: List all administrative units in an organization (`GET /beta/administrativeUnits`) -* _Directory.ReadWrite.All_: Add members to a directory role (`POST /directoryRoles/{id}/members/$ref`) +--- -#### Application -* _Directory.Read.All_: List all memberships of a user, including directory roles and administrative units (`GET /beta/users/{id}/memberOf`) -* _Directory.Read.All_: List all group members, including service principals (`GET /beta/groups/{id}/members`) -* _Directory.ReadWrite.All_: Add an owner to a group (`POST /groups/{id}/owners/$ref`) +### Contacts.Read +| Category | Application | Delegated | +|--|--|--| +| Identifier | 089fe4d0-434a-44c5-8827-41ba8a0b17f5 | ff74d97f-43af-4b68-9f2a-b77ee6968c5d +| DisplayText | Read contacts in all mailboxes | Read user contacts +| Description | Allows the app to read all contacts in all mailboxes without a signed-in user. | Allows the app to read user contacts. +| AdminConsentRequired | Yes | No -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +[!INCLUDE [Contacts.Read](../includes/permissions-notes/Contacts.Read.md)] --- -## Directory recommendations permissions +### Contacts.Read.Shared + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 242b9d9e-ed24-4d09-9a52-f43769beb9d4 +| DisplayText | - | Read user and shared contacts +| Description | - | Allows the app to read contacts a user has permissions to access, including their own and shared contacts. +| AdminConsentRequired | - | No -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _DirectoryRecommendations.Read.All_ | Read all recommendations | Allows the app to read recommendations on behalf of the signed-in user. | Yes | No | -| _DirectoryRecommendations.ReadWrite.All_ | Manage all recommendations | Allows the app to read and write recommendations on behalf of the signed-in user. | Yes | No | +### Contacts.ReadWrite -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6918b873-d17a-4dc1-b314-35f528134491 | d56682ec-c09e-4743-aaf4-1a3aac4caa21 +| DisplayText | Read and write contacts in all mailboxes | Have full access to user contacts +| Description | Allows the app to create, read, update, and delete all contacts in all mailboxes without a signed-in user. | Allows the app to create, read, update, and delete user contacts. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _DirectoryRecommendations.Read.All_ | Read all recommendations | Allows the app to read recommendations without a signed-in user. | Yes | -| _DirectoryRecommendations.ReadWrite.All_ | Manage all recommendations | Allows the app to read and write recommendations without a signed-in user. | Yes | +[!INCLUDE [Contacts.ReadWrite](../includes/permissions-notes/Contacts.ReadWrite.md)] --- -## Domain permissions +### Contacts.ReadWrite.Shared -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | afb6c84b-06be-49af-80bb-8f3f77004eab +| DisplayText | - | Read and write user and shared contacts +| Description | - | Allows the app to create, read, update, and delete contacts a user has permissions to, including their own and shared contacts. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_Domain.Read.All_ |Read domains|Allows the app to read all domain properties on behalf of the signed-in user. |Yes | No | -|_Domain.ReadWrite.All_ | Read and write domains |Allows the app to read and write all domain properties on behalf of the signed-in user. Also allows the app to add, verify, and remove domains. |Yes | No | +--- -#### Application permissions +### CrossTenantInformation.ReadBasic.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Domain.Read.All_ | Read domains | Allows the app to read all domain properties without a signed-in user. | Yes | -| _Domain.ReadWrite.All_ | Read and write domains | Allows the app to read and write domains without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | cac88765-0581-4025-9725-5ebc13f729ee | 81594d25-e88e-49cf-ac8c-fecbff49f994 +| DisplayText | Read cross-tenant basic information | Read cross-tenant basic information +| Description | Allows the application to obtain basic tenant information about another target tenant within the Azure AD ecosystem without a signed-in user. | Allows the application to obtain basic tenant information about another target tenant within the Azure AD ecosystem on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## eDiscovery permissions +### CrossTenantUserProfileSharing.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | cb1ba48f-d22b-4325-a07f-74135a62ee41 +| DisplayText | - | Read shared cross-tenant user profile and export data +| Description | - | Allows the application to list and query user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), associated with the current tenant on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_eDiscovery.Read.All_ |Read user eDiscovery case data |Allows the app to read eDiscovery objects such as cases, custodians, review sets and other related objects on behalf of the signed-in user. |Yes | No | -|_eDiscovery.ReadWrite.All_ | Read and write eDiscovery case data |Allows the app to read and write eDiscovery objects such as cases, custodians, review sets and other related objects on behalf of the signed-in user. |Yes | No | - -#### Application permissions +--- -None +### CrossTenantUserProfileSharing.Read.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8b919d44-6192-4f3d-8a3b-f86f8069ae3c | 759dcd16-3c90-463c-937e-abf89f991c18 +| DisplayText | Read all shared cross-tenant user profiles and export their data | Read all shared cross-tenant user profiles and export their data +| Description | Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user. | Allows the application to list and query any shared user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated +--- -* _eDiscovery.Read.All_: Get the list of cases available to the user (`GET /compliance/ediscovery/cases`) -* _eDiscovery.ReadWrite.All_: Create a reviewset query in a review set (`POST /compliance/ediscovery/cases/{caseId}/reviewSets/{reviewSetId}/queries`) +### CrossTenantUserProfileSharing.ReadWrite -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | eed0129d-dc60-4f30-8641-daf337a39ffd +| DisplayText | - | Read shared cross-tenant user profile and export or delete data +| Description | - | Allows the application to list and query user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), associated with the current tenant on behalf of the signed-in user. +| AdminConsentRequired | - | Yes --- +### CrossTenantUserProfileSharing.ReadWrite.All -## Education permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 306785c5-c09b-4ba0-a4ee-023f3da165cb | 64dfa325-cbf8-48e3-938d-51224a0cac01 +| DisplayText | Read all shared cross-tenant user profiles and export or delete their data | Read all shared cross-tenant user profiles and export or delete their data +| Description | Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user. | Allows the application to list and query any shared user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| :------------------------------ | :--------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | :-------------------------- | -| _EduAdministration.Read_ | Read education app settings | Allows the app to read education app settings on behalf of the user. | Yes | No | -| _EduAdministration.ReadWrite_ | Manage education app settings | Allows the app to manage education app settings on behalf of the user. | Yes | No | -| _EduAssignments.ReadBasic_ | Read users' class assignments information without reading any feedback or outcomes | Allows the app to read assignments information on behalf of the user without reading any feedback or outcomes. | Yes | No | -| _EduAssignments.ReadWriteBasic_ | Read and write users' class assignments information without impacting or reading any feedback or outcomes | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | Yes | No | -| _EduAssignments.Read_ | Read users' view of class assignments and their grades | Allows the app to read assignments and their grades on behalf of the user | Yes | No | -| _EduAssignments.ReadWrite_ | Read and write users' view of class assignments and their grades | Allows the app to read and write assignments and their grades on behalf of the user | Yes | No | -| _EduCurricula.Read_ | Read the user's class modules and resources. | Allows the app to read the user's modules and resources on behalf of the signed-in user. | Yes | No | -| _EduCurricula.ReadWrite_ | Read and write the user's class modules and resources. | Allows the app to read and write user's modules and resources on behalf of the signed-in user. | Yes | No | -| _EduRoster.ReadBasic_ | Read a limited subset of users' view of the roster | Allows the app to read a limited subset of the properties from the structure of schools and classes in an organization's roster and a limited subset of properties about users to be read on behalf of the user. Includes name, status, education role, and email address. | Yes | No | -| _EduRoster.Read_ | Read users' view of the roster | Allows the app to read the structure of schools and classes in an organization's roster and education-specific information about users to be read on behalf of the user. | Yes | -| _EduRoster.ReadWrite_ | Read and write users' view of the roster | Allows the app to read and write the structure of schools and classes in an organization's roster and education-specific information about users to be read and written on behalf of the user. | Yes | +### CustomAuthenticationExtension.Read.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 88bb2658-5d9e-454f-aacd-a3933e079526 | b2052569-c98c-4f36-a5fb-43e5c111e6d0 +| DisplayText | Read all custom authentication extensions | Read your oganization's custom authentication extensions +| Description | Allows the app to read your organization's custom authentication extensions without a signed-in user. | Allows the app to read your organization's custom authentication extensions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -| :---------------------------------- | :-------------------------------------------------- | :---------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | -| _EduAdministration.Read.All_ | Read Education app settings | Read the state and settings of all Microsoft education apps on behalf of the user. | Yes | -| _EduAdministration.ReadWrite.All_ | Manage education app settings | Manage the state and settings of all Microsoft education apps on behalf of the user. | yes | -| _EduAssignments.ReadBasic.All_ | Read all class assignments information without reading any feedback or outcomes | Allows the app to read all class assignments information for all users without a signed-in user without reading any feedback or outcomes. | Yes | -| _EduAssignments.ReadWriteBasic.All_ | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | Yes | -| _EduAssignments.Read.All_ | Read all class assignments with grades | Allows the app to read all class assignments with grades for all users without a signed-in user. | Yes | -| _EduAssignments.ReadWrite.All_ | Create, read, update, and delete all class assignments with grades | Allows the app to create, read, update and delete all class assignments with grades for all users without a signed-in user. | Yes | -| _EduCurricula.Read.All_ | Read all class modules and resources | Allows the app to read all modules and resources, without a signed-in user. | Yes | -| _EduCurricula.ReadWrite.All_ | Read and write all class modules and resources | Allows the app to read and write all modules and resources, without a signed-in user. | Yes | -| _EduRoster.ReadBasic.All_ | Read a limited subset of the organization's roster. | Allows the app to read a limited subset of both the structure of schools and classes in an organization's roster and education-specific information about all users. | Yes | -| _EduRoster.Read.All_ | Read the organization's roster. | Allows the app to read the structure of schools and classes in the organization's roster and education-specific information about all users to be read. | Yes | -| _EduRoster.ReadWrite.All_ | Read and write the organization's roster. | Allows the app to read and write the structure of schools and classes in the organization's roster and education-specific information about all users to be read and written. | Yes | +--- -### Example usage +### CustomAuthenticationExtension.ReadWrite.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | c2667967-7050-4e7e-b059-4cbbb3811d03 | 8dfcf82f-15d0-43b3-bc78-a958a13a5792 +| DisplayText | Read and write all custom authentication extensions | Read and write your organization's custom authentication extensions +| Description | Allows the app to read or write your organization's custom authentication extensions without a signed-in user. | Allows the app to read or write your organization's custom authentication extensions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* _EduAssignments.Read_: Get the signed-in student's assignment information (`GET /education/classes/{id}/assignments/{id}`) -* _EduAssignments.ReadWriteBasic_: Submit signed-in student assignment (`GET /education/classes/{id}/assignments/{id}submit`) -* _EduRoster.ReadBasic_: Classes a signed-in user attends or teaches (`GET /education/classes/{id}/members`) +--- -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +### CustomAuthenticationExtension.Receive.Payload +| Category | Application | Delegated | +|--|--|--| +| Identifier | 214e810f-fda8-4fd7-a475-29461495eb00 | - +| DisplayText | Receive custom authentication extension HTTP requests | - +| Description | Allows custom authentication extensions associated with the app to receive HTTP requests triggered by an authentication event. The request can include information about a user, client and resource service principals, and other information about the authentication. | - +| AdminConsentRequired | Yes | - --- -## Employee learning permissions +### CustomDetection.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 673a007a-9e0f-4c97-b066-3c0164486909 | b13ff42e-f321-4d7d-a462-141c46a1b832 +| DisplayText | Read all custom detection rules | Read custom detection rules +| Description | Allows the app to read custom detection rules without a signed-in user. | Allows the app to read custom detection rules on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _LearningContent.Read.All_ | Read learning content | Allows the app to read learning content in the organization's directory, on behalf of the signed-in user. | Yes | No | -| _LearningContent.ReadWrite.All_ | Manage learning content | Allows the app to manage all learning content in the organization's directory, on behalf of the signed-in user. | Yes | No | -| _LearningProvider.Read_ | Read learning provider | Allows the app to read data for the learning provider in the organization's directory, on behalf of the signed-in user. | Yes | No | -| _LearningProvider.ReadWrite_ | Manage learning provider | Allows the app to create, update, read, and delete data for the learning provider in the organization's directory, on behalf of the signed-in user. | Yes | No | -| _LearningAssignedCourse.Read_ | Read assignment | Allows the app to read data for assignment record in organization's directory on behalf of the signed-in user. | Yes | No | -| _LearningSelfInitiatedCourse.Read_ | Read self-initiated course | Allows the app to read data for self-initiated course record in organization's directory on behalf of the signed-in user. | Yes | No | +--- + +### CustomDetection.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | e0fd9c8d-a12e-4cc9-9827-20c8c3cd6fb8 | c34088fb-0649-4714-af0b-bcbfec155897 +| DisplayText | Read and write custom detection rules | Read and write custom detection rules +| Description | Allows the app to read and write custom detection rules | Allows to read and write custom detection rules of the signed in user +| AdminConsentRequired | Yes | Yes + +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _LearningContent.Read.All_ | Read all learning content | Allows the app to read all learning content in the organization's directory, without a signed-in user. | Yes | No | -| _LearningContent.ReadWrite.All_ | Manage all learning content | Allows the app to manage all learning content in the organization's directory, without a signed-in user. | Yes | No | -| _LearningAssignedCourse.Read.All_ | Read learning assignment | Allows the app to read data for learning assignment record in organization's directory, without a signed-in user. | Yes | No | -| _LearningSelfInitiatedCourse.Read.All_ | Read learning self-initiated course| Allows the app to read data for learning self-initiated course record in organization's directory, without a signed-in user. | Yes | No | -| _LearningAssignedCourse.ReadWrite.All_ | Manage all learning assignment for learner | Allows the app to create/read/update/delete data for learning assignment record in organization's directory, without a signed-in user. | Yes | No | -| _LearningSelfInitiatedCourse.ReadWrite.All_ | Manage all self-initiated course for learner | Allows the app to create/read/update/delete data for self-initiated course record in organization's directory, without a signed-in user. | Yes | No | +### CustomSecAttributeAssignment.Read.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3b37c5a4-1226-493d-bec3-5d6c6b866f3f | b46ffa80-fe3d-4822-9a1a-c200932d54d0 +| DisplayText | Read custom security attribute assignments | Read custom security attribute assignments +| Description | Allows the app to read custom security attribute assignments for all principals in the tenant without a signed in user. | Allows the app to read custom security attribute assignments for all principals in the tenant on behalf of a signed in user. +| AdminConsentRequired | Yes | Yes --- -## Entitlement management permissions +### CustomSecAttributeAssignment.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | de89b5e4-5b8f-48eb-8925-29c2b33bd8bd | ca46335e-8453-47cd-a001-8459884efeae +| DisplayText | Read and write custom security attribute assignments | Read and write custom security attribute assignments +| Description | Allows the app to read and write custom security attribute assignments for all principals in the tenant without a signed in user. | Allows the app to read and write custom security attribute assignments for all principals in the tenant on behalf of a signed in user. +| AdminConsentRequired | Yes | Yes -|Permission|Display String|Description|Admin Consent Required| -|:----------|:--------------|:-----------|:-------| -|_EntitlementManagement.ReadWrite.All_|Read and write entitlement management resources|Allows the app to request access to read and manage access packages and related entitlement management resources on behalf of the signed-in user.|Yes| -|_EntitlementManagement.Read.All_|Read entitlement management resources|Allows the app to request access to read access packages and related entitlement management resources on behalf of the signed-in user.|Yes| +--- + +### CustomSecAttributeAuditLogs.Read.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2a4f026d-e829-4e84-bdbf-d981a2703059 | 1fcdeaab-b519-44dd-bffc-ed1fd15a24e0 +| DisplayText | Read all custom security attribute audit logs | Read custom security attribute audit logs +| Description | Allows the app to read all audit logs for events that contain information about custom security attributes, without a signed-in user. | Allows the app to read audit logs for events that contain information about custom security attributes, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -|Permission|Display String|Description|Admin Consent Required| -|:----------|:--------------|:-----------|:-------| -|_EntitlementManagement.ReadWrite.All_|Read and write entitlement management resources|Allows the app to read and manage access packages and related entitlement management resources.|Yes| -|_EntitlementManagement.Read.All_|Read entitlement management resources|Allows the app to read access packages and related entitlement management resources.|Yes| +--- -## Files permissions +### CustomSecAttributeDefinition.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | b185aa14-d8d2-42c1-a685-0f5596613624 | ce026878-a0ff-4745-a728-d4fedd086c07 +| DisplayText | Read custom security attribute definitions | Read custom security attribute definitions +| Description | Allows the app to read custom security attribute definitions for the tenant without a signed in user. | Allows the app to read custom security attribute definitions for the tenant on behalf of a signed in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Files.Read_ | Read user files | Allows the app to read the signed-in user's files. | No | Yes | -| _Files.Read.All_ | Read all files that user can access | Allows the app to read all files the signed-in user can access. | No | Yes | -| _Files.ReadWrite_ | Have full access to user files | Allows the app to read, create, update, and delete the signed-in user's files. | No| Yes | -| _Files.ReadWrite.All_ | Have full access to all files user can access | Allows the app to read, create, update, and delete all files the signed-in user can access. | No | Yes | -| _Files.ReadWrite.AppFolder_ | Have full access to the application's folder (preview) | (Preview) Allows the app to read, create, update, and delete files in the application's folder. | No | Yes | -| _Files.Read.Selected_ | Read files that the user selects | **Limited support in Microsoft Graph; see Remarks**
(Preview) Allows the app to read files that the user selects. The app has access for several hours after the user selects a file. | No | No | -| _Files.ReadWrite.Selected_ | Read and write files that the user selects | **Limited support in Microsoft Graph; see Remarks**
(Preview) Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file. | No | No | +--- -#### Application permissions +### CustomSecAttributeDefinition.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -| :--------- | :------------- | :---------- | :--------------------- | -| _Files.Read.All_ | Read files in all site collections | Allows the app to read all files in all site collections without a signed in user. | Yes | -| _Files.ReadWrite.All_ | Read and write files in all site collections | Allows the app to read, create, update, and delete all files in all site collections without a signed in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 12338004-21f4-4896-bf5e-b75dfaf1016d | 8b0160d4-5743-482b-bb27-efc0a485ca4a +| DisplayText | Read and write custom security attribute definitions | Read and write custom security attribute definitions +| Description | Allows the app to read and write custom security attribute definitions for the tenant without a signed in user. | Allows the app to read and write custom security attribute definitions for the tenant on behalf of a signed in user. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -> **Note**: For personal accounts, Files.Read and Files.ReadWrite also grant access to files shared with the signed-in user. +### DataClassificationSession.Create -The Files.Read.Selected and Files.ReadWrite.Selected delegated permissions are only valid on work or school accounts and are only exposed for working with [Office 365 file handlers (v1.0)](/previous-versions/office/office-365-api/). -They should not be used for directly calling Microsoft Graph APIs. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 50bbb34b-8df4-4148-8e59-239c00555340 | 2dd78a34-0a00-4157-82e2-2b614b875b3e +| DisplayText | Create data classification sessions | Create data classification sessions +| Description | Allow the app to create data classification sessions, without a signed-in user. | Allow the app to create data classification sessions, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -The Files.ReadWrite.AppFolder delegated permission is only valid for personal accounts and is used for accessing the [App Root special folder](https://dev.onedrive.com/misc/appfolder.htm) with the OneDrive [Get special folder](/graph/api/drive-get-specialfolder) Microsoft Graph API. +--- +### DelegatedAdminRelationship.Read.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | f6e9e124-4586-492f-adc0-c6f96e4823fd | 0c0064ea-477b-4130-82a5-4c2cc4ff68aa +| DisplayText | Read Delegated Admin relationships with customers | Read Delegated Admin relationships with customers +| Description | Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups without a signed-in user. | Allows the app to read details of delegated admin relationships with customers like access details (that includes roles) and the duration as well as specific role assignments to security groups on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated +--- -* _Files.Read_: Read files stored in the signed-in user's OneDrive (`GET /me/drive/root/children`) -* _Files.Read.All_: Read files shared with the signed-in user (`GET /me/drive/root/sharedWithMe`) -* _Files.ReadWrite_: Write a file in the signed-in user's OneDrive (`PUT /me/drive/root/children/filename.txt/content`) -* _Files.ReadWrite.All_: Write a file shared with the user (`PUT /users/rgregg@contoso.com/drive/root/children/file.txt/content`) -* _Files.ReadWrite.AppFolder_: Write files into the app's folder in OneDrive (`PUT /me/drive/special/approot/children/file.txt/content`) +### DelegatedAdminRelationship.ReadWrite.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | cc13eba4-8cd8-44c6-b4d4-f93237adce58 | 885f682f-a990-4bad-a642-36736a74b0c7 +| DisplayText | Manage Delegated Admin relationships with customers | Manage Delegated Admin relationships with customers +| Description | Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers and role assignments to security groups for active Delegated Admin relationships without a signed-in user. | Allows the app to manage (create-update-terminate) Delegated Admin relationships with customers as well as role assignments to security groups for active Delegated Admin relationships on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Financials permissions -#### Delegated permissions -|Permission|Display String|Description|Admin Consent Required| -|:----------|:--------------|:-----------|:-------| -|_Financials.ReadWrite.All_|Read and write financials data|Allows the app to read and write financials data on behalf of the signed-in user|No| +### DelegatedPermissionGrant.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 81b4724a-58aa-41c1-8a55-84ef97466587 | a197cdc4-a8e8-4d49-9d35-4ca7c83887b4 +| DisplayText | Read all delegated permission grants | Read delegated permission grants +| Description | Allows the app to read all delegated permission grants, without a signed-in user. | Allows the app to read delegated permission grants, on behalf of the signed in user. +| AdminConsentRequired | Yes | Yes -## Group permissions +--- -#### Delegated permissions +### DelegatedPermissionGrant.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Group.Read.All_ | Read all groups | Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access. | Yes | No | -| _Group.ReadWrite.All_ | Read and write all groups| Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Also allows the app to read and write calendar, conversations, files, and other group content for all groups the signed-in user can access. Additionally allows group owners to manage their groups and allows group members to update group content. | Yes | No | -| _GroupMember.Read.All_ | Read group memberships | Allows the app to list groups, read basic group properties and read membership of all groups the signed-in user has access to. | Yes | No | -| _GroupMember.ReadWrite.All_ | Read and write group memberships | Allows the app to list groups, read basic properties, read and update the membership of the groups the signed-in user has access to. Group properties and owners cannot be updated and groups cannot be deleted. | Yes | No | -| _UnifiedGroupMember.Read.AsGuest_ | Read unified (Microsoft 365) group memberships as a guest user | Allows the app to read basic unified group properties, memberships, and owners of the group the signed-in guest is a member of. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8e8e4742-1d95-4f68-9d56-6ee75648c72a | 41ce6ca6-6826-4807-84f1-1c82854f7ee5 +| DisplayText | Manage all delegated permission grants | Manage all delegated permission grants +| Description | Allows the app to manage permission grants for delegated permissions exposed by any API (including Microsoft Graph), without a signed-in user. | Allows the app to manage permission grants for delegated permissions exposed by any API (including Microsoft Graph), on behalf of the signed in user. +| AdminConsentRequired | Yes | Yes -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Group.Read.All_ | Read all groups | Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user. | Yes | -| _Group.ReadWrite.All_ | Read and write all groups | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user.| Yes | -| _GroupMember.Read.All_ | Read group memberships | Allows the app to read memberships and basic group properties for all groups without a signed-in user. | Yes | -| _GroupMember.ReadWrite.All_ | Read and write group memberships | Allows the app to list groups, read basic properties, read and update the membership of the groups without a signed-in user. Group properties and owners cannot be updated and groups cannot be deleted. | Yes | -| _Group.Create_ | Create groups | Allows the calling app to create groups without a signed-in user. Does not allow read, update, or deletion of any groups. | Yes | +### Device.Command -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | bac3b9c2-b516-4ef4-bd3b-c2ef73d8d804 +| DisplayText | - | Communicate with user devices +| Description | - | Allows the app to launch another app or communicate with another app on a user's device on behalf of the signed-in user. +| AdminConsentRequired | - | No -Group functionality is not supported on personal Microsoft accounts. +--- -For Microsoft 365 groups, Group permissions grant the app access to the contents of the group; for example, conversations, files, notes, and so on. +### Device.Read -For application permissions, there are some limitations for the APIs that are supported. For more information, see [known issues](https://developer.microsoft.com/en-us/graph/known-issues). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 11d4cd79-5ba5-460f-803f-e22c8ab85ccd +| DisplayText | - | Read user devices +| Description | - | Allows the app to read a user's list of devices on behalf of the signed-in user. +| AdminConsentRequired | - | No -In some cases, an app may need [Directory permissions](#directory-permissions) to read some group properties like `member` and `memberOf`. For example, if a group has a one or more [servicePrincipals](/graph/api/resources/serviceprincipal?view=graph-rest-beta&preserve-view=true) as members, the app will need effective permissions to read service principals through being granted one of the _Directory.\*_ permissions, otherwise Microsoft Graph will return an error. (In the case of delegated permissions, the signed-in user will also need sufficient privileges in the organization to read service principals.) The same guidance applies for the `memberOf` property, which can return [administrativeUnits](/graph/api/resources/administrativeunit?view=graph-rest-beta&preserve-view=true). +--- -To set a Microsoft 365 group's **preferredDataLocation** attribute, an app needs Directory.ReadWrite.All permission. When users in a multi-geo environment create a Microsoft 365 group, the **preferredDataLocation** value for the group is automatically set to that of the user. For more information about groups' preferred data location, see [Create a Microsoft 365 group with a specific PDL](/office365/enterprise/multi-geo-add-group-with-pdl). +### Device.Read.All -Group permissions are used to control access to [Microsoft Teams](/graph/api/resources/teams-api-overview) resources and APIs. Personal Microsoft accounts are not supported. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7438b122-aefc-4978-80ed-43db9fcc7715 | 951183d1-1a61-466f-a6d1-1fde911bfd95 +| DisplayText | Read all devices | Read all devices +| Description | Allows the app to read your organization's devices' configuration information without a signed-in user. | Allows the app to read your organization's devices' configuration information on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -Group permissions are also used to control access to [Microsoft Planner](/graph/api/resources/planner-overview) resources and APIs. Only delegated permissions are supported for Microsoft Planner APIs; application permissions are not supported. Personal Microsoft accounts are not supported. +--- +### Device.ReadWrite.All -### Example usage -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1138cb37-bd11-4084-a2b7-9f71582aeddb | - +| DisplayText | Read and write devices | - +| Description | Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers. | - +| AdminConsentRequired | Yes | - -* _Group.Read.All_: Read all Microsoft 365 groups that the signed-in user is a member of (`GET /me/memberOf/$/microsoft.graph.group?$filter=groupTypes/any(a:a%20eq%20'unified')`). -* _Group.Read.All_: Read all Microsoft 365 group content like conversations (`GET /groups/{id}/conversations`). -* _Group.ReadWrite.All_: Update group properties, like photo (`PUT /groups/{id}/photo/$value`). -* _GroupMember.ReadWrite.All_: Update group members (`POST /groups/{id}/members/$ref`). -> **Note:**: This also requires _User.ReadBasic.All_ to read the user to add as a member. +[!INCLUDE [Device.ReadWrite.All](../includes/permissions-notes/Device.ReadWrite.All.md)] -#### Application +--- -* _Group.Read.All_: Find all groups with name that starts with 'Sales' (`GET /groups?$filter=startswith(displayName,'Sales')`). -* _Group.ReadWrite.All_: Daemon service creates new events on a Microsoft 365 group's calendar (`POST /groups/{id}/events`). -* _Group.Create_: Creates a new group (`POST /groups`). +### DeviceLocalCredential.Read.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 884b599e-4d48-43a5-ba94-15c414d00588 | 280b3b69-0437-44b1-bc20-3b2fca1ee3e9 +| DisplayText | Read device local credential passwords | Read device local credential passwords +| Description | Allows the app to read device local credential properties including passwords, without a signed-in user. | Allows the app to read device local credential properties including passwords, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- +### DeviceLocalCredential.ReadBasic.All -## Identity provider permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | db51be59-e728-414b-b800-e0f010df1a79 | 9917900e-410b-4d15-846e-42a357488545 +| DisplayText | Read device local credential properties | Read device local credential properties +| Description | Allows the app to read device local credential properties excluding passwords, without a signed-in user. | Allows the app to read device local credential properties excluding passwords, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _IdentityProvider.Read.All_ | Read identity provider information | Allows the app to read identity providers configured in your Azure AD or Azure AD B2C tenant on behalf of the signed-in user. | Yes | No | -| _IdentityProvider.ReadWrite.All_ | Read and write identity provider information | Allows the app to read or write identity providers configured in your Azure AD or Azure AD B2C tenant on behalf of the signed-in user. | Yes | No | +### DeviceManagementApps.Read.All -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7a6ee1e7-141e-4cec-ae74-d9db155731ff | 4edf5f54-4666-44af-9de9-0144fb4b6e8c +| DisplayText | Read Microsoft Intune apps | Read Microsoft Intune apps +| Description | Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user. | Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. +| AdminConsentRequired | Yes | Yes -_IdentityProvider.Read.All_ and _IdentityProvider.ReadWrite.All_ are valid only for work or school accounts. For an app to read or write identity providers with delegated permissions, the signed-in user must be assigned the Global Administrator role. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +[!INCLUDE [DeviceManagementApps.Read.All](../includes/permissions-notes/DeviceManagementApps.Read.All.md)] -### Example usage +--- -#### Delegated -The following usages are valid for both delegated permissions: +### DeviceManagementApps.ReadWrite.All -* _IdentityProvider.Read.All_: Read all identity providers configured in the tenant (`GET /beta/identityProviders`) -* _IdentityProvider.Read.All_: Read an existing identity provider (`GET /beta/identityProviders/{id}`) -* _IdentityProvider.ReadWrite.All_ Create an identity provider (`POST /beta/identityProviders`) -* _IdentityProvider.ReadWrite.All_ Update an existing identity provider (`PATCH /beta/identityProviders/{id}`) -* _IdentityProvider.ReadWrite.All_ Delete an existing identity provider (`DELETE /beta/identityProviders/{id}`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 78145de6-330d-4800-a6ce-494ff2d33d07 | 7b3f05d5-f68c-4b8d-8c59-a2ecd12f24af +| DisplayText | Read and write Microsoft Intune apps | Read and write Microsoft Intune apps +| Description | Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune, without a signed-in user. | Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. +| AdminConsentRequired | Yes | Yes -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +[!INCLUDE [DeviceManagementApps.ReadWrite.All](../includes/permissions-notes/DeviceManagementApps.ReadWrite.All.md)] --- -## Identity protection risk permissions +### DeviceManagementConfiguration.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | dc377aa6-52d8-4e23-b271-2a7ae04cedf3 | f1493658-876a-4c87-8fa7-edb559b3476a +| DisplayText | Read Microsoft Intune device configuration and policies | Read Microsoft Intune Device Configuration and Policies +| Description | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _IdentityRiskEvent.Read.All_ | Read identity risk event information | Allows the app to read identity risk event information for all users in your organization on behalf of the signed-in user. | Yes | No | -| _IdentityRiskyUser.Read.All_ | Read identity user risk information | Allows the app to read identity user risk information for all users in your organization on behalf of the signed-in user. | Yes | No | -| _IdentityRiskyUser.ReadWrite.All_ | Read and update identity user risk information | Allows the app to read and update identity user risk information for all users in your organization on behalf of the signed-in user. | Yes | No | -| _IdentityRiskyServicePrincipal.Read.All_ | Read all risky service principal information | Allows the app to read all risky service principal information for your organization, on behalf of the signed-in user. | Yes | No | -| _IdentityRiskyServicePrincipal.ReadWrite.All_ | Read and write all risky service principal information | Allows the app to read and update risky service principal information for all service principals in your organization, on behalf of the signed-in user. Update operations include dismissing risky service principals.| Yes | No | +[!INCLUDE [DeviceManagementConfiguration.Read.All](../includes/permissions-notes/DeviceManagementConfiguration.Read.All.md)] -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _IdentityRiskEvent.Read.All_ | Read identity risk event information | Allows the app to read identity risk event information for all users in your organization without a signed-in user. | Yes | -| _IdentityRiskyUser.Read.All_ | Read identity user risk information | Allows the app to read identity user risk information for all users in your organization without a signed-in user. | Yes | -| _IdentityRiskyUser.ReadWrite.All_ | Read and update identity user risk information | Allows the app to read and update identity user risk information for all users in your organization without a signed-in user. | Yes | -| _IdentityRiskyServicePrincipal.Read.All_ | Read all risky service principal information | Allows the app to read all risky service principal information for your organization, without a signed-in user. | Yes | -| _IdentityRiskyServicePrincipal.ReadWrite.All_ | Read and write all risky service principal information | Allows the app to read and update risky service principal for your organization, without a signed-in user.| Yes | +### DeviceManagementConfiguration.ReadWrite.All -All identity risk permissions are valid only for work or school accounts. For an app with delegated permissions to read identity risk information, the signed-in user must be a member of one of the following [Azure AD administrator roles](/azure/active-directory/roles/permissions-reference): Global Administrator, Security Administrator, or Security Reader. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9241abd9-d0e6-425a-bd4f-47ba86e767a4 | 0883f392-0a7a-443d-8c76-16a6d39c7b63 +| DisplayText | Read and write Microsoft Intune device configuration and policies | Read and write Microsoft Intune Device Configuration and Policies +| Description | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups, without a signed-in user. | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. +| AdminConsentRequired | Yes | Yes -### Example usage +[!INCLUDE [DeviceManagementConfiguration.ReadWrite.All](../includes/permissions-notes/DeviceManagementConfiguration.ReadWrite.All.md)] -The following usages are valid for both delegated and application permissions: +--- -#### Read risk events +### DeviceManagementManagedDevices.PrivilegedOperations.All -* Read all risk events generated for all users in the tenant (`GET /identityProtection/riskDetections`) -* Read most recent 50 risk events (`GET /identityProtection/riskDetections?$orderby=detectedDateTime desc&top=50`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5b07b0dd-2377-4e44-a38d-703f09a0dc3c | 3404d2bf-2b13-457e-a330-c24615765193 +| DisplayText | Perform user-impacting remote actions on Microsoft Intune devices | Perform user-impacting remote actions on Microsoft Intune devices +| Description | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune, without a signed-in user. | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune. +| AdminConsentRequired | Yes | Yes -#### Read risky users +[!INCLUDE [DeviceManagementManagedDevices.PrivilegedOperations.All](../includes/permissions-notes/DeviceManagementManagedDevices.PrivilegedOperations.All.md)] -* Read all risky users and properties in the tenant (`GET /identityProtection/riskyUsers`) -* Read all risky users whose aggregate risk level is Medium (`GET /identityProtection/riskyUsers?$filter=riskLevel eq 'medium'`) -* Read the risk information for a specific user (`GET /identityProtection/riskyUsers?$filter=id eq 'userId'`) +--- -#### Read risky service principals +### DeviceManagementManagedDevices.Read.All -* Read all risky service principals and properties in the tenant (`GET /identityProtection/riskyServicePrincipals`) -* Read all risky service principals whose aggregate risk level is Medium (`GET /identityProtection/riskyServicePrincipals?$filter=riskLevel eq 'medium'`) -* Read the risk information for a specific service principal (`GET /identityProtection/riskyServicePrincipals?$filter=id eq '{riskyServicePrincipalsId}'`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2f51be20-0bb4-4fed-bf7b-db946066c75e | 314874da-47d6-4978-88dc-cf0d37f0bb82 +| DisplayText | Read Microsoft Intune devices | Read Microsoft Intune devices +| Description | Allows the app to read the properties of devices managed by Microsoft Intune, without a signed-in user. | Allows the app to read the properties of devices managed by Microsoft Intune. +| AdminConsentRequired | Yes | Yes -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +[!INCLUDE [DeviceManagementManagedDevices.Read.All](../includes/permissions-notes/DeviceManagementManagedDevices.Read.All.md)] --- -## Identity user flow permissions +### DeviceManagementManagedDevices.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 243333ab-4d21-40cb-a475-36241daa0842 | 44642bfe-8385-4adc-8fc6-fe3cb2c375c3 +| DisplayText | Read and write Microsoft Intune devices | Read and write Microsoft Intune devices +| Description | Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device’s owner | Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device’s owner. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +[!INCLUDE [DeviceManagementManagedDevices.ReadWrite.All](../includes/permissions-notes/DeviceManagementManagedDevices.ReadWrite.All.md)] -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _IdentityUserFlow.Read.All_ | Read all identity user flows in a tenant | Allows the app to read your organization's user flows. | Yes | No | -| _IdentityUserFlow.ReadWrite.All_ | Read and write all identity user flows in a tenant. | Allows the app to read or write your organization's user flows. | Yes | No | +--- -#### Application permissions +### DeviceManagementRBAC.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _IdentityUserFlow.Read.All_ | Read all identity user flows in a tenant | Allows the app to read your organization's user flows. | Yes | No | -| _IdentityUserFlow.ReadWrite.All_ | Read and write all identity user flows in a tenant. | Allows the app to read or write your organization's user flows. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 58ca0d9a-1575-47e1-a3cb-007ef2e4583b | 49f0cc30-024c-4dfd-ab3e-82e137ee5431 +| DisplayText | Read Microsoft Intune RBAC settings | Read Microsoft Intune RBAC settings +| Description | Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user. | Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. +| AdminConsentRequired | Yes | Yes -### Remarks +[!INCLUDE [DeviceManagementRBAC.Read.All](../includes/permissions-notes/DeviceManagementRBAC.Read.All.md)] -_IdentityUserFlow.Read.All_ and _IdentityUserFlow.ReadWrite.ALL_ is valid only for work or school accounts. +--- -For an app with delegated permissions to read user flows, the signed-in user must be a member of one of the following administrator roles: Global Administrator, External Identities User Flow Administrator, or Global Reader. For an app with delegated permissions to write user flows, the signed-in user must be a member of one of the following administrator roles: Global Administrator or External Identities User Flow Administrator. +### DeviceManagementRBAC.ReadWrite.All -For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +| Category | Application | Delegated | +|--|--|--| +| Identifier | e330c4f0-4170-414e-a55a-2f022ec2b57b | 0c5e8a55-87a6-4556-93ab-adc52c4d862d +| DisplayText | Read and write Microsoft Intune RBAC settings | Read and write Microsoft Intune RBAC settings +| Description | Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings, without a signed-in user. | Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. +| AdminConsentRequired | Yes | Yes -### Example usage +[!INCLUDE [DeviceManagementRBAC.ReadWrite.All](../includes/permissions-notes/DeviceManagementRBAC.ReadWrite.All.md)] -#### Delegated and Application +--- -The following usages are valid for both delegated and application permissions: +### DeviceManagementServiceConfig.Read.All -* _IdentityUserFlow.Read.All_: Read all user flows in an Azure AD B2C tenant (`GET beta/identity/b2cUserFlows`) -* _IdentityUserFlow.Read.All_: Read all user flows in an Azure Active Directory (Azure AD) tenant (`GET beta/identity/b2xUserFlows`) -* _IdentityUserFlow.Read.All_: Read all user attribute assignments in an Azure AD B2C user flow (`GET beta/identity/b2cUserFlows/{id}/userAttributeAssignments`) -* _IdentityUserFlow.ReadWrite.All_: Create a new user flow in an Azure AD B2C tenant (`POST beta/identity/b2cUserFlows`) -* _IdentityUserFlow.ReadWrite.All_: Create a new user flow in an Azure Active Directory (Azure AD) tenant (`POST beta/identity/b2xUserflows`) -* _IdentityUserFlow.ReadWrite.All_: Add an identity provider to an Azure AD B2C user flow (`PATCH beta/identity/b2cUserFlows/{id}/identityProviders/$ref`) -* _IdentityUserFlow.ReadWrite.All_: Remove an identity provider from an Azure AD B2C user flow (`DELETE beta/identity/b2cUserFlows/{id}/identityProviders/{id}`) -* _IdentityUserFlow.ReadWrite.All_: Create a user attribute assignment in an Azure AD B2C user flow (`POST beta/identity/b2cUserFlows/{id}/userAttributeAssignments`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 06a5fe6d-c49d-46a7-b082-56b1b14103c7 | 8696daa5-bce5-4b2e-83f9-51b6defc4e1e +| DisplayText | Read Microsoft Intune configuration | Read Microsoft Intune configuration +| Description | Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user. | Allows the app to read Microsoft Intune service properties including device enrollment and third party service connection configuration. +| AdminConsentRequired | Yes | Yes -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +[!INCLUDE [DeviceManagementServiceConfig.Read.All](../includes/permissions-notes/DeviceManagementServiceConfig.Read.All.md)] --- -## Incidents permissions +### DeviceManagementServiceConfig.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5ac13192-7ace-4fcf-b828-1a26f28068ee | 662ed50a-ac44-4eef-ad86-62eed9be2a29 +| DisplayText | Read and write Microsoft Intune configuration | Read and write Microsoft Intune configuration +| Description | Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration, without a signed-in user. | Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +[!INCLUDE [DeviceManagementServiceConfig.ReadWrite.All](../includes/permissions-notes/DeviceManagementServiceConfig.ReadWrite.All.md)] -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _SecurityIncident.Read.All_ | Read incidents | Allows the app to read incidents, on behalf of the signed-in user. | Yes | No | -| _SecurityIncident.ReadWrite.All_ | Read and write to incidents | Allows the app to read and write incidents, on behalf of the signed-in user. | Yes | No | +--- + +### Directory.AccessAsUser.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0e263e50-5827-48a4-b97c-d940288653c7 +| DisplayText | - | Access directory as the signed in user +| Description | - | Allows the app to have the same access to information in the directory as the signed-in user. +| AdminConsentRequired | - | Yes -#### Application permissions +[!INCLUDE [Directory.AccessAsUser.All](../includes/permissions-notes/Directory.AccessAsUser.All.md)] -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _SecurityIncident.Read.All_ | Read all incidents | Allows the app to read all incidents, without a signed-in user. | Yes | -| _SecurityIncident.ReadWrite.All_ | Read and write to all incidents | Allows the app to read and write to all incidents, without a signed-in user. | Yes | +--- -### Remarks +### Directory.Read.All -Incidents permissions are valid only on work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7ab1d382-f21e-4acd-a863-ba3e13f7da61 | 06da0dbc-49e2-44d2-8312-53f166ab848a +| DisplayText | Read directory data | Read directory data +| Description | Allows the app to read data in your organization's directory, such as users, groups and apps, without a signed-in user. | Allows the app to read data in your organization's directory, such as users, groups and apps. +| AdminConsentRequired | Yes | Yes -### Example usage +[!INCLUDE [Directory.Read.All](../includes/permissions-notes/Directory.Read.All.md)] -#### Delegated +--- -* _SecurityIncident.Read.All_: Read all incidents in an organization that the user is allowed to read (`GET /security/incidents`) -* _SecurityIncident.ReadWrite.All_: Read and write to all incidents in an organization that the user is allowed to read and write (`GET /security/incidents`) +### Directory.ReadWrite.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | 19dbc75e-c2e2-444c-a770-ec69d8559fc7 | c5366453-9fb0-48a5-a156-24f0c49a4b84 +| DisplayText | Read and write directory data | Read and write directory data +| Description | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. | Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. +| AdminConsentRequired | Yes | Yes -* _SecurityIncident.Read.All_: Read all incidents in an organization (`GET /security/incidents`) -* _SecurityIncident.ReadWrite.All_: Read and write to all incidents in an organization (`GET /security/incidents`) +[!INCLUDE [Directory.ReadWrite.All](../includes/permissions-notes/Directory.ReadWrite.All.md)] --- -## Industry data permissions +### Directory.Write.Restricted -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f20584af-9290-4153-9280-ff8bb2c0ea7f | cba5390f-ed6a-4b7f-b657-0efc2210ed20 +| DisplayText | Manage restricted resources in the directory | Manage restricted resources in the directory +| Description | Allows the app to manage restricted resources based on the other permissions granted to the app, without a signed-in user. | Allows the app to manage restricted resources based on the other permissions granted to the app, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| ------------------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------- | :--------------------- | :-------------------------- | -| _IndustryData.ReadBasic.All_ | Read basic industry data service and resource definitions | Allows the app to read basic industry data service and resource information on behalf of the signed-in user. | No | No | -| _IndustryData-DataConnector.Read.All_ | View data connector definitions | Allows the app to read data connectors on behalf of the signed-in user. | Yes | No | -| _IndustryData-DataConnector.ReadWrite.All_ | Manage data connector definitions | Allows the app to read and write data connectors on behalf of the signed-in user. | Yes | No | -| _IndustryData-DataConnector.Upload_ | Upload files to a data connector | Allows the app to upload data files to a data connector on behalf of the signed-in user. | Yes | No | -| _IndustryData-InboundFlow.Read.All_ | View inbound flow definitions | Allows the app to read inbound data flows on behalf of the signed-in user. | Yes | No | -| _IndustryData-InboundFlow.ReadWrite.All_ | Manage inbound flow definitions | Allows the app to read and write inbound data flows on behalf of the signed-in user. | Yes | No | -| _IndustryData-ReferenceDefinition.Read.All_ | View reference definitions | Allows the app to read reference definitions on behalf of the signed-in user. | Yes | No | -| _IndustryData-Run.Read.All_ | View current and previous runs | Allows the app to read current and previous industry data runs on behalf of the signed-in user. | Yes | No | -| _IndustryData-SourceSystem.Read.All_ | View source system definitions | Allows the app to read source system definitions on behalf of the signed-in user. | Yes | No | -| _IndustryData-SourceSystem.ReadWrite.All_ | Manage source system definitions | Allows the app to read and write source system definitions on behalf of the signed-in user. | Yes | No | -| _IndustryData-TimePeriod.Read.All_ | Read time period definitions | Allows the app to read time period definitions on behalf of the signed-in user. | Yes | No | -| _IndustryData-TimePeriod.ReadWrite.All_ | Manage time period definitions | Allows the app to read and write time period definitions on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### DirectoryRecommendations.Read.All -| Permission | Display String | Description | Admin Consent Required | -| ------------------------------------------- | --------------------------------------------------------- | ------------------------------------------------------------------------------------------------------ | :--------------------- | -| _IndustryData.ReadBasic.All_ | View basic service and resource information | Allows the app to read basic service and resource information without a signed-in user. | No | -| _IndustryData-DataConnector.Read.All_ | View data connector definitions | Allows the app to read data connectors without a signed-in user. | Yes | -| _IndustryData-DataConnector.ReadWrite.All_ | Manage data connector definitions | Allows the app to read and write data connectors without a signed-in user. | Yes | -| _IndustryData-DataConnector.Upload_ | Upload files to a data connector | Allows the app to upload data files to a data connector without a signed-in user. | Yes | -| _IndustryData-InboundFlow.Read.All_ | View inbound flow definitions | Allows the app to read inbound data flows without a signed-in user. | Yes | -| _IndustryData-InboundFlow.ReadWrite.All_ | Manage inbound flow definitions | Allows the app to read and write inbound data flows without a signed-in user. | Yes | -| _IndustryData-ReferenceDefinition.Read.All_ | View reference definitions | Allows the app to read reference definitions without a signed-in user. | Yes | -| _IndustryData-Run.Read.All_ | View current and previous runs | Allows the app to read current and previous industry data runs without a signed-in user. | Yes | -| _IndustryData-SourceSystem.Read.All_ | View source system definitions | Allows the app to read source system definitions without a signed-in user. | Yes | -| _IndustryData-SourceSystem.ReadWrite.All_ | Manage source system definitions | Allows the app to read and write source system definitions without a signed-in user. | Yes | -| _IndustryData-TimePeriod.Read.All_ | Read time period definitions | Allows the app to read time period definitions without a signed-in user. | Yes | -| _IndustryData-TimePeriod.ReadWrite.All_ | Manage time period definitions | Allows the app to read and write time period definitions without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | ae73097b-cb2a-4447-b064-5d80f6093921 | 34d3bd24-f6a6-468c-b67c-0c365c1d6410 +| DisplayText | Read all Azure AD recommendations | Read Azure AD recommendations +| Description | Allows the app to read all Azure AD recommendations, without a signed-in user. | Allows the app to read Azure AD recommendations, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Information protection policy permissions +### DirectoryRecommendations.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0e9eea12-4f01-45f6-9b8d-3ea4c8144158 | f37235e8-90a0-4189-93e2-e55b53867ccd +| DisplayText | Read and update all Azure AD recommendations | Read and update Azure AD recommendations +| Description | Allows the app to read and update all Azure AD recommendations, without a signed-in user. | Allows the app to read and update Azure AD recommendations, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _InformationProtectionPolicy.Read_ | Read user sensitivity labels and label policies | Allows an app to read information protection sensitivity labels and label policy settings, on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### Domain.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _InformationProtectionPolicy.Read.All_ | Read all published labels and label policies for an organization | Allows an app to read published sensitivity labels and label policy settings for the entire organization or a specific user, without a signed in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | dbb9058a-0e50-45d7-ae91-66909b5d4664 | 2f9ee017-59c1-4f1d-9472-bd5529a7b311 +| DisplayText | Read domains | Read domains. +| Description | Allows the app to read all domain properties without a signed-in user. | Allows the app to read all domain properties on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- +### Domain.ReadWrite.All -## Intune device management permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7e05723c-0bb0-42da-be95-ae9f08a6e53c | 0b5d694c-a244-4bde-86e6-eb5cd07730fe +| DisplayText | Read and write domains | Read and write domains +| Description | Allows the app to read and write all domain properties without a signed in user.  Also allows the app to add,  verify and remove domains. | Allows the app to read and write all domain properties on behalf of the signed-in user. Also allows the app to add, verify and remove domains. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_DeviceManagementApps.Read.All_ | Read Microsoft Intune apps | Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. | Yes | No | -|_DeviceManagementApps.ReadWrite.All_ | Read and write Microsoft Intune apps | Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. | Yes | No | -|_DeviceManagementConfiguration.Read.All_ | Read Microsoft Intune device configuration and policies | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. | Yes | No | -|_DeviceManagementConfiguration.ReadWrite.All_ | Read and write Microsoft Intune device configuration and policies | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. | Yes | No | -|_DeviceManagementManagedDevices.PrivilegedOperations.All_ | Perform user-impacting remote actions on Microsoft Intune devices | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune. | Yes | No | -|_DeviceManagementManagedDevices.Read.All_ | Read Microsoft Intune devices | Allows the app to read the properties of devices managed by Microsoft Intune. | Yes | No | -|_DeviceManagementManagedDevices.ReadWrite.All_ | Read and write Microsoft Intune devices | Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device's owner. | Yes | No | -|_DeviceManagementRBAC.Read.All_ | Read Microsoft Intune RBAC settings | Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. | Yes | No | -|_DeviceManagementRBAC.ReadWrite.All_ | Read and write Microsoft Intune RBAC settings | Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. | Yes | No | -|_DeviceManagementServiceConfig.Read.All_ | Read Microsoft Intune configuration | Allows the app to read Intune service properties including device enrollment and third party service connection configuration. | Yes | No | -|_DeviceManagementServiceConfig.ReadWrite.All_ | Read and write Microsoft Intune configuration | Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration. | Yes | No | +--- -#### Application permissions +### EAS.AccessAsUser.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_DeviceManagementApps.Read.All_ | Read Microsoft Intune apps | Allows the app to read the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. | Yes | No | -|_DeviceManagementApps.ReadWrite.All_ | Read and write Microsoft Intune apps | Allows the app to read and write the properties, group assignments and status of apps, app configurations and app protection policies managed by Microsoft Intune. | Yes | No | -|_DeviceManagementConfiguration.Read.All_ | Read Microsoft Intune device configuration and policies | Allows the app to read properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. | Yes | No | -|_DeviceManagementConfiguration.ReadWrite.All_ | Read and write Microsoft Intune device configuration and policies | Allows the app to read and write properties of Microsoft Intune-managed device configuration and device compliance policies and their assignment to groups. | Yes | No | -|_DeviceManagementManagedDevices.PrivilegedOperations.All_ | Perform user-impacting remote actions on Microsoft Intune devices | Allows the app to perform remote high impact actions such as wiping the device or resetting the passcode on devices managed by Microsoft Intune. | Yes | No | -|_DeviceManagementManagedDevices.Read.All_ | Read Microsoft Intune devices | Allows the app to read the properties of devices managed by Microsoft Intune. | Yes | No | -|_DeviceManagementManagedDevices.ReadWrite.All_ | Read and write Microsoft Intune devices | Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device's owner. | Yes | No | -|_DeviceManagementRBAC.Read.All_ | Read Microsoft Intune RBAC settings | Allows the app to read the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. | Yes | No | -|_DeviceManagementRBAC.ReadWrite.All_ | Read and write Microsoft Intune RBAC settings | Allows the app to read and write the properties relating to the Microsoft Intune Role-Based Access Control (RBAC) settings. | Yes | No | -|_DeviceManagementServiceConfig.Read.All_ | Read Microsoft Intune configuration | Allows the app to read Intune service properties including device enrollment and third party service connection configuration. | Yes | No | -|_DeviceManagementServiceConfig.ReadWrite.All_ | Read and write Microsoft Intune configuration | Allows the app to read and write Microsoft Intune service properties including device enrollment and third party service connection configuration. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ff91d191-45a0-43fd-b837-bd682c4a0b0f +| DisplayText | - | Access mailboxes via Exchange ActiveSync +| Description | - | Allows the app to have the same access to mailboxes as the signed-in user via Exchange ActiveSync. +| AdminConsentRequired | - | No -### Remarks +--- -> **Note:** Using the Microsoft Graph APIs to configure Intune controls and policies still requires that the Intune service is [correctly licensed](https://go.microsoft.com/fwlink/?linkid=839381) by the customer. +### eDiscovery.Read.All -These permissions are only valid for work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 50180013-6191-4d1e-a373-e590ff4e66af | 99201db3-7652-4d5a-809a-bdb94f85fe3c +| DisplayText | Read all eDiscovery objects | Read all eDiscovery objects +| Description | Allows the app to read eDiscovery objects such as cases, custodians, review sets and other related objects without a signed-in user. | Allows the app to read eDiscovery objects such as cases, custodians, review sets and other related objects on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Example usage +--- -#### Delegated +### eDiscovery.ReadWrite.All -* _DeviceManagementServiceConfiguration.Read.All_: Check the current state of the Intune subscription (`GET /deviceManagement/subscriptionState`). -* _DeviceManagementServiceConfiguration.ReadWrite.All_: Create new Terms and Conditions (`POST /deviceManagement/termsAndConditions`). -* _DeviceManagementConfiguration.Read.All_: Find the status of a device configuration (`GET /deviceManagement/deviceConfigurations/{id}/deviceStatuses`). -* _DeviceManagementConfiguration.ReadWrite.All_: Assign a device compliance policy to a group (`POST deviceCompliancePolicies/{id}/assign`). -* _DeviceManagementApps.Read.All_: Find all the Windows Store apps published to Intune (`GET /deviceAppManagement/mobileApps?$filter=isOf('microsoft.graph.windowsStoreApp')`). -* _DeviceManagementApps.ReadWrite.All_: Publish a new application (`POST /deviceAppManagement/mobileApps`). -* _DeviceManagementRBAC.Read.All_: Find a role assignment by name (`GET /deviceManagement/roleAssignments?$filter=displayName eq 'My Role Assignment'`). -* _DeviceManagementRBAC.ReadWrite.All_: Create a new custom role (`POST /deviceManagement/roleDefinitions`). -* _DeviceManagementManagedDevices.Read.All_: Find a managed device by name (`GET /managedDevices/?$filter=deviceName eq 'My Device'`). -* _DeviceManagementManagedDevices.ReadWrite.All_: Remove a managed device (`DELETE /managedDevices/{id}`). -* _DeviceManagementManagedDevices.PrivilegedOperations.All_: Reset the passcode on a user's managed device (`POST /managedDevices/{id}/resetPasscode`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | b2620db1-3bf7-4c5b-9cb9-576d29eac736 | acb8f680-0834-4146-b69e-4ab1b39745ad +| DisplayText | Read and write all eDiscovery objects | Read and write all eDiscovery objects +| Description | Allows the app to read and write eDiscovery objects such as cases, custodians, review sets and other related objects without a signed-in user. | Allows the app to read and write eDiscovery objects such as cases, custodians, review sets and other related objects on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application +--- -* _DeviceManagementServiceConfiguration.Read.All_: Check the current state of the Intune subscription (`GET /deviceManagement/subscriptionState`). -* _DeviceManagementServiceConfiguration.ReadWrite.All_: Create new Terms and Conditions (`POST /deviceManagement/termsAndConditions`). -* _DeviceManagementConfiguration.Read.All_: Find the status of a device configuration (`GET /deviceManagement/deviceConfigurations/{id}/deviceStatuses`). -* _DeviceManagementConfiguration.ReadWrite.All_: Assign a device compliance policy to a group (`POST deviceCompliancePolicies/{id}/assign`). -* _DeviceManagementApps.Read.All_: Find all the Windows Store apps published to Intune (`GET /deviceAppManagement/mobileApps?$filter=isOf('microsoft.graph.windowsStoreApp')`). -* _DeviceManagementApps.ReadWrite.All_: Publish a new application (`POST /deviceAppManagement/mobileApps`). -* _DeviceManagementRBAC.Read.All_: Find a role assignment by name (`GET /deviceManagement/roleAssignments?$filter=displayName eq 'My Role Assignment'`). -* _DeviceManagementRBAC.ReadWrite.All_: Create a new custom role (`POST /deviceManagement/roleDefinitions`). -* _DeviceManagementManagedDevices.Read.All_: Find a managed device by name (`GET /managedDevices/?$filter=deviceName eq 'My Device'`). -* _DeviceManagementManagedDevices.ReadWrite.All_: Remove a managed device (`DELETE /managedDevices/{id}`). -* _DeviceManagementManagedDevices.PrivilegedOperations.All_: Reset the passcode on a user's managed device (`POST /managedDevices/{id}/resetPasscode`). +### EduAdministration.Read -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 8523895c-6081-45bf-8a5d-f062a2f12c9f +| DisplayText | - | Read education app settings +| Description | - | Read the state and settings of all Microsoft education apps on behalf of the user. +| AdminConsentRequired | - | Yes --- -## Lifecycle workflows permissions +### EduAdministration.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7c9db06a-ec2d-4e7b-a592-5a1e30992566 | - +| DisplayText | Read Education app settings | - +| Description | Read the state and settings of all Microsoft education apps. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _LifecycleWorkflows.Read.All_ | Read all lifecycle workflows resources | Allows the app to list and read all workflows, tasks and related lifecycle workflows resources on behalf of the signed-in user. | Yes | No | -| _LifecycleWorkflows.ReadWrite.All_ | Read and write all lifecycle workflows resources | Allows the app to create, update, list, read and delete all workflows, tasks and related lifecycle workflows resources on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### EduAdministration.ReadWrite -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _LifecycleWorkflows.Read.All_ | Read all lifecycle workflows resources | Allows the app to list and read all workflows, tasks and related lifecycle workflows resources without a signed-in user. | Yes | -| _LifecycleWorkflows.ReadWrite.All_ | Read and write all lifecycle workflows resources | Allows the app to create, update, list, read and delete all workflows, tasks and related lifecycle workflows resources without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 63589852-04e3-46b4-bae9-15d5b1050748 +| DisplayText | - | Manage education app settings +| Description | - | Manage the state and settings of all Microsoft education apps on behalf of the user. +| AdminConsentRequired | - | Yes --- -## Mail permissions +### EduAdministration.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9bc431c3-b8bc-4a8d-a219-40f10f92eff6 | - +| DisplayText | Manage education app settings | - +| Description | Manage the state and settings of all Microsoft education apps. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Mail.Read_ | Read user mail | Allows the app to read email in user mailboxes. | No | Yes -| _Mail.ReadBasic_ | Read user basic mail | Allows the app to read email in the signed-in user's mailbox, except for **body**, **bodyPreview**, **uniqueBody**, **attachments**, **extensions**, and any extended properties. Does not include permissions to search messages. | No | No -| _Mail.ReadWrite_ | Read and write access to user mail | Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail.| No | Yes -| _Mail.Read.Shared_ | Read user and shared mail | Allows the app to read mail that the user can access, including the user's own and shared mail. | No | No -| _Mail.ReadWrite.Shared_ | Read and write user and shared mail | Allows the app to create, read, update, and delete mail that the user has permission to access, including the user's own and shared mail. Does not include permission to send mail. | No | No -| _Mail.Send_ | Send mail as a user | Allows the app to send mail as users in the organization. | No | Yes -| _Mail.Send.Shared_ | Send mail on behalf of others | Allows the app to send mail as the signed-in user, including sending on-behalf of others. | No | No -| _MailboxSettings.Read_ | Read user mailbox settings | Allows the app to the read user's mailbox settings. Does not include permission to send mail. | No | Yes -| _MailboxSettings.ReadWrite_ | Read and write user mailbox settings | Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to directly send mail, but allows the app to create rules that can forward or redirect messages. | No | Yes -| _IMAP.AccessAsUser.All_ | Read and write access to user mail via IMAP | Allows the app to read, update, create and delete email in user mailboxes. Does not include permission to send mail. | No | Yes -| _POP.AccessAsUser.All_ | Read and write access to user mail via POP | Allows the app to read, update, create and delete email in user mailboxes. Does not include permission to send mail. | No | Yes -| _SMTP.Send_ | Send mail as a user using SMTP AUTH | Allows the app to send mail as users in the organization. | No | Yes +--- -#### Application permissions +### EduAssignments.Read -| Permission | Display String | Description | Admin Consent Required | -|:----------------------------|:-----------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:-----------------------| -| _Mail.Read_ | Read mail in all mailboxes | Allows the app to read mail in all mailboxes without a signed-in user. | Yes | -| _Mail.ReadBasic.All_ | Read all users basic mail | Allows the app to read all users mailboxes except Body, BodyPreview, UniqueBody, Attachments, ExtendedProperties, and Extensions. Does not include permissions to search messages. | Yes | -| _Mail.ReadWrite_ | Read and write mail in all mailboxes | Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail. | Yes | -| _Mail.Send_ | Send mail as any user | Allows the app to send mail as any user without a signed-in user. | Yes | -| _MailboxSettings.Read_ | Read all user mailbox settings | Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. | Yes | -| _MailboxSettings.ReadWrite_ | Read and write all user mailbox settings | Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 091460c9-9c4a-49b2-81ef-1f3d852acce2 +| DisplayText | - | Read users' class assignments and their grades +| Description | - | Allows the app to read assignments and their grades on behalf of the user. +| AdminConsentRequired | - | Yes -> **Important** -Administrators can configure [application access policy](auth-limit-mailbox-access.md) to limit app access to _specific_ mailboxes and not to all the mailboxes in the organization, even if the app has been granted the application permissions of Mail.Read, Mail.ReadWrite, Mail.Send, MailboxSettings.Read, or MailboxSettings.ReadWrite. +--- +### EduAssignments.Read.All -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4c37e1b6-35a1-43bf-926a-6f30f2cdf585 | - +| DisplayText | Read all class assignments with grades | - +| Description | Allows the app to read all class assignments with grades for all users without a signed-in user. | - +| AdminConsentRequired | Yes | - -_Mail.Read.Shared_, _Mail.ReadWrite.Shared_, and _Mail.Send.Shared_ are only valid for work or school accounts. All other permissions are valid for both Microsoft accounts and work or school accounts. +--- -With the _Mail.Send_ or _Mail.Send.Shared_ permission, an app can send mail and save a copy to the user's Sent Items folder, even if the app does not use a corresponding _Mail.ReadWrite_ or _Mail.ReadWrite.Shared_ permission. +### EduAssignments.ReadBasic -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c0b0103b-c053-4b2e-9973-9f3a544ec9b8 +| DisplayText | - | Read users' class assignments information without reading any feedback or outcomes +| Description | - | Allows the app to read assignments information on behalf of the user without reading any feedback or outcomes. +| AdminConsentRequired | - | Yes -#### Delegated +--- -* _Mail.Read_: List messages in the user's inbox, sorted by `receivedDateTime` (`GET /me/mailfolders/inbox/messages?$orderby=receivedDateTime DESC`). -* _Mail.Read.Shared_: Find all messages with attachments in a user's inbox that has shared their inbox with the signed-in user (`GET /users{id | userPrincipalName}/mailfolders/inbox/messages?$filter=hasAttachments eq true`). -* _Mail.ReadWrite_: Mark a message read (`PATCH /me/messages/{id}`). -* _Mail.Send_: Send a message (`POST /me/sendmail`). -* _MailboxSettings.ReadWrite_: Update the user's automatic reply (`PATCH /me/mailboxSettings`). +### EduAssignments.ReadBasic.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6e0a958b-b7fc-4348-b7c4-a6ab9fd3dd0e | - +| DisplayText | Read all class assignments information without reading any feedback or outcomes | - +| Description | Allows the app to read all class assignments information for all users without a signed-in user without reading any feedback or outcomes. | - +| AdminConsentRequired | Yes | - -* _Mail.Read_: Find messages from bob@contoso.com (`GET /users/{id | userPrincipalName}/messages?$filter=from/emailAddress/address eq 'bob@contoso.com'`). -* _Mail.ReadWrite_: Create a new folder in the Inbox named `Expense Reports` (`POST /users/{id | userPrincipalName}/mailfolders`). -* _Mail.Send_: Send a message (`POST /users/{id | userPrincipalName}/sendmail`). -* _MailboxSettings.Read_: Get the default timezone for the user's mailbox (`GET /users/{id | userPrincipalName}/mailboxSettings/timeZone`) +--- +### EduAssignments.ReadWrite -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2f233e90-164b-4501-8bce-31af2559a2d3 +| DisplayText | - | Read and write users' class assignments and their grades +| Description | - | Allows the app to read and write assignments and their grades on behalf of the user. +| AdminConsentRequired | - | Yes --- -## Managed tenant permissions +### EduAssignments.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0d22204b-6cad-4dd0-8362-3e3f2ae699d9 | - +| DisplayText | Create, read, update and delete all class assignments with grades | - +| Description | Allows the app to create, read, update and delete all class assignments with grades for all users without a signed-in user. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ManagedTenants.Read.All_ | Read all managed tenant specific information | Allows the app to read all managed tenant information on behalf of the signed-in user. | Yes | No | -| _ManagedTenants.ReadWrite.All_ | Read and write all managed tenant specific information | Allows the app to read and write all managed tenant information on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### EduAssignments.ReadWriteBasic -None. +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2ef770a1-622a-47c4-93ee-28d6adbed3a0 +| DisplayText | - | Read and write users' class assignments information without impacting or reading any feedback or outcomes +| Description | - | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. +| AdminConsentRequired | - | Yes --- -## Member permissions +### EduAssignments.ReadWriteBasic.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f431cc63-a2de-48c4-8054-a34bc093af84 | - +| DisplayText | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | - +| Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | - +| AdminConsentRequired | Yes | - + +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Member.Read.Hidden_ | Read hidden memberships | Allows the app to read the memberships of hidden groups and administrative units on behalf of the signed-in user, for those hidden groups and administrative units that the signed-in user has access to. | Yes | No | +### EduCurricula.Read -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 484859e8-b9e2-4e92-b910-84db35dadd29 +| DisplayText | - | Read the user's class modules and resources +| Description | - | Allows the app to read the user's modules and resources on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Member.Read.Hidden_ | Read all hidden memberships | Allows the app to read the memberships of hidden groups and administrative units without a signed-in user. | Yes | +--- -### Remarks -_Member.Read.Hidden_ is valid only on work or school accounts. +### EduCurricula.Read.All -Membership in some Microsoft 365 groups can be hidden. This means that only the members of the group can view its members. This feature can be used to help comply with regulations that require an organization to hide group membership from outsiders (for example, a Microsoft 365 group that represents students enrolled in a class). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6cdb464c-3a03-40f8-900b-4cb7ea1da9c0 | - +| DisplayText | Read all class modules and resources | - +| Description | Allows the app to read all modules and resources, without a signed-in user. | - +| AdminConsentRequired | Yes | - -### Example usage +--- -#### Delegated +### EduCurricula.ReadWrite -* _Member.Read.Hidden_: Read the members of an administrative unit with hidden membership on behalf of the signed-in user (`GET /administrativeUnits/{id}/members`). -* _Member.Read.Hidden_: Read the members of a group with hidden membership on behalf of the signed-in user (`GET /groups/{id}/members`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 4793c53b-df34-44fd-8d26-d15c517732f5 +| DisplayText | - | Read and write the user's class modules and resources +| Description | - | Allows the app to read and write user's modules and resources on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -#### Application +--- -* _Member.Read.Hidden_: Read the members of an administrative unit with hidden membership (`GET /administrativeUnits/{id}/members`). -* _Member.Read.Hidden_: Read the members of a group with hidden membership (`GET /groups/{id}/members`). +### EduCurricula.ReadWrite.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6a0c2318-d59d-4c7d-bf2e-5f3902dc2593 | - +| DisplayText | Read and write all class modules and resources | - +| Description | Allows the app to read and write all modules and resources, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Multi-tenant organization permissions +### EduRoster.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | a4389601-22d9-4096-ac18-36a927199112 +| DisplayText | - | Read users' view of the roster +| Description | - | Allows the app to read the structure of schools and classes in an organization's roster and education-specific information about users to be read on behalf of the user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _MultiTenantOrganization.ReadBasic.All_ | Read multi-tenant organization basic details and active tenants | Allows the app to read multi-tenant organization basic details and active tenants | No | No | -| _MultiTenantOrganization.Read.All_ | Read multi-tenant organization details and tenants | Allows the app to read multi-tenant organization details and tenants | Yes | No | -| _MultiTenantOrganization.ReadWrite.All_ | Read and write multi-tenant organization details and tenants | Allows the app to read and write multi-tenant organization details and tenants | Yes | No | +--- -#### Application permissions +### EduRoster.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _MultiTenantOrganization.ReadBasic.All_ | Read multi-tenant organization basic details and active tenants | Allows the app to read multi-tenant organization basic details and active tenants | Yes | -| _MultiTenantOrganization.Read.All_ | Read multi-tenant organization details and tenants | Allows the app to read multi-tenant organization details and tenants | Yes | -| _MultiTenantOrganization.ReadWrite.All_ | Read and write multi-tenant organization details and tenants | Allows the app to read and write multi-tenant organization details and tenants | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | e0ac9e1b-cb65-4fc5-87c5-1a8bc181f648 | - +| DisplayText | Read the organization's roster | - +| Description | Allows the app to read the structure of schools and classes in the organization's roster and education-specific information about all users to be read. | - +| AdminConsentRequired | Yes | - --- -## Network access permissions +### EduRoster.ReadBasic -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5d186531-d1bf-4f07-8cea-7c42119e1bd9 +| DisplayText | - | Read a limited subset of users' view of the roster +| Description | - | Allows the app to read a limited subset of the properties from the structure of schools and classes in an organization's roster and a limited subset of properties about users to be read on behalf of the user. Includes name, status, education role, email address and photo. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|NetworkAccessPolicy.Read.All|Read security and routing policies for network access|Allows the app to read your organization's security and routing network access policies on behalf of the signed-in user.|No|No| -|NetworkAccessBranch.Read.All|Read properties of branches for network access|Allows the app to read your organization's branches for network access on behalf of the signed-in user.|No|No| -|NetworkAccessPolicy.ReadWrite.All|Read and write security and routing policies for network access|Allows the app to read and write your organization's security and routing network access policies on behalf of the signed-in user.|Yes|No| -|NetworkAccessBranch.ReadWrite.All|Read and write properties of branches for network access|Allows the app to read and write your organization's branches for network access on behalf of the signed-in user.|Yes|No| +--- +### EduRoster.ReadBasic.All ---- +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0d412a8c-a06c-439f-b3ec-8abcf54d2f96 | - +| DisplayText | Read a limited subset of the organization's roster | - +| Description | Allows the app to read a limited subset of properties from both the structure of schools and classes in the organization's roster and education-specific information about all users. Includes name, status, role, email address and photo. | - +| AdminConsentRequired | Yes | - +--- -## Notes permissions +### EduRoster.ReadWrite -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 359e19a6-e3fa-4d7f-bcab-d28ec592b51e +| DisplayText | - | Read and write users' view of the roster +| Description | - | Allows the app to read and write the structure of schools and classes in an organization's roster and education-specific information about users to be read and written on behalf of the user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Notes.Read_ | Read user OneNote notebooks | Allows the app to read the titles of OneNote notebooks and sections and to create new pages, notebooks, and sections on behalf of the signed-in user. | No | Yes -| _Notes.Create_ | Create user OneNote notebooks | Allows the app to read the titles of OneNote notebooks and sections and to create new pages, notebooks, and sections on behalf of the signed-in user.| No | Yes -| _Notes.ReadWrite_ | Read and write user OneNote notebooks | Allows the app to read, share, and modify OneNote notebooks on behalf of the signed-in user. | No | Yes -| _Notes.Read.All_ | Read all OneNote notebooks that user can access | Allows the app to read OneNote notebooks that the signed-in user has access to in the organization. | No | No -| _Notes.ReadWrite.All_ | Read and write all OneNote notebooks that user can access | Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization.| No | No -| _Notes.ReadWrite.CreatedByApp_ | Limited notebook access (deprecated) | **Deprecated**
Do not use. No privileges are granted by this permission. | No | No +--- -#### Application permissions +### EduRoster.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Notes.Read.All_ | Read all OneNote notebooks | Allows the app to read all the OneNote notebooks in your organization, without a signed-in user. | Yes | -| _Notes.ReadWrite.All_ | Read and write all OneNote notebooks | Allows the app to read, share, and modify all the OneNote notebooks in your organization, without a signed-in user.| Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | d1808e82-ce13-47af-ae0d-f9b254e6d58a | - +| DisplayText | Read and write the organization's roster | - +| Description | Allows the app to read and write the structure of schools and classes in the organization's roster and education-specific information about all users to be read and written. | - +| AdminConsentRequired | Yes | - +--- -### Remarks -_Notes.Read.All_ and _Notes.ReadWrite.All_ are only valid for work or school accounts. All other permissions are valid for both Microsoft accounts and work or school accounts. +### email -With the _Notes.Create_ permission, an app can view the OneNote notebook hierarchy of the signed-in user and create OneNote content (notebooks, section groups, sections, pages, and so on). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 64a6cdd6-aab1-4aaf-94b8-3cc8405e90d0 +| DisplayText | - | View users' email address +| Description | - | Allows the app to read your users' primary email address +| AdminConsentRequired | - | No -_Notes.ReadWrite_ and _Notes.ReadWrite.All_ also allow the app to modify the permissions on the OneNote content that can be accessed by the signed-in user. +[!INCLUDE [email](../includes/permissions-notes/email.md)] -For work or school accounts, _Notes.Read.All_ and _Notes.ReadWrite.All_ allow the app to access other users' OneNote content that the signed-in user has permission to within the organization. +--- -### Example usage -#### Delegated +### EntitlementManagement.Read.All -* _Notes.Create_: Create a new notebooks for the signed-in user (`POST /me/onenote/notebooks`). -* _Notes.Read_: Read the notebooks for the signed-in user (`GET /me/onenote/notebooks`). -* _Notes.Read.All_: Get all notebooks that the signed-in user has access to within the organization (`GET /me/onenote/notebooks?includesharednotebooks=true`). -* _Notes.ReadWrite_: Update the page of the signed-in user (`PATCH /me/onenote/pages/{id}/$value`). -* _Notes.ReadWrite.All_: Create a page in another user's notebook that the signed-in user has access to within the organization (`POST /users/{id}/onenote/pages`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | c74fd47d-ed3c-45c3-9a9e-b8676de685d2 | 5449aa12-1393-4ea2-a7c7-d0e06c1a56b2 +| DisplayText | Read all entitlement management resources | Read all entitlement management resources +| Description | Allows the app to read access packages and related entitlement management resources without a signed-in user. | Allows the app to read access packages and related entitlement management resources on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application +--- -* _Notes.Read.All_: Read all users notebooks in a group (`GET /groups/{id}/onenote/notebooks`). -* _Notes.ReadWrite.All_: Update the page in a notebook for any user in the organization (`PATCH /users/{id}/onenote/pages/{id}/$value`). +### EntitlementManagement.ReadWrite.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9acd699f-1e81-4958-b001-93b1d2506e19 | ae7a573d-81d7-432b-ad44-4ed5c9d89038 +| DisplayText | Read and write all entitlement management resources | Read and write entitlement management resources +| Description | Allows the app to read and write access packages and related entitlement management resources without a signed-in user. | Allows the app to request access to and management of access packages and related entitlement management resources on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Notifications permissions -#### Delegated permissions -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Notifications.ReadWrite.CreatedByApp_ | Deliver and manage notifications for this app. | Allow the app to deliver its notifications on behalf of signed-in users. Also allows the app to read, update, and delete the user's notification items for this app. |No | -### Remarks -*Notifications.ReadWrite.CreatedByApp* is valid for both Microsoft accounts and work or school accounts. -The *CreatedByApp* constraint associated with this permission indicates that the service will apply implicit filtering to results based on the identity of the calling app, either the Microsoft account app ID or a set of app IDs configured for a cross-platform application identity. -### Example usage -#### Delegated -* _Notifications.ReadWrite.CreatedByApp_: Publish a user-centric notification, which might then be delivered to the user's multiple application clients running on different endpoints. (POST /me/notifications/). +### EntitlementMgmt-SubjectAccess.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | e9fdcbbb-8807-410f-b9ec-8d5468c7c2ac +| DisplayText | - | Read and write entitlement management resources related to self-service operations +| Description | - | Allows the app to manage self-service entitlement management resources on behalf of the signed-in user. This includes operations such as requesting access and approving access of others. +| AdminConsentRequired | - | No --- -## Online meetings permissions +### EventListener.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | b7f6385c-6ce6-4639-a480-e23c42ed9784 | f7dd3bed-5eec-48da-bc73-1c0ef50bc9a1 +| DisplayText | Read all authentication event listeners | Read your organization's authentication event listeners +| Description | Allows the app to read your organization's authentication event listeners without a signed-in user. | Allows the app to read your organization's authentication event listeners on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_OnlineMeetings.Read_|Read user's online meetings.|Allows the app to read online meeting details on behalf of the signed-in user.|No|No| -|_OnlineMeetings.ReadWrite_|Read and create user's online meetings.|Allows the app to read and create online meetings on behalf of the signed-in user. |No|No| -|_OnlineMeetingArtifact.Read.All_|Read user's online meeting artifacts.|Allows the app to read online meeting artifacts on behalf of the signed-in user. |No|No| -|_OnlineMeetingRecording.Read.All_|Read all recordings of online meetings.|Allows the app to read all recordings of online meetings, on behalf of the signed-in user. |Yes|No| -|_OnlineMeetingTranscript.Read.All_|Read all transcripts of online meetings.|Allows the app to read all transcripts of online meetings, on behalf of the signed-in user. |Yes|No| +--- + +### EventListener.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0edf5e9e-4ce8-468a-8432-d08631d18c43 | d11625a6-fe21-4fc6-8d3d-063eba5525ad +| DisplayText | Read and write all authentication event listeners | Read and write your organization's authentication event listeners +| Description | Allows the app to read or write your organization's authentication event listeners without a signed-in user. | Allows the app to read or write your organization's authentication event listeners on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -|_OnlineMeetings.Read.All_|Read online meeting details. |Allows the app to read online meeting details in your organization, without a signed-in user.|Yes| -|_OnlineMeetings.ReadWrite.All_|Read and create online meetings|Allows the app to read and create online meetings as an application in your organization.|Yes| -|_OnlineMeetingArtifact.Read.All_|Read online meeting artifacts |Allows the app to read online meeting artifacts in your organization, without a signed-in user.|Yes| -|_OnlineMeetingRecording.Read.All_|Read all recordings of online meetings.|Allows the app to read all recordings of all online meetings, without a signed-in user. |Yes| -|_OnlineMeetingTranscript.Read.All_|Read all transcripts of online meetings.|Allows the app to read all transcripts of all online meetings, without a signed-in user. |Yes| +--- -> **Important** -Administrators can configure [application access policy](cloud-communication-online-meeting-application-access-policy.md) to allow apps to access online meetings on behalf of a user. +### EWS.AccessAsUser.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9769c687-087d-48ac-9cb3-c37dde652038 +| DisplayText | - | Access mailboxes as the signed-in user via Exchange Web Services +| Description | - | Allows the app to have the same access to mailboxes as the signed-in user via Exchange Web Services. +| AdminConsentRequired | - | No -#### Delegated +--- -* _OnlineMeetings.Read_: Retrieve the properties and relationships of an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) (`GET /beta/communications/onlinemeetings/{default id}`). -* _OnlineMeetings.ReadWrite_: Create an [online meeting](/graph/api/application-post-onlinemeetings?view=graph-rest-beta&preserve-view=true) (`POST /beta/communications/onlinemeetings`). +### ExternalConnection.Read.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1914711b-a1cb-4793-b019-c2ce0ed21b8c | a38267a5-26b6-4d76-9493-935b7599116b +| DisplayText | Read all external connections | Read all external connections +| Description | Allows the app to read all external connections without a signed-in user. | Allows the app to read all external connections on behalf of a signed-in user. The signed-in user must be an administrator. +| AdminConsentRequired | Yes | Yes -* _OnlineMeetings.Read.All_ - * Retrieve the properties and relationships of an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) (`GET /beta/communications/onlinemeetings/?$filter=VideoTeleconferenceId%20eq%20'{id}'`). - * Retrieve an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) on behalf of a user (`GET /beta/users/{userId}/onlineMeetings/{id}) -* _OnlineMeetings.ReadWrite.All_ - * Create an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) on behalf of a user (`POST /beta/users/{userId}/onlineMeetings/) - * Update an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) on behalf of a user (`PATCH /beta/users/{userId}/onlineMeetings/{id}) - * Delete an [online meeting](/graph/api/onlinemeeting-get?view=graph-rest-beta&preserve-view=true) on behalf of a user (`DELETE /beta/users/{userId}/onlineMeetings/{id}) +--- -> **Note**: Creating an [online meeting](/graph/api/application-post-onlinemeetings?view=graph-rest-beta&preserve-view=true) creates a meeting on behalf of a user, but does not show it on the user's Calendar. +### ExternalConnection.ReadWrite.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 34c37bc0-2b40-4d5e-85e1-2365cd256d79 | bbbbd9b3-3566-4931-ac37-2b2180d9e334 +| DisplayText | Read and write all external connections | Read and write all external connections +| Description | Allows the app to read and write all external connections without a signed-in user. | Allows the app to read and write all external connections on behalf of a signed-in user. The signed-in user must be an administrator. +| AdminConsentRequired | Yes | Yes --- -## On-premises directory synchronization permissions +### ExternalConnection.ReadWrite.OwnedBy -### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f431331c-49a6-499f-be1c-62af19c34a9d | 4082ad95-c812-4f02-be92-780c4c4f1830 +| DisplayText | Read and write external connections | Read and write external connections +| Description | Allows the app to read and write external connections without a signed-in user. The app can only read and write external connections that it is authorized to, or it can create new external connections. | Allows the app to read and write settings of external connections on behalf of a signed-in user. The signed-in user must be an administrator. The app can only read and write settings of connections that it is authorized to. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| :------------------------------------------- | :------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | :-------------------------- | -| OnPremDirectorySynchronization.Read.All | Read all on-premises directory synchronization information | Allows the app to read all on-premises directory synchronization information for the organization, on behalf of the signed-in user | Yes | No | -| OnPremDirectorySynchronization.ReadWrite.All | Read and write all on-premises directory synchronization information | Allows the app to read and write all on-premises directory synchronization information for the organization, on behalf of the signed-in user | Yes | No | +--- -### Application permissions +### ExternalItem.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -| :------------------------------------------- | :------------------------------------------------------------------- | :------------------------------------------------------------------------------------------------------------------------------------- | :--------------------- | :-------------------------- | -| OnPremDirectorySynchronization.Read.All | Read all on-premises directory synchronization information | Allows the app to read all on-premises directory synchronization information for the organization, without a signed-in user. | Yes | No | -| OnPremDirectorySynchronization.ReadWrite.All | Read and write all on-premises directory synchronization information | Allows the app to read and write all on-premises directory synchronization information for the organization, without a signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7a7cffad-37d2-4f48-afa4-c6ab129adcc2 | 922f9392-b1b7-483c-a4be-0089be7704fb +| DisplayText | Read all external items | Read items in external datasets +| Description | Allows the app to read all external items without a signed-in user. | Allow the app to read external datasets and content, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## On-premises publishing profiles permissions +### ExternalItem.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 38c3d6ee-69ee-422f-b954-e17819665354 | b02c54f8-eb48-4c50-a9f0-a149e5a2012f +| DisplayText | Read and write items in external datasets | Read and write all external items +| Description | Allow the app to read or write items in all external datasets that the app is authorized to access | Allows the app to read and write all external items on behalf of a signed-in user. The signed-in user must be an administrator. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| OnPremisesPublishingProfiles.ReadWrite.All | Access On-Premises Publishing Profiles| Allows the app to manage hybrid identity service configuration by creating, viewing, updating and deleting on-premises published resources, on-premises agents and agent groups, on behalf of the signed-in user. | No | No | +--- -#### Application permissions +### ExternalItem.ReadWrite.OwnedBy -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| OnPremisesPublishingProfiles.ReadWrite.All | Access On-Premises Publishing Profiles| Allows the app to create, view, update and delete on-premises published resources, on-premises agents and agent groups, as part of a hybrid identity configuration, without a signed in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8116ae0f-55c2-452d-9944-d18420f5b2c8 | 4367b9d7-cee7-4995-853c-a0bdfe95c1f9 +| DisplayText | Read and write external items | Read and write external items +| Description | Allows the app to read and write external items without a signed-in user. The app can only read external items of the connection that it is authorized to. | Allows the app to read and write external items on behalf of a signed-in user. The signed-in user must be an administrator. The app can only read external items of the connection that it is authorized to. +| AdminConsentRequired | Yes | Yes --- -## OpenID Connect (OIDC) scopes +### Family.Read -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _email_ | View users' email address | Allows the app to read your users' primary email address. | No | Yes | -| _offline_access_ | Access user's data anytime | Allows the app to read and update user data, even when they are not currently using the app.| No | Yes | -| _openid_ | Sign users in | By using this permission, an app can receive a unique identifier for the user in the form of the sub claim. The permission also gives the app access to the UserInfo endpoint. The openid scope can be used at the Microsoft identity platform token endpoint to acquire ID tokens. The app can use these tokens for authentication.| No | Yes | -| _profile_ | View users' basic profile | Allows the app to see your users' basic profile (name, picture, user name).| No | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 3a1e4806-a744-4c70-80fc-223bf8582c46 +| DisplayText | - | Read your family info +| Description | - | Allows the app to read your family information, members and their basic profile. +| AdminConsentRequired | - | No -### Remarks -You can use these scopes to specify artifacts that you want returned in Azure AD authorization and token requests. They are supported differently by the Azure AD v1.0 and v2.0 endpoints. +--- -With the Azure AD v1.0 endpoint, only the _openid_ scope is used. You specify it in the *scope* parameter in an authorization request to return an ID token when you use the OpenID Connect protocol to sign in a user to your app. For more information, see [Authorize access to web applications using OpenID Connect and Azure Active Directory](/azure/active-directory/develop/active-directory-protocols-openid-connect-code). To successfully return an ID token, you must also make sure that the _User.Read_ permission is configured when you register your app. +### Files.Read -With the Azure AD v2.0 endpoint, you specify the _offline\_access_ scope in the _scope_ parameter to explicitly request a refresh token when using the OAuth 2.0 or OpenID Connect protocols. With OpenID Connect, you specify the _openid_ scope to request an ID token. You can also specify the _email_ scope, _profile_ scope, or both to return additional claims in the ID token. You do not need to specify the _User.Read_ permission to return an ID token with the v2.0 endpoint. For more information, see [OpenID Connect scopes](/azure/active-directory/develop/active-directory-v2-scopes#openid-connect-scopes). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 10465720-29dd-4523-a11a-6a75c743c9d9 +| DisplayText | - | Read user files +| Description | - | Allows the app to read the signed-in user's files. +| AdminConsentRequired | - | No -> [!IMPORTANT] -> -> The Microsoft Authentication Library (MSAL) currently specifies _offline\_access_, _openid_, _profile_, and _email_ by default in authorization and token requests. This means that, for the default case, if you specify these scopes explicitly, Azure AD may return an error. +[!INCLUDE [Files.Read](../includes/permissions-notes/Files.Read.md)] --- -## Organization permissions +### Files.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 01d4889c-1287-42c6-ac1f-5d1e02578ef6 | df85f4d6-205c-4ac5-a5ea-6bf408dba283 +| DisplayText | Read files in all site collections | Read all files that user can access +| Description | Allows the app to read all files in all site collections without a signed in user. | Allows the app to read all files the signed-in user can access. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Organization.Read.All_ |Read organization information | Allows the app to read the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed SKUs and tenant branding information.|Yes | No | -| _Organization.ReadWrite.All_ |Read and write organization information | Allows the app to read and write the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed SKUs and tenant branding information. |Yes | No | +--- + +### Files.Read.Selected -
+| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5447fe39-cb82-4c1a-b977-520e67e724eb +| DisplayText | - | Read files that the user selects (preview) +| Description | - | (Preview) Allows the app to read files that the user selects. The app has access for several hours after the user selects a file. +| AdminConsentRequired | - | No -#### Application permissions +[!INCLUDE [Files.Read.Selected](../includes/permissions-notes/Files.Read.Selected.md)] -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Organization.Read.All_ |Read organization information | Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed SKUs and tenant branding information. | Yes | -| _Organization.ReadWrite.All_ |Read and write organization information | Allows the app to read and write the organization and related resources, without a signed-in user. Related resources include things like subscribed SKUs and tenant branding information. |Yes | +--- +### Files.ReadWrite -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5c28f0bf-8a70-41f1-8ab2-9032436ddb65 +| DisplayText | - | Have full access to user files +| Description | - | Allows the app to read, create, update and delete the signed-in user's files. +| AdminConsentRequired | - | No -#### Delegated +[!INCLUDE [Files.ReadWrite](../includes/permissions-notes/Files.ReadWrite.md)] -* _Organization.Read.All_: Get organization information (`GET /organization`). -* _Organization.Read.All_: Get the SKUs that the organization has subscribed to (`GET /subscribedSkus`). +--- -#### Application +### Files.ReadWrite.All -* _Organization.ReadWrite.All_: Update organization information (such as **technicalNotificationMails**) (`PATCH /organization/{id}`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 75359482-378d-4052-8f01-80520e7db3cd | 863451e7-0667-486c-a5d6-d135439485f0 +| DisplayText | Read and write files in all site collections | Have full access to all files user can access +| Description | Allows the app to read, create, update and delete all files in all site collections without a signed in user. | Allows the app to read, create, update and delete all files the signed-in user can access. +| AdminConsentRequired | Yes | No --- -## Organizational contact permissions +### Files.ReadWrite.AppFolder -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 8019c312-3263-48e6-825e-2b833497195b +| DisplayText | - | Have full access to the application's folder (preview) +| Description | - | (Preview) Allows the app to read, create, update and delete files in the application's folder. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _OrgContact.Read.All_ | Read organizational contacts|Allows the app to read all organizational contacts on behalf of the signed-in user. These contacts are managed by the organization and are different from a user's personal contacts.|Yes | No | +--- -
+### Files.ReadWrite.Selected -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 17dde5bd-8c17-420f-a486-969730c1b827 +| DisplayText | - | Read and write files that the user selects (preview) +| Description | - | (Preview) Allows the app to read and write files that the user selects. The app has access for several hours after the user selects a file. +| AdminConsentRequired | - | No -|Permission |Display String |Description |Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _OrgContact.Read.All_ |Read organizational contacts | Allows the app to read all organizational contacts without a signed-in user. These contacts are managed by the organization and are different from a user's personal contacts. | Yes | +[!INCLUDE [Files.ReadWrite.Selected](../includes/permissions-notes/Files.ReadWrite.Selected.md)] -### Example usage +--- -#### Delegated +### Financials.ReadWrite.All -* _OrgContact.Read.All_: Get all organizational contacts (`GET /contacts`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f534bf13-55d4-45a9-8f3c-c92fe64d6131 +| DisplayText | - | Read and write financials data +| Description | - | Allows the app to read and write financials data on behalf of the signed-in user. +| AdminConsentRequired | - | No --- -## People permissions +### Goals-Export.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 092211d9-ca1a-427b-813e-b79c7653fe71 +| DisplayText | - | Read all goals and export jobs that a user can access +| Description | - | Allows the app to read all goals and export jobs that the signed-in user can access. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _People.Read_ | Read users' relevant people lists | Allows the app to read a scored list of people relevant to the signed-in user. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). | No | Yes | -| _People.Read.All_ | Read all users' relevant people lists | Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Also allows the app to search the entire directory of the signed-in user's organization. | Yes | No | +--- -#### Application permissions +### Goals-Export.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _People.Read.All_ | Read all users' relevant people lists | Allows the app to read a scored list of people relevant to the signed-in user or other users in the signed-in user's organization.

The list can include local contacts, contacts from social networking or your organization's directory, and people from recent communications (such as email and Skype). Also allows the app to search the entire directory of the signed-in user's organization. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2edeb9fd-4228-480c-a26d-2ed52011cf3d +| DisplayText | - | Have full access to all goals and export jobs a user can access +| Description | - | Allows the app to read goals, create and read export jobs that the signed-in user can access. +| AdminConsentRequired | - | Yes -### Remarks +--- -The People.Read.All permission is only valid for work and school accounts. +### Group.Create -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | bf7b1a76-6e77-406b-b258-bf5c7720e98f | - +| DisplayText | Create groups | - +| Description | Allows the app to create groups without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Delegated -* _People.Read_: Read a list of relevant people (`GET /me/people`) -* _People.Read.All_: Read a list of relevant people to another user in the same organization (`GET /users('{id})/people`) +--- -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +### Group.Read.All ---- +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5b567255-7703-4780-807c-7be8301ae99b | 5f8c59db-677d-491f-a6b8-5f174b11ec1d +| DisplayText | Read all groups | Read all groups +| Description | Allows the app to read group properties and memberships, and read conversations for all groups, without a signed-in user. | Allows the app to list groups, and to read their properties and all group memberships on behalf of the signed-in user. Also allows the app to read calendar, conversations, files, and other group content for all groups the signed-in user can access. +| AdminConsentRequired | Yes | Yes -## People settings permissions +[!INCLUDE [Group.Read.All](../includes/permissions-notes/Group.Read.All.md)] -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _PeopleSettings.Read.All_ | Read tenant-wide people settings | Allows the application to read tenant-wide people settings on behalf of the signed-in user. | Yes | No | -| _PeopleSettings.ReadWrite.All_ | Read and write tenant-wide people settings | Allows the application to read and write tenant-wide people settings on behalf of the signed-in user. | Yes | No | +### Group.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 62a82d76-70ea-41e2-9197-370581804d09 | 4e46008b-f24c-477d-8fff-7bb4ec7aafe0 +| DisplayText | Read and write all groups | Read and write all groups +| Description | Allows the app to create groups, read all group properties and memberships, update group properties and memberships, and delete groups. Also allows the app to read and write conversations. All of these operations can be performed by the app without a signed-in user. | Allows the app to create groups and read all group properties and memberships on behalf of the signed-in user. Additionally allows group owners to manage their groups and allows group members to update group content. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _PeopleSettings.Read.All_ | Read all tenant-wide people settings | Allows the application to read tenant-wide people settings without a signed-in user. | Yes | -| _PeopleSettings.ReadWrite.All_ | Read and write all tenant-wide people settings | Allows the application to read and write tenant-wide people settings without a signed-in user. | Yes | +[!INCLUDE [Group.ReadWrite.All](../includes/permissions-notes/Group.ReadWrite.All.md)] --- -## Privileged access permissions +### GroupMember.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 98830695-27a2-44f7-8c18-0c3ebc9698f6 | bc024368-1153-4739-b217-4326f2e966d0 +| DisplayText | Read all group memberships | Read group memberships +| Description | Allows the app to read memberships and basic group properties for all groups without a signed-in user. | Allows the app to list groups, read basic group properties and read membership of all groups the signed-in user has access to. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:---------- |:-------------- |:----------- |:---------------------- |:----------------- | -| _PrivilegedAccess.ReadWrite.AzureAD_ |Read and write Privileged Identity Management data for Directory | Allows the app to have read and write access to Privileged Identity Management APIs for Azure AD. | Yes | No | -| _PrivilegedAccess.ReadWrite.AzureADGroup_ |Read and write Privileged Identity Management data for privileged access groups | Allows the app to have read and write access to Privileged Identity Management APIs for groups. | Yes | No | -| _PrivilegedAccess.ReadWrite.AzureResources_ |Read and write Privileged Identity Management data for Azure Resources | Allows the app to have read and write access to Privileged Identity Management APIs for Azure resources. | Yes | No | -| _PrivilegedAssignmentSchedule.Read.AzureADGroup_ |Read assignment schedules for access to Azure AD groups | Allows the app to read time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. | Yes | No | -| _PrivilegedEligibilitySchedule.Read.AzureADGroup_ |Read eligibility schedules for access to Azure AD groups | Allows the app to read time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. | Yes | No | -| _PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup_ |Read, create, and delete assignment schedules for access to Azure AD groups| Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. | Yes | No | -| _PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup_ |Read, create, and delete eligibility schedules for access to Azure AD groups | Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### GroupMember.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:---------- |:-------------- |:----------- |:---------------------- | -| _PrivilegedAccess.Read.AzureAD_ |Read Privileged Identity Management data for Directory | Allows the app to have read access to Privileged Identity Management APIs for Azure AD. | Yes | -| _PrivilegedAccess.Read.AzureADGroup_ |Read Privileged Identity Management data for privileged access groups | Allows the app to have read access to Privileged Identity Management APIs for groups. | Yes | -| _PrivilegedAccess.Read.AzureResources_ |Read Privileged Identity Management data for Azure resources | Allows the app to have read access to Privileged Identity Management APIs for Azure AD resources. | Yes | -| _PrivilegedAssignmentSchedule.Read.AzureADGroup_ |Read assignment schedules for access to Azure AD groups | Allows the app to read time-based assignment schedules for access to Azure AD groups, without a signed-in user. | Yes | -| _PrivilegedEligibilitySchedule.Read.AzureADGroup_ |Read eligibility schedules for access to Azure AD groups | Allows the app to read time-based eligibility schedules for access to Azure AD groups, without a signed-in user. | Yes | -| _PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup_ |Read, create, and delete assignment schedules for access to Azure AD groups| Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, without a signed-in user. | Yes | -| _PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup_ |Read, create, and delete eligibility schedules for access to Azure AD groups | Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | dbaae8cf-10b5-4b86-a4a1-f871c94c6695 | f81125ac-d3b7-4573-a3b2-7099cc39df9e +| DisplayText | Read and write all group memberships | Read and write group memberships +| Description | Allows the app to list groups, read basic properties, read and update the membership of the groups this app has access to without a signed-in user. Group properties and owners cannot be updated and groups cannot be deleted. | Allows the app to list groups, read basic properties, read and update the membership of the groups the signed-in user has access to. Group properties and owners cannot be updated and groups cannot be deleted. +| AdminConsentRequired | Yes | Yes --- -## Places permissions +### IdentityProvider.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | e321f0bb-e7f7-481e-bb28-e3b0b32d4bd0 | 43781733-b5a7-4d1b-98f4-e8edff23e1a9 +| DisplayText | Read identity providers | Read identity providers +| Description | Allows the app to read your organization’s identity (authentication) providers’ properties without a signed in user. | Allows the app to read your organization’s identity (authentication) providers’ properties on behalf of the user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Place.Read.All_ | Read all company places | Allows the app to read company places (conference rooms and room lists) set up in Exchange Online for the tenant. |Yes | No | -| _Place.ReadWrite.All_ | Read and write all company places | Allows the app to read and write company places (conference rooms and room lists) set up in Exchange Online for the tenant. |Yes | No | +--- -#### Application permissions +### IdentityProvider.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Place.Read.All_ | Read all company places | Allows the app to read company places (conference rooms and room lists) for calendar events and other applications.| Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 90db2b9a-d928-4d33-a4dd-8442ae3d41e4 | f13ce604-1677-429f-90bd-8a10b9f01325 +| DisplayText | Read and write identity providers | Read and write identity providers +| Description | Allows the app to read and write your organization’s identity (authentication) providers’ properties without a signed in user. | Allows the app to read and write your organization’s identity (authentication) providers’ properties on behalf of the user. +| AdminConsentRequired | Yes | Yes --- -## Policy permissions - -#### Delegated permissions +### IdentityRiskEvent.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Policy.Read.All_ | Read your organization's policies | Allows the app to read your organization's policies on behalf of the signed-in user. | Yes | No | -| _Policy.Read.PermissionGrant_ | Read consent and permission grant policies | Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.AccessReview_ | Read and write your organization's access review policy | Allows the app to read and write your organization's access review policy on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.ApplicationConfiguration_ | Read and write your organization's application configuration policies | Allows the app to read and write your organization's application configuration policies on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.AuthenticationFlows_ | Read and write your organization's authentication flow policies | Allows the app to read and write the authentication flow policies, on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.AuthenticationMethod_ | Read and write authentication method policies | Allows the app to read and write the authentication method policies, on behalf of the signed-in user. The signed-in user must also be assigned the Global Administrator role. | Yes | No | -| _Policy.ReadWrite.Authorization_ | Read and write your organization's authorization policy | Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. | Yes | No | -| _Policy.ReadWrite.ConditionalAccess_ | Read and write your organization's conditional access policies | Allows the app to read and write your organization's conditional access policies on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.ConsentRequest_ | Read and write your organization's consent requests policy | Allows the app to read and write your organization's consent requests policy on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.CrossTenantAccess_ | Read and write your organization's cross-tenant access policy | Allows the app to read and write your organization's cross-tenant access policy on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.FeatureRollout_ | Read and write your organization's feature rollout policies | Allows the app to read and write your organization's feature rollout policies on behalf of the signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. | Yes | No | -| _Policy.ReadWrite.PermissionGrant_ | Manage consent and permission grant policies | Allows the app to manage policies related to consent and permission grants for applications, on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.SecurityDefaults_ | Read and write your organization's security defaults policy | Allows the app to read and write your organization's security defaults policy on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.TrustFramework_ | Read and write your organization's trust framework policies | Allows the app to read and write your organization's trust framework policies on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.AuthenticationMethod_ | Read and write your organization's authentication method policies | Allows the app to read and write the authentication method policies, on behalf of the signed-in user. | Yes | No | -| _Policy.ReadWrite.MobilityManagement_ | Read and write your organization's mobility management policies. | Allows the app to read and write the mobility management policies on behalf of the signed-in user. These control the settings for mobile device management (MDM) and mobile application management (MAM) applications. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6e472fd1-ad78-48da-a0f0-97ab2c6b769e | 8f6a01e7-0391-4ee5-aa22-a3af122cef27 +| DisplayText | Read all identity risk event information | Read identity risk event information +| Description | Allows the app to read the identity risk event information for your organization without a signed in user. | Allows the app to read identity risk event information for all users in your organization on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Policy.Read.All_ | Read your organization's policies | Allows the app to read all your organization's policies without a signed-in user. | Yes | -| _Policy.Read.PermissionGrant_ | Read consent and permission grant policies | Allows the app to read policies related to consent and permission grants for applications, without a signed-in user. | Yes | -| _Policy.ReadWrite.AccessReview_ | Read and write your organization's access review policy | Allows the app to read and write your organization's access review policy, without a signed-in user. | Yes | -| _Policy.ReadWrite.ApplicationConfiguration_ | Read and write your organization's application configuration policies | Allows the app to read and write your organization's application configuration policies, without a signed-in user. | Yes | -| _Policy.ReadWrite.AuthenticationFlows_ | Read and write your organization's authentication flow policies | Allows the app to read and write the authentication flow policies for the tenant, without a signed-in user. | Yes | -| _Policy.ReadWrite.AuthenticationMethod_ | Read and write all authentication method policies | Allows the app to read and write all authentication method policies for the tenant, without a signed-in user. | Yes | -| _Policy.ReadWrite.Authorization_ | Read and write your organization's authorization policy | Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. | Yes | -| _Policy.ReadWrite.ConsentRequest_ | Read and write your organization's consent requests policy | Allows the app to read and write your organization's consent requests policy without a signed-in user. | Yes | -| _Policy.ReadWrite.CrossTenantAccess_ | Read and write your organization's cross-tenant access policy | Allows the app to read and write your organization's cross-tenant access policy without a signed-in user. | Yes | -| _Policy.ReadWrite.FeatureRollout_ | Read and write feature rollout policies | Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. | Yes | -| _Policy.ReadWrite.PermissionGrant_ | Manage consent and permission grant policies | Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user. | Yes | -| _Policy.ReadWrite.SecurityDefaults_ | Read and write your organization's security defaults policy | Allows the app to read and write your organization's security defaults policy without a signed-in user. | Yes | -| _Policy.ReadWrite.TrustFramework_ | Read and write your organization's trust framework policies | Allows the app to read and write your organization's trust framework policies without a signed-in user. | Yes | +### IdentityRiskEvent.ReadWrite.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | db06fb33-1953-4b7b-a2ac-f1e2c854f7ae | 9e4862a5-b68f-479e-848a-4e07e25c9916 +| DisplayText | Read and write all risk detection information | Read and write risk event information +| Description | Allows the app to read and update identity risk detection information for your organization without a signed-in user. Update operations include confirming risk event detections.  | Allows the app to read and update identity risk event information for all users in your organization on behalf of the signed-in user. Update operations include confirming risk event detections.  +| AdminConsentRequired | Yes | Yes -The following usages are valid for both delegated and application permissions: +--- -* _Policy.Read.All_: Read your organization's policies (`GET /policies`) -* _Policy.Read.All_: Read your organization's trust framework policies (`GET /beta/trustFramework/policies`) -* _Policy.Read.All_: Read your organization's feature rollout policies (`GET /beta/directory/featureRolloutPolicies`) -* _Policy.ReadWrite.AccessReview_: Read and write your organization's access review policies (`PATCH /beta/policies/accessReviewPolicy`) -* _Policy.ReadWrite.ApplicationConfiguration_: Read and write your organization's application configuration policies (`POST /beta/policies/tokenLifetimePolicies`) -* _Policy.ReadWrite.AuthenticationFlows_: Read and write your organization's authentication flows policy (`PATCH /beta/policies/authenticationFlowsPolicy`) -* _Policy.ReadWrite.AuthenticationMethod_: Use this permission to manage the settings of the authentication methods policy, including enabling and disabling authentication methods, allowing users and groups to use those methods, and configuring other settings related to the authentication methods that users may register and use in a tenant. -* _Policy.ReadWrite.ConditionalAccess_: Read and write your organization's conditional access policies (`POST /beta/identity/conditionalAccess/policies`) -* _Policy.ReadWrite.CrossTenantAccess_: Read and write your organization's cross tenant access policy (`PATCH /beta/policies/crossTenantAccessPolicy`) -* _Policy.ReadWrite.FeatureRollout_: Read and write your organization's feature rollout policies (`POST /beta/directory/featureRolloutPolicies`) -* _Policy.ReadWrite.SecurityDefaults_: Read and write your organization's security defaults policy (`PATCH /beta/policies/identitySecurityDefaultsEnforcementPolicy`) -* _Policy.ReadWrite.TrustFramework_: Read and write your organization's trust framework policies (`POST /beta/trustFramework/policies`) +### IdentityRiskyServicePrincipal.Read.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 607c7344-0eed-41e5-823a-9695ebe1b7b0 | ea5c4ab0-5a73-4f35-8272-5d5337884e5d +| DisplayText | Read all identity risky service principal information | Read all identity risky service principal information +| Description | Allows the app to read all risky service principal information for your organization, without a signed-in user. | Allows the app to read all identity risky service principal information for your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Presence permissions +### IdentityRiskyServicePrincipal.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | cb8d6980-6bcb-4507-afec-ed6de3a2d798 | bb6f654c-d7fd-4ae3-85c3-fc380934f515 +| DisplayText | Read and write all identity risky service principal information | Read and write all identity risky service principal information +| Description | Allows the app to read and update identity risky service principal for your organization, without a signed-in user. | Allows the app to read and update identity risky service principal information for all service principals in your organization, on behalf of the signed-in user. Update operations include dismissing risky service principals. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Presence.Read_ | Read user's presence information | Allows the app to read presence information on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. | No | -| _Presence.Read.All_ | Read presence information of all users in your organization | Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. | No | -| _Presence.ReadWrite_ | Read and write a user's presence information | Allows the app to read the presence information and write activity and availability on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. | Yes | - -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _Presence.ReadWrite.All_ | Read and write presence information for all users | Allows the app to read all presence information and write activity and availability of all users in the directory without a signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. | Yes | +--- -### Example usage +### IdentityRiskyUser.Read.All -* _Presence.Read_: If you're signed in, retrieve your own presence information (`GET /me/presence`) -* _Presence.Read.All_: Retrieve the presence information of another user (`GET /users/{id}/presence`) -* _Presence.Read.All_: Retrieve the presence information of multiple users (`POST /communications/getPresencesByUserId`) -* _Presence.ReadWrite_: - * If you're signed in, set the state of your presence session (`POST /me/presence/setPresence`) - * If you're signed in, set your own preferred presence (`POST /me/presence/setUserPreferredPresence`) -* _Presence.ReadWrite.All_: - * Set the state of a user's presence session as an application (`POST /users/{id}/presence/setPresence`) - * Set the preferred presence of a user as an application (`POST /users/{id}/presence/setUserPreferredPresence`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | dc5007c0-2d7d-4c42-879c-2dab87571379 | d04bb851-cb7c-4146-97c7-ca3e71baf56c +| DisplayText | Read all identity risky user information | Read identity risky user information +| Description | Allows the app to read the identity risky user information for your organization without a signed in user. | Allows the app to read identity risky user information for all users in your organization on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Programs and program controls permissions +### IdentityRiskyUser.ReadWrite.All -#### Delegated permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ProgramControl.Read.All_ | Read all programs | Allows the app to read programs on behalf of the signed-in user. | Yes | No | -| _ProgramControl.ReadWrite.All_ | Manage all programs | Allows the app to read and write programs on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 656f6061-f9fe-4807-9708-6a2e0934df76 | e0a7cdbb-08b0-4697-8264-0069786e9674 +| DisplayText | Read and write all risky user information | Read and write risky user information +| Description | Allows the app to read and update identity risky user information for your organization without a signed-in user.  Update operations include dismissing risky users. | Allows the app to read and update identity risky user information for all users in your organization on behalf of the signed-in user. Update operations include dismissing risky users. +| AdminConsentRequired | Yes | Yes +--- -#### Application permissions +### IdentityUserFlow.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------| -| _ProgramControl.Read.All_ | Read all programs | Allows the app to read programs without a signed-in user. | Yes | -| _ProgramControl.ReadWrite.All_ | Manage all programs | Allows the app to read and write programs without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1b0c317f-dd31-4305-9932-259a8b6e8099 | 2903d63d-4611-4d43-99ce-a33f3f52e343 +| DisplayText | Read all identity user flows | Read all identity user flows +| Description | Allows the app to read your organization's user flows, without a signed-in user. | Allows the app to read your organization's user flows, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -_ProgramControl.Read.All_ and _ProgramControl.ReadWrite.All_ are valid only for work or school accounts. +### IdentityUserFlow.ReadWrite.All -For an app with delegated permissions to read programs and program controls, the signed-in user must be a member of one of the following administrator roles: Global Administrator, Security Administrator, Security Reader or User Administrator. For an app with delegated permissions to write programs and program controls, the signed-in user must be a member of one of the following administrator roles: Global Administrator or User Administrator. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 65319a09-a2be-469d-8782-f6b07debf789 | 281892cc-4dbf-4e3a-b6cc-b21029bb4e82 +| DisplayText | Read and write all identity user flows | Read and write all identity user flows +| Description | Allows the app to read or write your organization's user flows, without a signed-in user. | Allows the app to read or write your organization's user flows, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Records management permissions +--- -#### Delegated permissions +### IMAP.AccessAsUser.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_RecordsManagement.Read.All_ |Read Records Management configuration, labels, and policies |Allows the application to read any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user. |Yes | -|_RecordsManagement.ReadWrite.All_ | Read and write Records Management configuration, labels, and policies | Allows the application to create, update and delete any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user. |Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 652390e4-393a-48de-9484-05f9b1212954 +| DisplayText | - | Read and write access to mailboxes via IMAP. +| Description | - | Allows the app to have the same access to mailboxes as the signed-in user via IMAP protocol. +| AdminConsentRequired | - | No -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_RecordsManagement.Read.All_ |Read Records Management configuration, labels and policies |Allows the application to read any data from Records Management, such as configuration, labels, and policies without the signed in user. |Yes | -|_RecordsManagement.ReadWrite.All_ | Read and write Records Management configuration, labels and policies |Allows the application to create, update and delete any data from Records Management, such as configuration, labels, and policies without the signed in user. |Yes | +### IndustryData.ReadBasic.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4f5ac95f-62fd-472c-b60f-125d24ca0bc5 | 60382b96-1f5e-46ea-a544-0407e489e588 +| DisplayText | View basic service and resource information | Read basic Industry Data service and resource definitions +| Description | Allows the app to read basic service and resource information without a signed-in user. | Allows the app to read basic Industry Data service and resource information on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -#### Delegated +--- -* _RecordsManagement.Read.All_: Get the list of labels available to the user from Microsoft Purview Records maangement (`GET /security/labels/retentionLabels`) -* _RecordsManagement.ReadWrite.All_: Create a label in Microsoft Purview Records managment (`POST /security/labels/retentionLabels/`) +### IndustryData-DataConnector.Read.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7ab52c2f-a2ee-4d98-9ebc-725e3934aae2 | d19c0de5-7ecb-4aba-b090-da35ebcd5425 +| DisplayText | View data connector definitions | View data connector definitions +| Description | Allows the app to read data connectors without a signed-in user. | Allows the app to read data connectors on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Reports permissions +### IndustryData-DataConnector.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | eda0971c-482e-4345-b28f-69c309cb8a34 | 5ce933ac-3997-4280-aed0-cc072e5c062a +| DisplayText | Manage data connector definitions | Manage data connector definitions +| Description | Allows the app to read and write data connectors without a signed-in user. | Allows the app to read and write data connectors on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Reports.Read.All_ | Read all usage reports | Allows an app to read all service usage reports on behalf of the signed-in user. Services that provide usage reports include Microsoft 365 and Azure Active Directory. | Yes | No | +--- + +### IndustryData-DataConnector.Upload -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9334c44b-a7c6-4350-8036-6bf8e02b4c1f | fc47391d-ab2c-410f-9059-5600f7af660d +| DisplayText | Upload files to a data connector | Upload files to a data connector +| Description | Allows the app to upload data files to a data connector without a signed-in user. | Allows the app to upload data files to a data connector on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Reports.Read.All_ | Read all usage reports | Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Microsoft 365 and Azure Active Directory. | Yes | +--- -### Remarks -- Reports permissions are only valid for work or school accounts. -- For delegated permissions to allow apps to read service usage reports on behalf of a user, the tenant administrator must have assigned the user an Azure AD limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](reportroot-authorization.md). +### IndustryData-InboundFlow.Read.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 305f6ba2-049a-4b1b-88bb-fe7e08758a00 | cb0774da-a605-42af-959c-32f438fb38f4 +| DisplayText | View inbound flow definitions | View inbound flow definitions +| Description | Allows the app to read inbound data flows without a signed-in user. | Allows the app to read inbound data flows on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application +--- -* _Reports.Read.All_: Read usage detail report of email apps with period of 7 days (`GET /reports/EmailAppUsage(view='Detail',period='D7')/content`). -* _Reports.Read.All_: Read activity detail report of email with date of '2017-01-01' (`GET /reports/EmailActivity(view='Detail',data='2017-01-01')/content`). -* _Reports.Read.All_: Read Microsoft 365 activations detail report (`GET /reports/Office365Activations(view='Detail')/content`). +### IndustryData-InboundFlow.ReadWrite.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | e688c61f-d4c6-4d64-a197-3bcf6ba1d6ad | 97044676-2cec-40ee-bd70-38df444c9e70 +| DisplayText | Manage inbound flow definitions | Manage inbound flow definitions +| Description | Allows the app to read and write inbound data flows without a signed-in user. | Allows the app to read and write inbound data flows on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Role management permissions +### IndustryData-ReferenceDefinition.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6ee891c3-74a4-4148-8463-0c834375dfaf | a3f96ffe-cb84-40a8-ac85-582d7ef97c2a +| DisplayText | View reference definitions | View reference definitions +| Description | Allows the app to read reference definitions without a signed-in user. | Allows the app to read reference definitions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _RoleAssignmentSchedule.Read.Directory_ | Read all active role assignments for your company's directory. | Allows the app to read the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles. | Yes | No | -| _RoleEligibilitySchedule.Read.Directory_ | Read all eligible role assignments for your company's directory. | Allows the app to read the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles. | Yes | No | -| _RoleManagement.Read.All_ | Read role management data for all RBAC providers. | Allows the app to read the role-based access control (RBAC) settings for all supported [RBAC providers](/graph/api/resources/rolemanagement?view=graph-rest-beta&preserve-view=true), on behalf of the signed-in user. This includes reading role definitions and role assignments. | Yes | No | -| _RoleManagement.Read.Directory_ | Read role management data for Azure AD. | Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, directory roles and memberships. | Yes | No | -| _RoleManagementAlert.Read.Directory_ | Read all alert data for your company's directory. | Allows the app to read the role-based access control (RBAC) alerts for your company's directory, on behalf of the signed-in user. This includes reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Yes | No | -| _RoleManagementPolicy.Read.Directory_ | Read all policies for privileged role assignments for your company's directory. | Allows the app to read policies for privileged role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. | Yes | No | -| _RoleManagementPolicy.Read.AzureADGroup_ | Read all policies in PIM for groups. | Allows the app to read policies in Privileged Identity Management for groups, on behalf of the signed-in user. | Yes | No | -| _RoleManagement.Read.Exchange_ | Read Exchange Online RBAC configuration | Allows the app to read the role-based access control (RBAC) settings for your organization's Exchange Online service, on behalf of the signed-in user. This includes reading Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. | Yes | No | -| _RoleAssignmentSchedule.ReadWrite.Directory_ | Read, update, and delete all active role assignments for your company's directory. | Allows the app to read and manage the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing active directory role membership, and reading directory role templates, directory roles and active memberships. | Yes | No | -| _RoleEligibilitySchedule.ReadWrite.Directory_ | Read, update, and delete all eligible role assignments for your company's directory. | Allows the app to read and manage the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships. | Yes | No | -| _RoleManagement.ReadWrite.Directory_ | Read and write role management data for Azure AD. | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. | Yes | No | -| _RoleManagementAlert.ReadWrite.Directory_ | Read all alert data, configure alerts, and take actions on all alerts for your company's directory. | Allows the app to read and manage the role-based access control (RBAC) alerts for your company's directory, on your behalf. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Yes | No | -| _RoleManagementPolicy.ReadWrite.Directory_ | Read, update, and delete all policies for privileged role assignments for your company's directory. | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. | Yes | No | -| _RoleManagementPolicy.ReadWrite.AzureADGroup_ | Read, update, and delete all policies in PIM for groups. | Allows the app to read, update, and delete policies in Privileged Identity Management for groups, on behalf of the signed-in user. | Yes | No | -| _RoleManagement.ReadWrite.Exchange_ | Read and write Exchange Online RBAC configuration | Allows the app to read and manage the role-based access control (RBAC) settings for your organization's Exchange Online service, on behalf of the signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. | Yes | No | +--- -#### Application permissions +### IndustryData-Run.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _RoleAssignmentSchedule.Read.Directory_ | Read all active role assignments and role schedules for your company's directory. | Allows the app to read the active role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes reading directory role templates, and directory roles. | Yes | -| _RoleEligibilitySchedule.Read.Directory_ | Read all eligible role assignments and role schedules for your company's directory. | Allows the app to read the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes reading directory role templates, and directory roles. | Yes | -| _RoleManagement.Read.All_ | Read role management data for all RBAC providers. | Allows the app to read the role-based access control (RBAC) settings for all supported [RBAC providers](/graph/api/resources/rolemanagement?view=graph-rest-beta&preserve-view=true), without a signed-in user. This includes reading role definitions and role assignments. | Yes | -| _RoleManagement.Read.Directory_ | Read role management data for Azure AD. | Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes reading directory role templates, directory roles and memberships. | Yes | -| _RoleAssignmentSchedule.ReadWrite.Directory_ | Read, update, and delete all policies for privileged role assignments of your company's directory. | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Yes | -| _RoleEligibilitySchedule.ReadWrite.Directory_ | Read, update, and delete all eligible role assignments and schedules for your company's directory. | Allows the app to read and manage the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships. | Yes | -| _RoleManagement.ReadWrite.Directory_ | Read and write role management data for Azure AD. | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. | Yes | -| _RoleManagementAlert.Read.Directory_ | Read all alert data for your company's directory. | Allows the app to read all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Yes | -| _RoleManagementPolicy.Read.Directory_ | Read all policies for privileged role assignments of your company's directory. | Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Yes | -| _RoleManagementPolicy.Read.AzureADGroup_ | Read all policies in PIM for groups. | Allows the app to read policies in Privileged Identity Management for groups, without a signed-in user. | Yes | -| _RoleManagementPolicy.ReadWrite.Directory_ | Read, update, and delete all policies for privileged role assignments of your company's directory. | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Yes | -| _RoleManagementPolicy.ReadWrite.AzureADGroup_ | Read, update, and delete all policies in PIM for groups. | Allows the app to read, update, and delete policies in Privileged Identity Management for groups, without a signed-in user. | Yes | -| _RoleManagementAlert.ReadWrite.Directory_ | Read all alert data, configure alerts, and take actions on all alerts for your company's directory. | Allows the app to read and manage all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | f6f5d10b-3024-4d1d-b674-aae4df4a1a73 | 92685235-50c4-4702-b2c8-36043db6fa79 +| DisplayText | View current and previous runs | View current and previous runs +| Description | Allows the app to read current and previous IndustryData runs without a signed-in user. | Allows the app to read current and previous IndustryData runs on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes +--- -### Remarks +### IndustryData-SourceSystem.Read.All -> [!CAUTION] -> Permissions that allow granting authorization, such as _RoleManagement.ReadWrite.Directory_, allow an application to grant itself, other applications, or any user, additional privileges. Use caution when granting any of these permissions. +| Category | Application | Delegated | +|--|--|--| +| Identifier | bc167a60-39fe-4865-8b44-78400fc6ed03 | 49b7016c-89ae-41e7-bd6f-b7170c5490bf +| DisplayText | View source system definitions | View source system definitions +| Description | Allows the app to read source system definitions without a signed-in user. | Allows the app to read source system definitions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -With the _RoleManagement.Read.Directory_ permission an application can read directoryRoles and directoryRoleTemplates. This includes reading membership information for directory roles. +--- -With the _RoleManagement.ReadWrite.Directory_ permission an application can read and write directoryRoles (directoryRoleTemplates are readonly resources). This includes adding and removing members to and from directory roles. +### IndustryData-SourceSystem.ReadWrite.All -Role management permissions are only valid for work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7d866958-e06e-4dd6-91c6-a086b3f5cfeb | 9599f005-05d6-4ea7-b1b1-4929768af5d0 +| DisplayText | Manage source system definitions | Manage source system definitions +| Description | Allows the app to read and write source system definitions without a signed-in user. | Allows the app to read and write source system definitions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Example usage +--- -- _RoleManagement.Read.Directory_: Read the list of available role templates (`GET /directoryRoleTemplates`) -- _RoleManagement.Read.Directory_: Read the list of activated roles in your directory (`GET /directoryRoles`) -- _RoleManagement.Read.Directory_: Read the list of members for a role (`GET /directoryRoles//members`) -- _RoleManagement.Read.Directory_: Read the list of administrative unit-scoped members for a role (`GET /directoryRoles//scopedMembers`) -- _RoleManagement.ReadWrite.Directory_: Activate a directory role from a role template (`POST /directoryRoles`) -- _RoleManagement.ReadWrite.Directory_: Add a member to a directory role (`POST /directoryRoles//members`) -- _RoleManagement.ReadWrite.Directory_: Add an administrative unit-scoped member to a directory role (`POST /directoryRoles//scopedMembers`) +### IndustryData-TimePeriod.Read.All -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7c55c952-b095-4c23-a522-022bce4cc1e3 | c9d51f28-8ccd-42b2-a836-fd8fe9ebf2ae +| DisplayText | Read time period definitions | Read time period definitions +| Description | Allows the app to read time period definitions without a signed-in user. | Allows the app to read time period definitions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Schedule management permissions +### IndustryData-TimePeriod.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7afa7744-a782-4a32-b8c2-e3db637e8de7 | b6d56528-3032-4f9d-830f-5a24a25e6661 +| DisplayText | Manage time period definitions | Manage time period definitions +| Description | Allows the app to read and write time period definitions without a signed-in user. | Allows the app to read and write time period definitions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Schedule.ReadWrite.All_ (private preview)| Read and Write Shifts service (Teams) data | Allows an app to read and write schedule, schedule groups, shifts, and associated entities in shifts applications without a signed-in user.| Yes | No | -| _Schedule.Read.All_ (private preview)| Read Shifts service (Teams) data | Allows the app to read schedule, schedule groups, shifts, and associated entities in shifts applications without a signed-in user. | Yes | No | - -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:-----------------------| -| _Schedule.ReadWrite.All_ | Read and Write Shifts service (Teams) data | Allows an app to read and write schedule, schedule groups, shifts, and associated entities in shifts applications on behalf of the signed-in user.| No | No | -| _Schedule.Read.All_ | Read Shifts service (Teams) data | Allows the app to read schedule, schedule groups, shifts, and associated entities in shifts applications on behalf of the signed-in user. | No | No | -| _WorkforceIntegration.ReadWrite.All_ (private preview)| Read and write workforce integrations | Allows the app to manage workforce integrations, to synchronize data from Microsoft Teams Shifts with an integrated system, on behalf of the signed-in user. | Yes | No | -| _WorkforceIntegration.Read.All_ (private preview)| Read and write workforce integrations | Allows the app to manage workforce integrations, to synchronize data from Microsoft Teams Shifts with an integrated system, on behalf of the signed-in user. | Yes | No | +### InformationProtectionConfig.Read -## Search permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 12f4bffb-b598-413c-984b-db99728f8b54 +| DisplayText | - | Read configurations for protecting organizational data applicable to the user +| Description | - | Allows the app to read the configurations applicable to the signed-in user for protecting organizational data, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ExternalConnection.Read.All_ | Read all external connections | Allows the app to read all external connections without a signed-in user. | Yes | No | -| _ExternalConnection.ReadWrite.All_ | Read and write all external connections | Allows the app to read and write all external connections without a signed-in user. | Yes | No | -| _ExternalConnection.ReadWrite.OwnedBy_ | Read and write external connections and connection settings | Allows the app to read and write external connections and their settings without a signed-in user. The app can only read and write external connections that it is authorized to, or it can create new external connections. | Yes | No | -| _ExternalItem.Read.All_ | Read all external items | Allows the app to read all external items without a signed-in user. | Yes | No | -| _ExternalItem.ReadWrite.All_ | Read and write all external items | Allows the app to read and write all external items without a signed-in user. | Yes | No | -| _ExternalItem.ReadWrite.OwnedBy_ | Read and write external items | Allows the app to read and write external items without a signed-in user. The app can only read external items of the connection that it is authorized to. | Yes | No | +--- -#### Delegated permissions +### InformationProtectionConfig.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:-----------------------| -| _Acronym.Read.All_ | Read all acronyms | Allows the app to read all acronyms on behalf of a signed-in user. | No | No | -| _Bookmark.Read.All_ | Read all bookmarks | Allows the app to read all bookmarks on behalf of a signed-in user. | No | No | -| _QnA.Read.All_ | Read all qnas | Allows the app to read all question and answer sets on behalf of a signed-in user. | No | No | -| _ExternalConnection.Read.All_ | Read all external connections | Allows the app to read all external connections on behalf of a signed-in user. | Yes | No | -| _ExternalConnection.ReadWrite.All_ | Read and write all external connections | Allows the app to read and write all external connections on behalf of a signed-in user. | Yes | No | -| _ExternalConnection.ReadWrite.OwnedBy_ | Read and write external connections | Allows the app to read and write external connections on behalf of a signed-in user. The app can only read and write external connections that it is authorized to, or it can create new external connections. | Yes | No | -| _ExternalItem.Read.All_ | Read external data | Allow the app to read external datasets and content on behalf of the signed-in user. | Yes | No | -| _ExternalItem.ReadWrite.All_ | Read and write all external items | Allows the app to read and write all external items on behalf of a signed-in user. | Yes | No | -| _ExternalItem.ReadWrite.OwnedBy_ | Read and write external items | Allows the app to read and write external items on behalf of a signed-in user. The app can only read external items of the connection that it is authorized to. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 14f49b9f-4bf2-4d24-b80e-b27ec58409bd | - +| DisplayText | Read all configurations for protecting organizational data applicable to users | - +| Description | Allows the app to read all configurations applicable to users for protecting organizational data, without a signed-in user. | - +| AdminConsentRequired | Yes | - -### Remarks -Search permissions are only valid for work or school accounts. +--- -This search permission is only applicable to ingested data from the indexing API. +### InformationProtectionContent.Sign.All -Access to data via search requires the read permission to the item. Ex : _Files.Read.All_ to access files via search. +| Category | Application | Delegated | +|--|--|--| +| Identifier | cbe6c7e4-09aa-4b8d-b3c3-2dbb59af4b54 | - +| DisplayText | Sign digests for data | - +| Description | Allows an app to sign digests for data without a signed-in user. | - +| AdminConsentRequired | Yes | - -### Example usage +--- -#### Delegated +### InformationProtectionContent.Write.All -* _ExternalItem.Read.All_ : Access external data from the [search API](/graph/api/resources/search-api-overview) (`POST /search/query`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 287bd98c-e865-4e8c-bade-1a85523195b9 | - +| DisplayText | Create protected content | - +| Description | Allows the app to create protected content without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Search configuration permissions - -#### Delegated permissions +### InformationProtectionPolicy.Read -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:-----------------------| -| _SearchConfiguration.Read.All_ | Read your organization's search configuration. | Allows the app to read search configuration, on behalf of the signed-in user. | Yes | No | -| _SearchConfiguration.ReadWrite.All_ | Read and write your organization's search configuration. | Allows the app to read and write search configurations, on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 4ad84827-5578-4e18-ad7a-86530b12f884 +| DisplayText | - | Read user sensitivity labels and label policies. +| Description | - | Allows an app to read information protection sensitivity labels and label policy settings, on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _SearchConfiguration.Read.All_ | Read your organization's search configuration. | Allows the app to read search configurations without a signed-in user. | Yes | -| _SearchConfiguration.ReadWrite.All_ | Read and write your organization's search configuration. | Allows the app to read and write search configurations without a signed-in user. | Yes | +--- +### InformationProtectionPolicy.Read.All -### Remarks -Search configuration permissions are only valid for work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 19da66cb-0fb0-4390-b071-ebc76a349482 | - +| DisplayText | Read all published labels and label policies for an organization. | - +| Description | Allows an app to read published sensitivity labels and label policy settings for the entire organization or a specific user, without a signed in user. | - +| AdminConsentRequired | Yes | - -### Example usage +--- -#### Delegated and Application +### Insights-GuestActivity.Read.All -- _SearchConfiguration.Read.All_: Read the list of all bookmarks created for your tenant (`GET /beta/search/bookmarks`) -- _SearchConfiguration.ReadWrite.All_: Update or read all bookmarks created for your tenant (`PATCH /beta/search/bookmarks/{id}`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | e93bd8c0-c267-45ea-9722-9d3376a7e302 | bdd9425e-296d-4e4b-9c15-0a288b4b12e1 +| DisplayText | Read all insights related to guest activity | Read insights related to guest activity +| Description | Allows the app to read all insights related to guest activity, without a signed-in user. | Allows the app to read insights related to guest activity, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Security permissions +### Insights-GuestActivity.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 681ded65-ad9c-4d3d-8f7d-962f84cc13d8 | 7e23346e-6931-45b2-b04e-6332b3905b8a +| DisplayText | Read and write all insights related to guest activity | Read and write insights related to guest activity +| Description | Allows the app to read and write all insights related to guest activity, without a signed-in user. | Allows the app to read and write insights related to guest activity, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _AttackSimulation.Read.All_ |Read attack simulation data of an organization | Allows the app to read attack simulation and training data for an organization for the signed-in user. | Yes | No | -| _AttackSimulation.ReadWrite.All_ |Read, create, and update attack simulation data of an organization |Allows the app to read, create, and update attack simulation and training data for an organization for the signed-in user. | Yes | No | -| _SecurityActions.Read.All_ | Read your organization's security actions | Allows the app to read your organization's security actions on behalf of the signed-in user. | Yes | No | -| _SecurityActions.ReadWrite.All_ | Read and update your organization's security actions | Allows the app to read or update your organization's security actions on behalf of the signed-in user. | Yes | No | -| _SecurityAlert.Read.All_ | Read alerts | Allows the app to read alerts, on behalf of the signed-in user. | Yes | No | -| _SecurityAlert.ReadWrite.All_ | Read and write to alerts | Allows the app to read and write alerts, on behalf of the signed-in user. | Yes | No | -| _SecurityEvents.Read.All_ | Read your organization's security events | Allows the app to read your organization's security events on behalf of the signed-in user. | Yes | No | -| _SecurityEvents.ReadWrite.All_ | Read and update your organization's security events | Allows the app to read your organization's security events on behalf of the signed-in user. Also allows the app to update editable properties in security events on behalf of the signed-in user. | Yes | No | -| _SecurityIncident.Read.All_ | Read incidents | Allows the app to read incidents, on behalf of the signed-in user. | Yes | No | -| _SecurityIncident.ReadWrite.All_ | Read and write to incidents | Allows the app to read and write incidents, on behalf of the signed-in user. | Yes | No | -| _ThreatIndicators.ReadWrite.OwnedBy_ | Manage threat indicators this app creates or owns |Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete) on behalf of the signed-in user. | Yes | No | -| _ThreatIndicators.Read.All_ | Read your organization's threat indicators | Allows the app to read all the threat indicators for your organization, on behalf of the signed-in user. | Yes | No | -| _ThreatIndicators.ReadWrite.OwnedBy_ | Manage threat indicators this app creates or owns |Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete) on behalf of the signed-in user. | Yes | No | +--- + +### Insights-UserMetric.Read.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 34cbd96c-d824-4755-90d3-1008ef47efc1 | 7d249730-51a3-4180-8ec1-214f144f1bff +| DisplayText | Read all user metrics insights | Read user metrics insights +| Description | Allows an app to read all user metrics insights, such as daily and monthly active users, without a signed-in user. | Allows an app to read user metrics insights, such as daily and monthly active users, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _AttackSimulation.Read.All_ |Read attack simulation data of an organization | Allows the app to read attack simulation and training data for an organization without a signed-in user.| Yes | -| _AttackSimulation.ReadWrite.All_ |Read, create, and update all attack simulation data of an organization | Allows the app to read, create, and update attack simulation and training data for an organization without a signed-in user.| Yes | -| _SecurityActions.Read.All_ | Read and write your organization's security events |Allows the app to create other applications, and fully manage those applications (read, update, update application secrets and delete), without a signed-in user. | Yes | -| _SecurityActions.ReadWrite.All_ | Create and read your organization's security actions | Allows the app to read or create security actions, without a signed-in user. | Yes | -| _SecurityAlert.Read.All_ | Read all alerts | Allows the app to read all alerts, without a signed-in user. | Yes | -| _SecurityAlert.ReadWrite.All_ | Read and write to all alerts | Allows the app to read and write to all alerts, without a signed-in user. | Yes | -| _SecurityEvents.Read.All_ | Read your organization's security events | Allows the app to read your organization's security events. | Yes | -| _SecurityEvents.ReadWrite.All_ | Read and update your organization's security events | Allows the app to read your organization's security events. Also allows the app to update editable properties in security events. | Yes | -| _SecurityIncident.Read.All_ | Read all incidents | Allows the app to read all incidents, without a signed-in user. | Yes | -| _SecurityIncident.ReadWrite.All_ | Read and write to all incidents | Allows the app to read and write to all incidents, without a signed-in user. | Yes | -| _ThreatIndicators.ReadWrite.OwnedBy_ | Manage threat indicators this app creates or owns | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user. It cannot update any threat indicators it does not own. | Yes | -| _ThreatIndicators.Read.All_ | Manage threat indicators this app creates or owns | Allows the app to read all the threat indicators for your organization, without a signed-in user. | Yes | -| _ThreatIndicators.ReadWrite.OwnedBy_ | Manage threat indicators this app creates or owns | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user. It cannot update any threat indicators it does not own. | Yes | +--- -### Remarks +### LearningAssignedCourse.Read -Security permissions are valid only on work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ac08cdae-e845-41db-adf9-5899a0ec9ef6 +| DisplayText | - | Read user's assignments +| Description | - | Allows the app to read data for the learner's assignments in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | - | No -### Example usage +--- -#### Delegated +### LearningAssignedCourse.Read.All -- _SecurityAlert.Read.All_: Read all alerts in an organization that the user is allowed to read (`GET /security/alerts_v2`). -- _SecurityAlert.ReadWrite.All_: Read and write to all alerts in an organization that the user is allowed to read and write (`GET /security/alerts_v2`). -- _SecurityEvents.Read.All_: Read the list of all security alerts from all licensed security providers available in an organization (`GET /beta/security/alerts`). -- _SecurityEvents.ReadWrite.All_: Update or read security alerts from all licensed security providers available in an organization (`PATCH /beta/security/alerts/{id}`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 535e6066-2894-49ef-ab33-e2c6d064bb81 | - +| DisplayText | Read all assignments | - +| Description | Allows the app to read data for all assignments in the organization's directory, without a signed-in user. | - +| AdminConsentRequired | Yes | - +--- -#### Application +### LearningAssignedCourse.ReadWrite.All -- _SecurityAlert.Read.All_: Read all alerts in an organization (`GET /security/alerts_v2`). -- _SecurityAlert.ReadWrite.All_: Read and write to all alerts in an organization (`GET /security/alerts`). -- _SecurityEvents.Read.All_: Read the list of all security alerts from all licensed security providers available in an organization (`GET /beta/security/alerts`). -- _SecurityEvents.ReadWrite.All_: Update or read security alerts from all licensed security providers available in an organization (`PATCH /beta/security/alerts/{id}`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 236c1cbd-1187-427f-b0f5-b1852454973b | - +| DisplayText | Read and write all assignments | - +| Description | Allows the app to create, update, read and delete all assignments in the organization's directory, without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Service communications permissions +### LearningContent.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8740813e-d8aa-4204-860e-2a0f8f84dbc8 | ea4c1fd9-6a9f-4432-8e5d-86e06cc0da77 +| DisplayText | Read all learning content | Read learning content +| Description | Allows the app to read all learning content in the organization's directory, without a signed-in user. | Allows the app to read learning content in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ServiceHealth.Read.All_ | Read service health | Allows the app to read your tenant's service health information on behalf of the signed-in user. Health information may include service issues or service health overviews. | Yes | Yes | -| _ServiceMessage.Read.All_ | Read service messages | Allows the app to read your tenant's service announcement messages on behalf of the signed-in user. Messages may include information about new or changed features. | Yes | Yes | -| _ServiceMessageViewpoint.Write_ | Update your user status on service announcement messages | Allows the app to update service announcement messages' user status on behalf of the signed-in user. The message status can be marked as read, archive, or favorite. | Yes | Yes | +--- -#### Application permissions +### LearningContent.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _ServiceHealth.Read.All_ | Read service health | Allows the app to read your tenant's service health information, without a signed-in user. Health information may include service issues or service health overviews. | Yes | -| _ServiceMessage.Read.All_ | Read service messages | Allows the app to read your tenant's service announcement messages, without a signed-in user. Messages may include information about new or changed features. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 444d6fcb-b738-41e5-b103-ac4f2a2628a3 | 53cec1c4-a65f-4981-9dc1-ad75dbf1c077 +| DisplayText | Manage all learning content | Manage learning content +| Description | Allows the app to manage all learning content in the organization's directory, without a signed-in user. | Allows the app to manage learning content in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Short Notes permissions +### LearningProvider.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | dd8ce36f-9245-45ea-a99e-8ac398c22861 +| DisplayText | - | Read learning provider +| Description | - | Allows the app to read data for the learning provider in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ShortNotes.Read_ | Read short notes of the signed-in user | Allows the app to read all the short notes a sign-in user has access to. | No | Yes | -| _ShortNotes.ReadWrite_ | Read, create, edit, and delete short notes of the signed-in user | Allows the app to read, create, edit, and delete short notes of a signed-in user. | No | Yes | +--- -#### Application permissions +### LearningProvider.ReadWrite -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _ShortNotes.Read.All_ | Read all users' short notes | Allows the app to read all the short notes without a signed-in user. | Yes | -| _ShortNotes.ReadWrite.All_ | Read, create, edit, and delete all users' short notes | Allows the app to read, create, edit, and delete all the short notes without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 40c2eb57-abaf-49f5-9331-e90fd01f7130 +| DisplayText | - | Manage learning provider +| Description | - | Allows the app to create, update, read, and delete data for the learning provider in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes --- -## Sites permissions +### LearningSelfInitiatedCourse.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f6403ef7-4a96-47be-a190-69ba274c3f11 +| DisplayText | - | Read user's self-initiated courses +| Description | - | Allows the app to read data for the learner's self-initiated courses in the organization's directory, on behalf of the signed-in user. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Sites.Read.All_ | Read items in all site collections | Allows the app to read documents and list items in all site collections on behalf of the signed-in user. | No | No | -| _Sites.ReadWrite.All_ | Read and write items in all site collections | Allows the app to edit or delete documents and list items in all site collections on behalf of the signed-in user. | No | No | -| _Sites.Manage.All_ | Create, edit, and delete items and lists in all site collections | Allows the app to manage and create lists, documents, and list items in all site collections on behalf of the signed-in user. | No | No | -| _Sites.FullControl.All_ | Have full control of all site collections | Allows the app to have full control to SharePoint sites in all site collections on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### LearningSelfInitiatedCourse.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Sites.Read.All_ | Read items in all site collections | Allows the app to read documents and list items in all site collections without a signed in user. | Yes | -| _Sites.ReadWrite.All_ | Read and write items in all site collections | Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user. | Yes | -| _Sites.Manage.All_ | Create, edit, and delete items and lists in all site collections | Allows the app to manage and create lists, documents, and list items in all site collections without a signed-in user. | Yes | -| _Sites.FullControl.All_ | Have full control of all site collections | Allows the app to have full control to SharePoint sites in all site collections without a signed-in user. | Yes | -| _Sites.Selected_ | Access selected site collections | Allow the application to access a subset of site collections without a signed in user.  The specific site collections and the permissions granted will be configured in SharePoint Online. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 467524fc-ed22-4356-a910-af61191e3503 | - +| DisplayText | Read all self-initiated courses | - +| Description | Allows the app to read data for all self-initiated courses in the organization's directory, without a signed-in user. | - +| AdminConsentRequired | Yes | - +--- -### Remarks +### LearningSelfInitiatedCourse.ReadWrite.All -Sites permissions are valid only on work or school accounts. -The _Sites.Selected_ application permission is available only in the Microsoft Graph API. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7654ed61-8965-4025-846a-0856ec02b5b0 | - +| DisplayText | Read and write all self-initiated courses | - +| Description | Allows the app to create, update, read and delete all self-initiated courses in the organization's directory, without a signed-in user. | - +| AdminConsentRequired | Yes | - -### Example usage +--- -#### Delegated +### LicenseAssignment.ReadWrite.All -* _Sites.Read.All_: Read the lists on the SharePoint root site (`GET /v1.0/sites/root/lists`) -* _Sites.ReadWrite.All_: Create new list items in a SharePoint list (`POST /v1.0/sites/root/lists/123/items`) -* _Sites.Manage.All_: Add a new list to a SharePoint site (`POST /v1.0/sites/root/lists`) -* _Sites.FullControl.All_: Complete access to SharePoint sites and lists. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5facf0c1-8979-4e95-abcf-ff3d079771c0 | f55016cc-149c-447e-8f21-7cf3ec1d6350 +| DisplayText | Manage all license assignments | Manage all license assignments +| Description | Allows an app to manage license assignments for users and groups, without a signed-in user. | Allows an app to manage license assignments for users and groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Synchronization permissions +### LifecycleWorkflows.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7c67316a-232a-4b84-be22-cea2c0906404 | 9bcb9916-765a-42af-bf77-02282e26b01a +| DisplayText | Read all lifecycle workflows resources | Read all lifecycle workflows resources +| Description | Allows the app to list and read all workflows, tasks and related lifecycle workflows resources without a signed-in user. | Allows the app to list and read all workflows, tasks and related lifecycle workflows resources on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -Synchronization.Read.All | Read all Azure AD synchronization data | Allows the app to read Azure AD synchronization information, on behalf of the signed-in user. | Yes | No | -Synchronization.ReadWrite.All | Read and write all Azure AD synchronization data | Allows the app to configure the Azure AD synchronization service, on behalf of the signed-in user. | Yes | No | -SynchronizationData-User.Upload | Allows the app to upload bulk user data to the identity synchronization service, on behalf of the signed-in user. | Yes | No | +### LifecycleWorkflows.ReadWrite.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5c505cf4-8424-4b8e-aa14-ee06e3bb23e3 | 84b9d731-7db8-4454-8c90-fd9e95350179 +| DisplayText | Read and write all lifecycle workflows resources | Read and write all lifecycle workflows resources +| Description | Allows the app to create, update, list, read and delete all workflows, tasks and related lifecycle workflows resources without a signed-in user. | Allows the app to create, update, list, read and delete all workflows, tasks and related lifecycle workflows resources on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -Synchronization.Read.All | Read all Azure AD synchronization data | Allows the application to read Azure AD synchronization information, without a signed-in user. | Yes | -Synchronization.ReadWrite.All | Read and write all Azure AD synchronization data | Allows the application to configure the Azure AD synchronization service, without a signed-in user. | Yes | -SynchronizationData-User.Upload | Upload user data to the identity synchronization service | Allows the application to upload bulk user data to the identity synchronization service, without a signed-in user. | Yes | +--- +### Mail.Read -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | 810c84a8-4a9e-49e6-bf7d-12d183f40d01 | 570282fd-fa5c-430d-a7fd-fc8dc98a9dca +| DisplayText | Read mail in all mailboxes | Read user mail +| Description | Allows the app to read mail in all mailboxes without a signed-in user. | Allows the app to read the signed-in user's mailbox. +| AdminConsentRequired | Yes | No -#### Delegated -- _Synchronization.Read.All_: Get the list of subject rights request available to the user (`GET /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`). -- _Synchronization.ReadWrite.All_: Create a subject rights request (`PUT /servicePrincipals/{id}/synchronization/jobs/{jobId}/schema`). +[!INCLUDE [Mail.Read](../includes/permissions-notes/Mail.Read.md)] -#### Application -- _Synchronization.Read.All_: Get the list of subject rights request available to the user (`GET /servicePrincipals/{id}/synchronization/jobs/{jobId}/`). -- _Synchronization.ReadWrite.All_: Create a subject rights request (`POST /servicePrincipals/{id}/synchronization/jobs/{jobId}/starta`). +--- +### Mail.Read.Shared -## Subject rights request permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 7b9103a5-4610-446b-9670-80643382c1fa +| DisplayText | - | Read user and shared mail +| Description | - | Allows the app to read mail a user can access, including their own and shared mail. +| AdminConsentRequired | - | No -#### Delegated permissions +[!INCLUDE [Mail.Read.Shared](../includes/permissions-notes/Mail.Read.Shared.md)] -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -SubjectRightsRequest.Read.All | Read subject rights requests | Allows the app to read subject rights requests on behalf of the signed-in user. | Yes | No | -SubjectRightsRequest.ReadWrite.All | Read and write subject rights requests | Allows the app to read and write subject rights requests on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions -None. +### Mail.ReadBasic -### Example usage -#### Delegated -- SubjectRightsRequest.Read.All_: Get the list of subject rights request available to the user (`GET /privacy/subjectrightsrequests`). -- _SubjectRightsRequest.ReadWrite.All_: Create a subject rights request (`POST /privacy/subjectrightsrequests`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6be147d2-ea4f-4b5a-a3fa-3eab6f3c140a | a4b8392a-d8d1-4954-a029-8e668a39a170 +| DisplayText | Read basic mail in all mailboxes | Read user basic mail +| Description | Allows the app to read basic mail properties in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties. | Allows the app to read email in the signed-in user's mailbox except body, previewBody, attachments and any extended properties. +| AdminConsentRequired | Yes | No -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +--- -## Tasks permissions +### Mail.ReadBasic.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 693c5e45-0940-467d-9b8a-1022fb9d42ef | - +| DisplayText | Read basic mail in all mailboxes | - +| Description | Allows the app to read basic mail properties in all mailboxes without a signed-in user. Includes all properties except body, previewBody, attachments and any extended properties. | - +| AdminConsentRequired | Yes | - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Tasks.Read_ | Read user's tasks and task lists | Allows the app to read the signed-in user's tasks and task lists, including any shared with the user. Doesn't include permission to create, delete, or update anything. | No | Yes | -| _Tasks.Read.Shared_ | Read user and shared tasks (preview) | Allows the app to read tasks a user has permissions to access, including their own and shared tasks. | No | No | -| _Tasks.ReadWrite_ | Create, read, update, and delete user's tasks and task lists | Allows the app to create, read, update, and delete the signed-in user's tasks and task lists, including any shared with the user. | No | Yes | -| _Tasks.ReadWrite.Shared_ | Read and write user and shared tasks (preview) | Allows the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks. | No | No | +--- -#### Application permissions +### Mail.ReadBasic.Shared -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Tasks.Read.All_ | Read all users' tasks and tasklist | Allows the app to read all users' tasks and task lists in your organization, without a signed-in user. | Yes | -| _Tasks.ReadWrite.All_ | Read and write all users' tasks and tasklists | Allows the app to create, read, update and delete all users' tasks and task lists in your organization, without a signed-in user | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b11fa0e7-fdb7-4dc9-b1f1-59facd463480 +| DisplayText | - | Read user and shared basic mail +| Description | - | Allows the app to read mail the signed-in user can access, including their own and shared mail, except for body, bodyPreview, uniqueBody, attachments, extensions, and any extended properties. +| AdminConsentRequired | - | No +--- -### Remarks -_Tasks_ permissions are used to control access for To Do tasks, Planner tasks, and Outlook tasks(deprecated). +### Mail.ReadWrite -_Shared_ permissions are currently only supported for work or school accounts. Even with _Shared_ permissions, reads and writes may fail if the user who owns the shared content has not granted the accessing user permissions to modify content within the folder. +| Category | Application | Delegated | +|--|--|--| +| Identifier | e2a3a72e-5f79-4c64-b1b1-878b674786c9 | 024d486e-b451-40bb-833d-3e66d98c5c73 +| DisplayText | Read and write mail in all mailboxes | Read and write access to user mail +| Description | Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail. | Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail. +| AdminConsentRequired | Yes | No -### Example usage -#### Delegated +[!INCLUDE [Mail.ReadWrite](../includes/permissions-notes/Mail.ReadWrite.md)] -* _Tasks.Read_: Get all Planner tasks assigned to the current user (`GET /me/planner/tasks`). -* _Tasks.Read.Shared_: Access tasks in a folder shared to you by another user in your organization (`Get /users{id|userPrincipalName}/outlook/taskfolders/{id}/tasks`). -* _Tasks.ReadWrite_: Create a Planner task (`POST /planner/tasks`). -* _Tasks.ReadWrite.Shared_: Complete a task on behalf of another user (`POST /users/{id | userPrincipalName}/outlook/tasks/id/complete`). +--- -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +### Mail.ReadWrite.Shared -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5df07973-7d5d-46ed-9847-1271055cbd51 +| DisplayText | - | Read and write user and shared mail +| Description | - | Allows the app to create, read, update, and delete mail a user has permission to access, including their own and shared mail. Does not include permission to send mail. +| AdminConsentRequired | - | No -* _Tasks.Read.All_: Get all Planner plans in a group (`GET /groups/{id}/planner/plans`) -* _Tasks.ReadWrite.All_: Delete a Planner task (`Delete /planner/tasks/{id}`) +[!INCLUDE [Mail.ReadWrite.Shared](../includes/permissions-notes/Mail.ReadWrite.Shared.md)] --- -## Taxonomy permissions - -#### Delegated permissions +### Mail.Send -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TermStore.Read.All_ | Read term store data | Allows app to read various terms, sets, and groups in the term store | Yes | No | -| _TermStore.ReadWrite.All_ | Read and write all term store data | Allows the app to edit or delete terms, sets, and groups in the term store | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | b633e1c5-b582-4048-a93e-9f11b44c7e96 | e383f46e-2787-4529-855e-0e479a3ffac0 +| DisplayText | Send mail as any user | Send mail as a user +| Description | Allows the app to send mail as any user without a signed-in user. | Allows the app to send mail as users in the organization. +| AdminConsentRequired | Yes | No -### Remarks +[!INCLUDE [Mail.Send](../includes/permissions-notes/Mail.Send.md)] -Taxonomy permissions are valid only on work or school accounts. +--- -### Example usage +### Mail.Send.Shared -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | a367ab51-6b49-43bf-a716-a1fb06d2a174 +| DisplayText | - | Send mail on behalf of others +| Description | - | Allows the app to send mail as the signed-in user, including sending on-behalf of others. +| AdminConsentRequired | - | No -* _TermStore.Read.All_: Read the termstore for the tenant (`GET /termStore`) -* _TermStore.ReadWrite.All_: Create new terms in the termStore (`POST /termStore/sets/123/children`) +[!INCLUDE [Mail.Send.Shared](../includes/permissions-notes/Mail.Send.Shared.md)] --- -## Teams permissions +### MailboxSettings.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 40f97065-369a-49f4-947c-6a255697ae91 | 87f447af-9fa4-4c32-9dfa-4a57a73d18ce +| DisplayText | Read all user mailbox settings | Read user mailbox settings +| Description | Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. | Allows the app to the read user's mailbox settings. Does not include permission to send mail. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Team.ReadBasic.All_ | Read the names and descriptions of teams | Read the names and descriptions of teams, on behalf of the signed-in user. | No | No | -| _Team.Create_ | Create teams | Create teams, on behalf of the signed-in user. | Yes | No | +[!INCLUDE [MailboxSettings.Read](../includes/permissions-notes/MailboxSettings.Read.md)] -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Team.ReadBasic.All_ | Get a list of all teams | Get a list of all teams, without a signed-in user. | Yes | No | -| _Team.Create_ | Create teams | Create teams, without a signed-in user. | Yes | No | -| _Teamwork.Migrate.All_|Manage migration to Microsoft Teams|Creating and managing resources for migration to Microsoft Teams|Yes|Yes| +### MailboxSettings.ReadWrite -## Team templates permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6931bccd-447a-43d1-b442-00a195474933 | 818c620a-27a9-40bd-a6a5-d96f7d610b4b +| DisplayText | Read and write all user mailbox settings | Read and write user mailbox settings +| Description | Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail. | Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to send mail. +| AdminConsentRequired | Yes | No -#### Delegated permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamTemplates.Read_ | TeamTemplates.Read is "Sign-in and read Teams templates available for this user" | Allows read of the available Teams Templates for the user | No | No | +[!INCLUDE [MailboxSettings.ReadWrite](../includes/permissions-notes/MailboxSettings.ReadWrite.md)] -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamTemplates.Read.All_ | Read all available Teams Templates | Allows read of the available Teams Templates, without signed user | No | No | +--- -## Team settings permissions +### ManagedTenants.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | dc34164e-6c4a-41a0-be89-3ae2fbad7cd3 +| DisplayText | - | Read all managed tenant information +| Description | - | Allows the app to read all managed tenant information on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamSettings.Read.All_ | Read teams' settings | Read this team's settings, on behalf of the signed-in user. | Yes | No | -| _TeamSettings.ReadWrite.All_ | Read and change teams' settings | Read and change all teams' settings, on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### ManagedTenants.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamSettings.Read.All_ | Read all teams' settings | Read this team's settings, without a signed-in user. | Yes | No | -| _TeamSettings.ReadWrite.All_ | Read and change all teams' settings. | Read and change all teams' settings, without a signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b31fa710-c9b3-4d9e-8f5e-8036eecddab9 +| DisplayText | - | Read and write all managed tenant information +| Description | - | Allows the app to read and write all managed tenant information on behalf of the signed-in user. +| AdminConsentRequired | - | Yes +--- -## Teams activity permissions +### Member.Read.Hidden -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 658aa5d8-239f-45c4-aa12-864f4fc7e490 | f6a3db3e-f7e8-4ed2-a414-557c8c9830be +| DisplayText | Read all hidden memberships | Read hidden memberships +| Description | Allows the app to read the memberships of hidden groups and administrative units without a signed-in user. | Allows the app to read the memberships of hidden groups and administrative units on behalf of the signed-in user, for those hidden groups and administrative units that the signed-in user has access to. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsActivity.Read_ | Read user's teamwork activity feed | Allows the app to read the signed-in user's teamwork activity feed. | No | No | -| _TeamsActivity.Send_ | Send a teamwork activity as the user | Allows the app to create new notifications in users' teamwork activity feeds on behalf of the signed in user. These notifications may not be discoverable or be held or governed by compliance policies. | No | No | +--- -#### Application permissions +### MultiTenantOrganization.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsActivity.Read.All_ | Read all users' teamwork activity feed | Allows the app to read all users' teamwork activity feed, without a signed-in user. | Yes | No | -| _TeamsActivity.Send_ | Send a teamwork activity to any user | Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4f994bc0-31bb-44bb-b480-7a7c1be8c02e | 526aa72a-5878-49fe-bf4e-357973af9b06 +| DisplayText | Read all multi-tenant organization details and tenants | Read multi-tenant organization details and tenants +| Description | Allows the app to read all multi-tenant organization details and tenants, without a signed-in user. | Allows the app to read multi-tenant organization details and tenants on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Teams app permissions (deprecated) +--- ->[!NOTE] ->These permissions are deprecated. Use the equivalent TeamsAppInstallation.\*.All permissions instead. +### MultiTenantOrganization.ReadBasic.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f9c2b2a7-3895-4b2e-80f6-c924b456e50b | 225db56b-15b2-4daa-acb3-0eec2bbe4849 +| DisplayText | Read multi-tenant organization basic details and active tenants | Read multi-tenant organization basic details and active tenants +| Description | Allows the app to read multi-tenant organization basic details and active tenants, without a signed-in user. | Allows the app to read multi-tenant organization basic details and active tenants on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsApp.Read.All_ (**Deprecated**)| Read all installed Teams apps | Allows the app to read the Teams apps that are installed for the signed-in user, and in all teams the user is a member of. Does not give the ability to read application-specific settings. | Yes | No | -| _TeamsApp.ReadWrite.All_ (**Deprecated**)| Manage all Teams apps | Allows the app to read, install, upgrade, and uninstall Teams apps, on behalf of the signed-in user and also for teams the user is a member of. Does not give the ability to read or write application-specific settings. | Yes | No | +--- -#### Application permissions +### MultiTenantOrganization.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsApp.Read.All_ (**Deprecated**)| Read all users' installed Teams apps | Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings. | Yes | No | -| _TeamsApp.ReadWrite.All_ (**Deprecated**)| Manage all users' Teams apps | Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read or write application-specific settings. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 920def01-ca61-4d2d-b3df-105b46046a70 | 77af1528-84f3-4023-8d90-d219cd433108 +| DisplayText | Read and write all multi-tenant organization details and tenants | Read and write multi-tenant organization details and tenants +| Description | Allows the app to read and write all multi-tenant organization details and tenants, without a signed-in user. | Allows the app to read and write multi-tenant organization details and tenants on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Teams app installation permissions +--- -#### Delegated permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsAppInstallation.ReadForUser_ | Read user's installed Teams apps| Allows the app to read the Teams apps that are installed for the signed-in user. Does not give the ability to read application-specific settings.| No | No | -| _TeamsAppInstallation.ReadWriteForUser_ | Manage user's installed Teams apps| Allows the app to read, install, upgrade, and uninstall Teams apps installed for the signed in user. Does not give the ability to read application-specific settings.| Yes | No | -| _TeamsAppInstallation.ReadWriteSelfForUser_ | Allow the app to manage itself in teams| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| No | No | -| _TeamsAppInstallation.ReadForTeam_ | Read installed Teams apps in teams| Allows the app to read the Teams apps that are installed in teams the signed-in user can access. Does not give the ability to read application-specific settings.| Yes | No | -| _TeamsAppInstallation.ReadWriteForTeam_ | Manage installed Teams apps in teams| Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. Does not give the ability to read application-specific settings.| Yes | No | -| _TeamsAppInstallation.ReadWriteSelfForTeam_ | Allow the app to manage itself in teams| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentForChat_ | Manage installed Teams apps in chats| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentForTeam_ | Manage installed Teams apps in teams| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForChat_ | Allow the Teams app to manage itself and its permission grants in chats| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForTeam_ | Allow the Teams app to manage itself and its permission grants in teams| Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentForUser_ | Manage installation and permission grants of Teams apps in all user accounts| Allows the app to read, install, upgrade, and uninstall Teams apps for your account, on your behalf. Gives the ability to manage permission grants for accessing your data.| Yes | No | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForUser_ | Allow the Teams app to manage itself and its permission grants in user accounts| Allows a Teams app to read, install, upgrade, and uninstall itself in user accounts, and manage its permission grants for accessing those specific users' data, on behalf of the signed-in user.| Yes | No | -| _ResourceSpecificPermissionGrant.ReadForUser_ |Read resource specific permissions granted on your user account | Allows the app to read the resource specific permission granted on your account, on your behalf.| Yes | No | - -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _TeamsAppInstallation.ReadForUser.All_ | Read installed Teams apps for all users| Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings.| Yes | -| _TeamsAppInstallation.ReadWriteForUser.All_ | Manage Teams apps for all users| Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read application-specific settings.| Yes | -| _TeamsAppInstallation.ReadWriteSelfForUser.All_ | Allow the app to manage itself for all users| Allows a Teams app to read, install, upgrade, and uninstall itself to any user, without a signed-in user.| Yes | -| _TeamsAppInstallation.ReadForTeam.All_ | Read installed Teams apps for all teams| Allows the app to read the Teams apps that are installed in any team, without a signed-in user. Does not give the ability to read application-specific settings.| Yes | -| _TeamsAppInstallation.ReadWriteForTeam.All_ | Manage Teams apps for all teams| Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings.| Yes | -| _TeamsAppInstallation.ReadWriteSelfForTeam.All_ | Allow the Teams app to manage itself for all teams| Allows a Teams app to read, install, upgrade, and uninstall itself in any team, without a signed-in user.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentForChat.All_ | Manage installation and permission grants of Teams apps for all chats| Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. Gives the ability to manage permission grants for accessing those specific chats' data.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentForTeam.All_ | Manage installation and permission grants of Teams apps for all teams| Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Gives the ability to manage permission grants for accessing those specific teams' data.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All_ | Allow the Teams app to manage itself and its permission grants for all chats| Allows a Teams app to read, install, upgrade, and uninstall itself for any chat, without a signed-in user, and manage its permission grants for accessing those specific chats' data.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForTeam.All_ | Allow the Teams app to manage itself and its permission grants for all teams| Allows a Teams app to read, install, upgrade, and uninstall itself for any team, without a signed-in user, and manage its permission grants for accessing those specific teams' data.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentForUser.All_ | Manage installation and permission grants of Teams apps in a user account| Allows the app to read, install, upgrade, and uninstall Teams apps in any user account, without a signed-in user. Gives the ability to manage permission grants for accessing those specific users' data.| Yes | -| _TeamsAppInstallation.ReadWriteAndConsentSelfForUser.All_ | Allow the Teams app to manage itself and its permission grants in all user accounts | Allows a Teams app to read, install, upgrade, and uninstall itself for any user account, without a signed-in user, and manage its permission grants for accessing those specific users' data.| Yes | -| _ResourceSpecificPermissionGrant.ReadForUser.All_ | Read all resource specific permissions granted on user accounts | Allows the app to read all resource specific permissions granted on user accounts, without a signed-in user.| Yes | - -## Teams app settings permissions - -#### Delegated permissions -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamworkAppSettings.Read.All_ | Read Teams app settings | Allows the app to read the Teams app settings on behalf of the signed-in user.| No | No | -| _TeamworkAppSettings.ReadWrite.All_ | Read and write Teams app settings | Allows the app to read and write the Teams app settings on behalf of the signed-in user.| Yes | No | - -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _TeamworkAppSettings.Read.All_ | Read Teams app settings | Allows the app to read the Teams app settings without a signed-in user.| Yes | -| _TeamworkAppSettings.ReadWrite.All_ | Read and write Teams app settings| Allows the app to read and write the Teams app settings without a signed-in user.| Yes | - -## Teams device management permissions - -#### Delegated permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamworkDevice.Read.All_ | Read Teams devices. | Allows the app to read the management data for Teams devices on behalf of the signed-in user. | Yes | No | -| _TeamworkDevice.ReadWrite.All_ | Read and write Teams devices. | Allows the app to read and write the management data for Teams devices on behalf of the signed-in user. | Yes | No | - -#### Application permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamworkDevice.Read.All_ | Read Teams devices. | Allows the app to read the management data for Teams devices, without a signed-in user. | Yes | No | -| _TeamworkDevice.ReadWrite.All_ | Read and write Teams devices. | Allows the app to read and write the management data for Teams devices, without a signed-in user. | Yes | No | - -## Team member permissions - -#### Delegated permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamMember.Read.All_ | Read the members of teams. | Read the members of teams, on behalf of the signed-in user. | Yes | No | -| _TeamMember.ReadWrite.All_ | Add and remove members from teams. | Add and remove members from teams, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner. | Yes | No | - -#### Application permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamMember.Read.All_ | Read the members of all teams. | Read the members of all teams, without a signed-in user. | Yes | No | -| _TeamMember.ReadWrite.All_ | Add and remove members from all teams. | Add and remove members from all teams, without a signed-in user. Also allows changing a team member's role, for example from owner to non-owner. | Yes | No | - -## Team resource-specific consent permissions - -#### Application permissions - -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamSettings.Read.Group_ | Read this team's settings. | Read this team's settings, without a signed-in user. |No | No | -| _TeamSettings.ReadWrite.Group_ | Update the settings for this team. | Read and write this team's settings, without a signed-in user. |No | No | -| _ChannelSettings.Read.Group_ | Read the names, descriptions, and settings of this team's channels. | Read this team's channel names, channel descriptions, and channel settings, without a signed-in user. |No | No | -| _ChannelSettings.ReadWrite.Group_ | Update the names, descriptions, and settings of this team's channels.| Update this team's channel names, channel descriptions, and channel settings, without a signed-in user. |No | No | -| _Channel.Create.Group_ | Create channels in this team. | Create channels in this team, without a signed-in user. |No | No | -| _Channel.Delete.Group_ | Delete this team's channels. | Delete this team's channels, without a signed-in user. |No | No | -| _ChannelMessage.Read.Group_ | Read the team's channel messages. | Allows an app to read this team's channel's messages, without a signed-in user. |No | No | -| _TeamsAppInstallation.Read.Group_ | See which apps are installed in this team. | See which apps are installed in this team, without a signed-in user. |No | No | -| _TeamsTab.Read.Group_ | Read this team's tabs. | Read this team's tabs, without a signed-in user. |No | No | -| _TeamsTab.Create.Group_ | Create tabs in this team. | Create tabs in this team, without a signed-in user. |No | No | -| _TeamsTab.ReadWrite.Group_ | Update this team's tabs. | Update this team's tabs, without a signed-in user. |No | No | -| _TeamsTab.Delete.Group_ | Delete this team's tabs. | Delete this team's tabs, without a signed-in user. |No | No | -| _TeamMember.Read.Group_ | Read this team's members. | Read this team's members, without a signed-in user. |No | No | -| _Member.Read.Group_ | Read this group's members.| Read this group's members, without a signed-in user. |No | No | -| _Owner.Read.Group_| Read this group's owners. | Read this group's owners, without a signed-in user. |No | No | -| _File.Read.Group_| Read this team's files and folders. | **Limited support**
(Preview) Read this team's files and folders, without a signed-in users. | No | No | -| _TeamsActivity.Send.Group_| Send activity feed notifications to users in this team. | Allows the app to create new notifications in the teamwork activity feeds of the users in this team, without a signed-in user. | No | No | - -## Teams settings permissions +### NetworkAccessBranch.Read.All -### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 39ae4a24-1ef0-49e8-9d63-2a66f5c39edd | 4051c7fc-b429-4804-8d80-8f1f8c24a6f7 +| DisplayText | Read properties of all branches for network access | Read properties of branches for network access +| Description | Allows the app to read your organization's network access braches, without a signed-in user. | Allows the app to read your organization's branches for network access on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Team.ReadBasic.All_ | Read the names and descriptions of teams| Read the names and descriptions of teams, on behalf of the signed-in user.|No| No | -| _TeamSettings.Read.All_ | Read teams' settings| Read all teams' settings, on behalf of the signed-in user.|Yes| No | -| _TeamSettings.ReadWrite.All_ | Read and change teams' settings.| Read and change all teams' settings, on behalf of the signed-in user.|Yes| No | +--- -### Application permissions +### NetworkAccessBranch.ReadWrite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Team.ReadBasic.All_ | Get a list of all teams.| Get a list of all teams, without a signed-in user.|Yes| No | -| _TeamSettings.Read.All_ | Read all teams' settings| Read this team's settings, without a signed-in user.|Yes| No | -| _TeamSettings.ReadWrite.All_ | Read and change all teams' settings| Read and change all teams' settings, without a signed-in user.|Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8137102d-ec16-4191-aaf8-7aeda8026183 | b8a36cc2-b810-461a-baa4-a7281e50bd5c +| DisplayText | Read and write properties of all branches for network access | Read and write properties of branches for network access +| Description | Allows the app to read and write your organization's network access braches, without a signed-in user. | Allows the app to read and write your organization's branches for network access on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## Teams tab permissions +--- -#### Delegated permissions +### NetworkAccessPolicy.Read.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsTab.Read.All_ | Read tabs in Microsoft Teams. | Allows the app to read the Teams apps that are installed for the signed-in user, and in all teams the user is a member of. Does not give the ability to read application-specific settings. | Yes | No | -| _TeamsTab.ReadWrite.All_ | Read and write tabs in Microsoft Teams. | Allows the app to read, install, upgrade, and uninstall Teams apps, on behalf of the signed-in user and also for teams the user is a member of. Does not give the ability to read or write application-specific settings. | Yes | No | -| _TeamsTab.Create_ | Create tabs in Microsoft Teams. | Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | Yes | No | - _TeamsTab.ReadWriteSelfForChat_ | Allow the Teams app to manage only its own tabs in chats. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs in chats the signed-in user can access. | Yes | No | - _TeamsTab.ReadWriteSelfForTeam_ | Allow the Teams app to manage only its own tabs in teams. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs to teams the signed-in user can access. | Yes | No | -_TeamsTab.ReadWriteSelfForUser_ | Allow the Teams app to manage only its own tabs for a user. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8a3d36bf-cb46-4bcc-bec9-8d92829dab84 | ba22922b-752c-446f-89d7-a2d92398fceb +| DisplayText | Read all security and routing policies for network access | Read security and routing policies for network access +| Description | Allows the app to read your organization's network access policies, without a signed-in user. | Allows the app to read your organization's security and routing network access policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamsTab.Read.All_ | Read tabs in Microsoft Teams. | Read the names and settings of tabs inside any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Yes | No | -| _TeamsTab.ReadWrite.All_ | Read and write tabs in Microsoft Teams. | Read and write tabs in any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Yes | No | -| _TeamsTab.Create_ | Create tabs in Microsoft Teams. | Allows the app to create tabs in any team in Microsoft Teams, without a signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | Yes | No | -_TeamsTab.ReadWriteSelfForChat.All_ | Allow the Teams app to manage only its own tabs for all chats. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any chat, without a signed-in user. | Yes | No | - _TeamsTab.ReadWriteSelfForTeam.All_ | Allow the Teams app to manage only its own tabs for all teams. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any team, without a signed-in user. | Yes | No | -_TeamsTab.ReadWriteSelfForUser.All_ | Allow the Teams app to manage only its own tabs for all users. | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any user, without a signed-in user. | Yes | No | +### NetworkAccessPolicy.ReadWrite.All -## Teams tag permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | f0c341be-8348-4989-8e43-660324294538 | b1fbad0f-ef6e-42ed-8676-bca7fa3e7291 +| DisplayText | Read and write all security and routing policies for network access | Read and write security and routing policies for network access +| Description | Allows the app to read and write your organization's network access policies, without a signed-in user. | Allows the app to read and write your organization's security and routing network access policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamworkTag.ReadWrite_| Read and write tags in Microsoft Teams. | Allows the app to read and write tags in Teams, on behalf of the signed-in user. | Yes | No | -| _TeamworkTag.Read_ | Read tags in Microsoft Teams. | Allows the app to read tags in Teams, on behalf of the signed-in user. | Yes | No | +### Notes.Create -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9d822255-d64d-4b7a-afdb-833b9a97ed02 +| DisplayText | - | Create user OneNote notebooks +| Description | - | Allows the app to read the titles of OneNote notebooks and sections and to create new pages, notebooks, and sections on behalf of the signed-in user. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _TeamworkTag.ReadWrite.All_| Read and write tags in Microsoft Teams. | Allows the app to read and write tags in Teams without a signed-in user. | Yes | No | -| _TeamworkTag.Read.All_ | Read tags in Microsoft Teams. | Allows the app to read tags in Teams without a signed-in user | Yes | No | +--- +### Notes.Read -## Tenant information permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 371361e4-b9e2-4a3f-8315-2a301a3b0a3d +| DisplayText | - | Read user OneNote notebooks +| Description | - | Allows the app to read OneNote notebooks on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _CrossTenantInformation.ReadBasic.All_ | Read basic information about an external tenant. | Allows the app to read limited information about an external tenant, on behalf of the signed-in user. | Yes | No | +### Notes.Read.All -#### Application permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3aeca27b-ee3a-4c2b-8ded-80376e2134a4 | dfabfca6-ee36-4db2-8208-7a28381419b3 +| DisplayText | Read all OneNote notebooks | Read all OneNote notebooks that user can access +| Description | Allows the app to read all the OneNote notebooks in your organization, without a signed-in user. | Allows the app to read OneNote notebooks that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | No -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _CrossTenantInformation.ReadBasic.All_ | Read basic information about an external tenant. | Allows the app to read limited information about an external tenant, without a signed-in user. | Yes | +--- +### Notes.ReadWrite -## Terms of use permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 615e26af-c38a-4150-ae3e-c3b0d4cb1d6a +| DisplayText | - | Read and write user OneNote notebooks +| Description | - | Allows the app to read, share, and modify OneNote notebooks on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Delegated permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Agreement.Read.All_ | Read all terms of use agreements | Allows the app to read terms of use agreements on behalf of the signed-in user. | Yes | No | -| _Agreement.ReadWrite.All_ | Read and write all terms of use agreements | Allows the app to read and write terms of use agreements on behalf of the signed-in user. | Yes | No | -| _AgreementAcceptance.Read_ | Read user terms of use acceptance statuses | Allows the app to read terms of use acceptance statuses on behalf of the signed-in user. | Yes | No | -| _AgreementAcceptance.Read.All_ | Read terms of use acceptance statuses that user can access | Allows the app to read terms of use acceptance statuses on behalf of the signed-in user. | Yes | No | +### Notes.ReadWrite.All -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0c458cef-11f3-48c2-a568-c66751c238c0 | 64ac0503-b4fa-45d9-b544-71a463f05da0 +| DisplayText | Read and write all OneNote notebooks | Read and write all OneNote notebooks that user can access +| Description | Allows the app to read all the OneNote notebooks in your organization, without a signed-in user. | Allows the app to read, share, and modify OneNote notebooks that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | No -All the permissions above are valid only for work or school accounts. +--- -For an app to read or write all agreements or agreement acceptances with delegated permissions, the signed-in user must be assigned the Global Administrator, Conditional Access Administrator or Security Administrator role. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +### Notes.ReadWrite.CreatedByApp -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ed68249d-017c-4df5-9113-e684c7f8760b +| DisplayText | - | Limited notebook access (deprecated) +| Description | - | This is deprecated! Do not use! This permission no longer has any effect. You can safely consent to it. No additional privileges will be granted to the app. +| AdminConsentRequired | - | No -#### Delegated -The following usages are valid for both delegated permissions: +--- -* _Agreement.Read.All_: Read all terms of use agreements (`GET /beta/agreements`) -* _Agreement.ReadWrite.All_: Read and write all terms of use agreements (`POST /beta/agreements`) -* _AgreementAcceptance.Read_ Read user terms of use acceptance statuses (`GET /beta/me/agreementAcceptances`) +### Notifications.ReadWrite.CreatedByApp -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 89497502-6e42-46a2-8cb2-427fd3df970a +| DisplayText | - | Deliver and manage user notifications for this app +| Description | - | Allows the app to deliver its notifications on behalf of signed-in users. Also allows the app to read, update, and delete the user's notification items for this app. +| AdminConsentRequired | - | No --- -## Threat assessment permissions - -#### Delegated permissions +### offline_access -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ThreatAssessment.ReadWrite.All_ | Read and write threat assessment requests | Allows an app to read your organization's threat assessment requests on behalf of the signed-in user. Also allows the app to create new requests to assess threats received by your organization on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 7427e0e9-2fba-42fe-b0c0-848c9e6a8182 +| DisplayText | - | Maintain access to data you have given it access to +| Description | - | Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions. +| AdminConsentRequired | - | No -#### Application permissions +[!INCLUDE [offline_access](../includes/permissions-notes/offline_access.md)] -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _ThreatAssessment.Read.All_ | Read threat assessment requests | Allows an app to read your organization's threat assessment requests, without a signed-in user. | Yes | +--- -### Remarks +### OnlineMeetingArtifact.Read.All -Threat assessment permissions are valid only on work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | df01ed3b-eb61-4eca-9965-6b3d789751b2 | 110e5abb-a10c-4b59-8b55-9b4daa4ef743 +| DisplayText | Read online meeting artifacts | Read user's online meeting artifacts +| Description | Allows the app to read online meeting artifacts in your organization, without a signed-in user. | Allows the app to read online meeting artifacts on behalf of the signed-in user. +| AdminConsentRequired | Yes | No -### Example usage +[!INCLUDE [OnlineMeetingArtifact.Read.All](../includes/permissions-notes/OnlineMeetingArtifact.Read.All.md)] -#### Delegated +--- -* _ThreatAssessment.ReadWrite.All_: Read and write threat assessment requests (`POST /informationProtection/threatAssessmentRequests`) +### OnlineMeetingRecording.Read.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | a4a08342-c95d-476b-b943-97e100569c8d | 190c2bb6-1fdd-4fec-9aa2-7d571b5e1fe3 +| DisplayText | Read all recordings of online meetings. | Read all recordings of online meetings. +| Description | Allows the app to read all recordings of all online meetings, without a signed-in user. | Allows the app to read all recordings of online meetings, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* _ThreatAssessment.Read.All_: Read threat assessment requests (`GET /informationProtection/threatAssessmentRequests`) +[!INCLUDE [OnlineMeetingRecording.Read.All](../includes/permissions-notes/OnlineMeetingRecording.Read.All.md)] --- -## Threat hunting permissions +### OnlineMeetings.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9be106e1-f4e3-4df5-bdff-e4bc531cbe43 +| DisplayText | - | Read user's online meetings +| Description | - | Allows the app to read online meeting details on behalf of the signed-in user. +| AdminConsentRequired | - | No -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ThreatHunting.Read.All_ | Run hunting queries | Allows the app to run hunting queries, on behalf of the signed-in user. | Yes | No | +[!INCLUDE [OnlineMeetings.Read](../includes/permissions-notes/OnlineMeetings.Read.md)] +--- -#### Application permissions +### OnlineMeetings.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _ThreatHunting.Read.All_ | Run hunting queries | Allows the app to run hunting queries, without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | c1684f21-1984-47fa-9d61-2dc8c296bb70 | - +| DisplayText | Read online meeting details | - +| Description | Allows the app to read online meeting details in your organization, without a signed-in user. | - +| AdminConsentRequired | Yes | - -### Remarks +--- -Threat hunting permissions are valid only on work or school accounts. +### OnlineMeetings.ReadWrite -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | a65f2972-a4f8-4f5e-afd7-69ccb046d5dc +| DisplayText | - | Read and create user's online meetings +| Description | - | Allows the app to read and create online meetings on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Delegated +[!INCLUDE [OnlineMeetings.ReadWrite](../includes/permissions-notes/OnlineMeetings.ReadWrite.md)] -* _ThreatHunting.Read.All_: Run hunting query on behalf of the signed in user (`POST /security/runHuntingQuery`) +--- -#### Application +### OnlineMeetings.ReadWrite.All -* _ThreatHunting.Read.All_: Run hunting query (`POST /security/runHuntingQuery`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | b8bb2037-6e08-44ac-a4ea-4674e010e2a4 | - +| DisplayText | Read and create online meetings | - +| Description | Allows the app to read and create online meetings as an application in your organization. | - +| AdminConsentRequired | Yes | - --- -## Threat intelligence permissions +### OnlineMeetingTranscript.Read.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | a4a80d8d-d283-4bd8-8504-555ec3870630 | 30b87d18-ebb1-45db-97f8-82ccb1f0190c +| DisplayText | Read all transcripts of online meetings. | Read all transcripts of online meetings. +| Description | Allows the app to read all transcripts of all online meetings, without a signed-in user. | Allows the app to read all transcripts of online meetings, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _ThreatIntelligence.Read.All_ | Read all threat intelligence information | Allows the app to read threat intelligence information, such as indicators, observations, and articles, on behalf of the signed-in user. | Yes | No | +[!INCLUDE [OnlineMeetingTranscript.Read.All](../includes/permissions-notes/OnlineMeetingTranscript.Read.All.md)] +--- -#### Application permissions +### OnPremDirectorySynchronization.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _ThreatIntelligence.Read.All_ | Read all threat intelligence information | Allows the app to read threat intellgence information, such as indicators, observations, and articles, without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | bb70e231-92dc-4729-aff5-697b3f04be95 | f6609722-4100-44eb-b747-e6ca0536989d +| DisplayText | Read all on-premises directory synchronization information | Read all on-premises directory synchronization information +| Description | Allows the app to read all on-premises directory synchronization information for the organization, without a signed-in user. | Allows the app to read all on-premises directory synchronization information for the organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -Threat intelligence permissions are valid only on work or school accounts. +### OnPremDirectorySynchronization.ReadWrite.All -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | c22a92cc-79bf-4bb1-8b6c-e0a05d3d80ce | c2d95988-7604-4ba1-aaed-38a5f82a51c7 +| DisplayText | Read and write all on-premises directory synchronization information | Read and write all on-premises directory synchronization information +| Description | Allows the app to read and write all on-premises directory synchronization information for the organization, without a signed-in user. | Allows the app to read and write all on-premises directory synchronization information for the organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Delegated +--- -_ThreatIntelligence.Read.All_: List threat intelligence articles on behalf of the signed-in user (`GET /security/threatIntelligence/articles`) +### OnPremisesPublishingProfiles.ReadWrite.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0b57845e-aa49-4e6f-8109-ce654fffa618 | 8c4d5184-71c2-4bf8-bb9d-bc3378c9ad42 +| DisplayText | Manage on-premises published resources | Manage on-premises published resources +| Description | Allows the app to create, view, update and delete on-premises published resources, on-premises agents and agent groups, as part of a hybrid identity configuration, without a signed in user. | Allows the app to manage hybrid identity service configuration by creating, viewing, updating and deleting on-premises published resources, on-premises agents and agent groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -_ThreatIntelligence.Read.All_: Get host reputation information, without a signed-in user (`GET /security/threatIntelligence/hosts/contoso.com/reputation`) +--- + +### openid + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 37f7f235-527c-4136-accd-4a02d197296e +| DisplayText | - | Sign users in +| Description | - | Allows users to sign in to the app with their work or school accounts and allows the app to see basic user profile information. +| AdminConsentRequired | - | No + +[!INCLUDE [openid](../includes/permissions-notes/openid.md)] + +--- + +### Organization.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 498476ce-e0fe-48b0-b801-37ba7e2685c6 | 4908d5b9-3fb2-4b1e-9336-1888b7937185 +| DisplayText | Read organization information | Read organization information +| Description | Allows the app to read the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information. | Allows the app to read the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed skus and tenant branding information. +| AdminConsentRequired | Yes | Yes + +--- + +### Organization.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 292d869f-3427-49a8-9dab-8c70152b74e9 | 46ca0847-7e6b-426e-9775-ea810a948356 +| DisplayText | Read and write organization information | Read and write organization information +| Description | Allows the app to read and write the organization and related resources, without a signed-in user. Related resources include things like subscribed skus and tenant branding information. | Allows the app to read and write the organization and related resources, on behalf of the signed-in user. Related resources include things like subscribed skus and tenant branding information. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgContact.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | e1a88a34-94c4-4418-be12-c87b00e26bea | 08432d1b-5911-483c-86df-7980af5cdee0 +| DisplayText | Read organizational contacts | Read organizational contacts +| Description | Allows the app to read all organizational contacts without a signed-in user. These contacts are managed by the organization and are different from a user's personal contacts. | Allows the app to read all organizational contacts on behalf of the signed-in user.  These contacts are managed by the organization and are different from a user's personal contacts. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-AppsAndServices.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 56c84fa9-ea1f-4a15-90f2-90ef41ece2c9 | 1e9b7a7e-4d64-44ff-acf5-2e9651c1519f +| DisplayText | Read organization-wide apps and services settings | Read organization-wide apps and services settings +| Description | Allows the app to read organization-wide apps and services settings, without a signed-in user. | Allows the app to read organization-wide apps and services settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-AppsAndServices.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4a8e4191-c1c8-45f8-b801-f9a1a5ee6ad3 | c167b0e7-47c0-48e8-9eee-9892f58018fa +| DisplayText | Read and write organization-wide apps and services settings | Read and write organization-wide apps and services settings +| Description | Allows the app to read and write organization-wide apps and services settings, without a signed-in user. | Allows the app to read and write organization-wide apps and services settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-DynamicsVoice.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | c18ae2dc-d9f3-4495-a93f-18980a0e159f | 9862d930-5aec-4a98-8d4f-7277a8db9bcb +| DisplayText | Read organization-wide Dynamics customer voice settings | Read organization-wide Dynamics customer voice settings +| Description | Allows the app to read organization-wide Dynamics customer voice settings, without a signed-in user. | Allows the app to read organization-wide Dynamics customer voice settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-DynamicsVoice.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | c3f1cc32-8bbd-4ab6-bd33-f270e0d9e041 | 4cea26fb-6967-4234-82c4-c044414743f8 +| DisplayText | Read and write organization-wide Dynamics customer voice settings | Read and write organization-wide Dynamics customer voice settings +| Description | Allows the app to read and write organization-wide Dynamics customer voice settings, without a signed-in user. | Allows the app to read and write organization-wide Dynamics customer voice settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Forms.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 434d7c66-07c6-4b1f-ab21-417cf2cdaaca | 210051a0-1ffc-435c-ae76-02d226d05752 +| DisplayText | Read organization-wide Microsoft Forms settings | Read organization-wide Microsoft Forms settings +| Description | Allows the app to read organization-wide Microsoft Forms settings, without a signed-in user. | Allows the app to read organization-wide Microsoft Forms settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Forms.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2cb92fee-97a3-4034-8702-24a6f5d0d1e9 | 346c19ff-3fb2-4e81-87a0-bac9e33990c1 +| DisplayText | Read and write organization-wide Microsoft Forms settings | Read and write organization-wide Microsoft Forms settings +| Description | Allows the app to read and write organization-wide Microsoft Forms settings, without a signed-in user. | Allows the app to read and write organization-wide Microsoft Forms settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Microsoft365Install.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6cdf1fb1-b46f-424f-9493-07247caa22e2 | 8cbdb9f6-9c2e-451a-814d-ec606e5d0212 +| DisplayText | Read organization-wide Microsoft 365 apps installation settings | Read organization-wide Microsoft 365 apps installation settings +| Description | Allows the app to read organization-wide Microsoft 365 apps installation settings, without a signed-in user. | Allows the app to read organization-wide Microsoft 365 apps installation settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Microsoft365Install.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 83f7232f-763c-47b2-a097-e35d2cbe1da5 | 1ff35e91-19eb-42d8-aa2d-cc9891127ae5 +| DisplayText | Read and write organization-wide Microsoft 365 apps installation settings | Read and write organization-wide Microsoft 365 apps installation settings +| Description | Allows the app to read and write organization-wide Microsoft 365 apps installation settings, without a signed-in user. | Allows the app to read and write organization-wide Microsoft 365 apps installation settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Todo.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | e4d9cd09-d858-4363-9410-abb96737f0cf | 7ff96f41-f022-45ba-acd8-ef3f03063d6b +| DisplayText | Read organization-wide Microsoft To Do settings | Read organization-wide Microsoft To Do settings +| Description | Allows the app to read organization-wide Microsoft To Do settings, without a signed-in user. | Allows the app to read organization-wide Microsoft To Do settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### OrgSettings-Todo.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5febc9da-e0d0-4576-bd13-ae70b2179a39 | 087502c2-5263-433e-abe3-8f77231a0627 +| DisplayText | Read and write organization-wide Microsoft To Do settings | Read and write organization-wide Microsoft To Do settings +| Description | Allows the app to read and write organization-wide Microsoft To Do settings, without a signed-in user. | Allows the app to read and write organization-wide Microsoft To Do settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### People.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ba47897c-39ec-4d83-8086-ee8256fa737d +| DisplayText | - | Read users' relevant people lists +| Description | - | Allows the app to read a ranked list of relevant people of the signed-in user. The list includes local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype). +| AdminConsentRequired | - | No + +--- + +### People.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b528084d-ad10-4598-8b93-929746b4d7d6 | b89f9189-71a5-4e70-b041-9887f0bc7e4a +| DisplayText | Read all users' relevant people lists | Read all users' relevant people lists +| Description | Allows the app to read any user's scored list of relevant people, without a signed-in user. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype). | Allows the app to read a scored list of relevant people of the signed-in user or other users in the signed-in user's organization. The list can include local contacts, contacts from social networking, your organization's directory, and people from recent communications (such as email and Skype). +| AdminConsentRequired | Yes | Yes + +--- + +### PeopleSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ef02f2e7-e22d-4c77-8614-8f765683b86e | ec762c5f-388b-4b16-8693-ac1efbc611bc +| DisplayText | Read all tenant-wide people settings | Read tenant-wide people settings +| Description | Allows the application to read tenant-wide people settings without a signed-in user. | Allows the application to read tenant-wide people settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PeopleSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b6890674-9dd5-4e42-bb15-5af07f541ae1 | e67e6727-c080-415e-b521-e3f35d5248e9 +| DisplayText | Read and write all tenant-wide people settings | Read and write tenant-wide people settings +| Description | Allows the application to read and write tenant-wide people settings without a signed-in user. | Allows the application to read and write tenant-wide people settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Place.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 913b9306-0ce1-42b8-9137-6a7df690a760 | cb8f45a0-5c2e-4ea1-b803-84b870a7d7ec +| DisplayText | Read all company places | Read all company places +| Description | Allows the app to read company places (conference rooms and room lists) for calendar events and other applications, without a signed-in user. | Allows the app to read your company's places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Place.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 4c06a06a-098a-4063-868e-5dfee3827264 +| DisplayText | - | Read and write organization places +| Description | - | Allows the app to manage organization places (conference rooms and room lists) for calendar events and other applications, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### Policy.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 246dd0d5-5bd0-4def-940b-0421030a5b68 | 572fea84-0151-49b2-9301-11cb16974376 +| DisplayText | Read your organization's policies | Read your organization's policies +| Description | Allows the app to read all your organization's policies without a signed in user. | Allows the app to read your organization's policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.Read.ConditionalAccess + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 37730810-e9ba-4e46-b07e-8ca78d182097 | 633e0fce-8c58-4cfb-9495-12bbd5a24f7c +| DisplayText | Read your organization's conditional access policies | Read your organization's conditional access policies +| Description | Allows the app to read your organization's conditional access policies, without a signed-in user. | Allows the app to read your organization's conditional access policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### Policy.Read.IdentityProtection + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b21b72f6-4e6a-4533-9112-47eea9f97b28 | d146432f-b803-4ed4-8d42-ba74193a6ede +| DisplayText | Read your organization’s identity protection policy | Read your organization’s identity protection policy +| Description | Allows the app to read your organization’s identity protection policy without a signed-in user. | Allows the app to read your organization’s identity protection policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.Read.PermissionGrant + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9e640839-a198-48fb-8b9a-013fd6f6cbcd | 414de6ea-2d92-462f-b120-6e2a809a6d01 +| DisplayText | Read consent and permission grant policies | Read consent and permission grant policies +| Description | Allows the app to read policies related to consent and permission grants for applications, without a signed-in user. | Allows the app to read policies related to consent and permission grants for applications, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.AccessReview + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 77c863fd-06c0-47ce-a7eb-49773e89d319 | 4f5bc9c8-ea54-4772-973a-9ca119cb0409 +| DisplayText | Read and write your organization's directory access review default policy | Read and write your organization's directory access review default policy +| Description | Allows the app to read and write your organization's directory access review default policy without a signed-in user. | Allows the app to read and write your organization's directory access review default policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.ApplicationConfiguration + +| Category | Application | Delegated | +|--|--|--| +| Identifier | be74164b-cff1-491c-8741-e671cb536e13 | b27add92-efb2-4f16-84f5-8108ba77985c +| DisplayText | Read and write your organization's application configuration policies | Read and write your organization's application configuration policies +| Description | Allows the app to read and write your organization's application configuration policies, without a signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy. | Allows the app to read and write your organization's application configuration policies on behalf of the signed-in user. This includes policies such as activityBasedTimeoutPolicy, claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenIssuancePolicy and tokenLifetimePolicy. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.AuthenticationFlows + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 25f85f3c-f66c-4205-8cd5-de92dd7f0cec | edb72de9-4252-4d03-a925-451deef99db7 +| DisplayText | Read and write authentication flow policies | Read and write authentication flow policies +| Description | Allows the app to read and write all authentication flow policies for the tenant, without a signed-in user. | Allows the app to read and write the authentication flow policies, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.AuthenticationMethod + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 29c18626-4985-4dcd-85c0-193eef327366 | 7e823077-d88e-468f-a337-e18f1f0e6c7c +| DisplayText | Read and write all authentication method policies  | Read and write authentication method policies +| Description | Allows the app to read and write all authentication method policies for the tenant, without a signed-in user.  | Allows the app to read and write the authentication method policies, on behalf of the signed-in user.  +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.Authorization + +| Category | Application | Delegated | +|--|--|--| +| Identifier | fb221be6-99f2-473f-bd32-01c6a0e9ca3b | edd3c878-b384-41fd-95ad-e7407dd775be +| DisplayText | Read and write your organization's authorization policy | Read and write your organization's authorization policy +| Description | Allows the app to read and write your organization's authorization policy without a signed in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. | Allows the app to read and write your organization's authorization policy on behalf of the signed-in user. For example, authorization policies can control some of the permissions that the out-of-the-box user role has by default. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.ConditionalAccess + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 01c0a623-fc9b-48e9-b794-0756f8e8f067 | ad902697-1014-4ef5-81ef-2b4301988e8c +| DisplayText | Read and write your organization's conditional access policies | Read and write your organization's conditional access policies +| Description | Allows the app to read and write your organization's conditional access policies, without a signed-in user. | Allows the app to read and write your organization's conditional access policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.ConsentRequest + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 999f8c63-0a38-4f1b-91fd-ed1947bdd1a9 | 4d135e65-66b8-41a8-9f8b-081452c91774 +| DisplayText | Read and write your organization's consent request policy | Read and write consent request policy +| Description | Allows the app to read and write your organization's consent requests policy without a signed-in user. | Allows the app to read and write your organization's consent requests policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.CrossTenantAccess + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 338163d7-f101-4c92-94ba-ca46fe52447c | 014b43d0-6ed4-4fc6-84dc-4b6f7bae7d85 +| DisplayText | Read and write your organization's cross tenant access policies | Read and write your organization's cross tenant access policies +| Description | Allows the app to read and write your organization's cross tenant access policies without a signed-in user. | Allows the app to read and write your organization's cross tenant access policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.DeviceConfiguration + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 40b534c3-9552-4550-901b-23879c90bcf9 +| DisplayText | - | Read and write your organization's device configuration policies +| Description | - | Allows the app to read and write your organization's device configuration policies on behalf of the signed-in user. For example, device registration policy can limit initial provisioning controls using quota restrictions, additional authentication and authorization checks. +| AdminConsentRequired | - | Yes + +--- + +### Policy.ReadWrite.ExternalIdentities + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 03cc4f92-788e-4ede-b93f-199424d144a5 | b5219784-1215-45b5-b3f1-88fe1081f9c0 +| DisplayText | Read and write your organization's external identities policy | Read and write your organization's external identities policy +| Description | Allows the application to read and update the organization's external identities policy without a signed-in user. For example, external identities policy controls if users invited to access resources in your organization via B2B collaboration or B2B direct connect are allowed to self-service leave. | Allows the application to read and update the organization's external identities policy on behalf of the signed-in user. For example, external identities policy controls if users invited to access resources in your organization via B2B collaboration or B2B direct connect are allowed to self-service leave. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.FeatureRollout + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2044e4f1-e56c-435b-925c-44cd8f6ba89a | 92a38652-f13b-4875-bc77-6e1dbb63e1b2 +| DisplayText | Read and write feature rollout policies | Read and write your organization's feature rollout policies +| Description | Allows the app to read and write feature rollout policies without a signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. | Allows the app to read and write your organization's feature rollout policies on behalf of the signed-in user. Includes abilities to assign and remove users and groups to rollout of a specific feature. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.FedTokenValidation + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 90bbca0b-227c-4cdc-8083-1c6cfb95bac6 | be1be369-4540-4ac9-8928-79de99f70d8f +| DisplayText | Read and write your organization's federated token validation policy | Read and write your organization's federated token validation policy +| Description | Allows the application to read and update the organization's federated token validation policy without a signed-in user. | Allows the application to read and update the organization's federated token validation policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.IdentityProtection + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2dcf8603-09eb-4078-b1ec-d30a1a76b873 | 7256e131-3efb-4323-9854-cf41c6021770 +| DisplayText | Read and write your organization’s identity protection policy | Read and write your organization’s identity protection policy +| Description | Allows the app to read and write your organization’s identity protection policy without a signed-in user. | Allows the app to read and write your organization’s identity protection policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.MobilityManagement + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | a8ead177-1889-4546-9387-f25e658e2a79 +| DisplayText | - | Read and write your organization's mobility management policies +| Description | - | Allows the app to read and write your organization's mobility management policies on behalf of the signed-in user. For example, a mobility management policy can set the enrollment scope for a given mobility management application. +| AdminConsentRequired | - | Yes + +--- + +### Policy.ReadWrite.PermissionGrant + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a402ca1c-2696-4531-972d-6e5ee4aa11ea | 2672f8bb-fd5e-42e0-85e1-ec764dd2614e +| DisplayText | Manage consent and permission grant policies | Manage consent and permission grant policies +| Description | Allows the app to manage policies related to consent and permission grants for applications, without a signed-in user. | Allows the app to manage policies related to consent and permission grants for applications, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.SecurityDefaults + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1c6e93a6-28e2-4cbb-9f64-1a46a821124d | 0b2a744c-2abf-4f1e-ad7e-17a087e2be99 +| DisplayText | Read and write your organization's security defaults policy | Read and write your organization's security defaults policy +| Description | Allows the app to read and write your organization's security defaults policy, without a signed-in user. | Allows the app to read and write your organization's security defaults policy on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Policy.ReadWrite.TrustFramework + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 79a677f7-b79d-40d0-a36a-3e6f8688dd7a | cefba324-1a70-4a6e-9c1d-fd670b7ae392 +| DisplayText | Read and write your organization's trust framework policies | Read and write your organization's trust framework policies +| Description | Allows the app to read and write your organization's trust framework policies without a signed in user. | Allows the app to read and write your organization's trust framework policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### POP.AccessAsUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | d7b7f2d9-0f45-4ea1-9d42-e50810c06991 +| DisplayText | - | Read and write access to mailboxes via POP. +| Description | - | Allows the app to have the same access to mailboxes as the signed-in user via POP protocol. +| AdminConsentRequired | - | No + +--- + +### Presence.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 76bc735e-aecd-4a1d-8b4c-2b915deabb79 +| DisplayText | - | Read user's presence information +| Description | - | Allows the app to read presence information on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. +| AdminConsentRequired | - | No + +--- + +### Presence.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9c7a330d-35b3-4aa1-963d-cb2b9f927841 +| DisplayText | - | Read presence information of all users in your organization +| Description | - | Allows the app to read presence information of all users in the directory on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. +| AdminConsentRequired | - | No + +--- + +### Presence.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 8d3c54a7-cf58-4773-bf81-c0cd6ad522bb +| DisplayText | - | Read and write a user's presence information +| Description | - | Allows the app to read the presence information and write activity and availability on behalf of the signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, timezone and location. +| AdminConsentRequired | - | No + +--- + +### Presence.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 83cded22-8297-4ff6-a7fa-e97e9545a259 | - +| DisplayText | Read and write presence information for all users | - +| Description | Allows the app to read all presence information and write activity and availability of all users in the directory without a signed-in user. Presence information includes activity, availability, status note, calendar out-of-office message, time zone and location. | - +| AdminConsentRequired | Yes | - + +--- + +### PrintConnector.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | d69c2d6d-4f72-4f99-a6b9-663e32f8cf68 +| DisplayText | - | Read print connectors +| Description | - | Allows the application to read print connectors on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### PrintConnector.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 79ef9967-7d59-4213-9c64-4b10687637d8 +| DisplayText | - | Read and write print connectors +| Description | - | Allows the application to read and write print connectors on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### Printer.Create + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 90c30bed-6fd1-4279-bf39-714069619721 +| DisplayText | - | Register printers   +| Description | - | Allows the application to create (register) printers on behalf of the signed-in user.  +| AdminConsentRequired | - | Yes + +--- + +### Printer.FullControl.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 93dae4bd-43a1-4a23-9a1a-92957e1d9121 +| DisplayText | - | Register, read, update, and unregister printers +| Description | - | Allows the application to create (register), read, update, and delete (unregister) printers on behalf of the signed-in user.  +| AdminConsentRequired | - | Yes + +--- + +### Printer.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9709bb33-4549-49d4-8ed9-a8f65e45bb0f | 3a736c8a-018e-460a-b60c-863b2683e8bf +| DisplayText | Read printers | Read printers +| Description | Allows the application to read printers without a signed-in user.  | Allows the application to read printers on behalf of the signed-in user.  +| AdminConsentRequired | Yes | Yes + +--- + +### Printer.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | f5b3f73d-6247-44df-a74c-866173fddab0 | 89f66824-725f-4b8f-928e-e1c5258dc565 +| DisplayText | Read and update printers | Read and update printers +| Description | Allows the application to read and update printers without a signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. | Allows the application to read and update printers on behalf of the signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. +| AdminConsentRequired | Yes | Yes + +--- + +### PrinterShare.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ed11134d-2f3f-440d-a2e1-411efada2502 +| DisplayText | - | Read printer shares +| Description | - | Allows the application to read printer shares on behalf of the signed-in user.  +| AdminConsentRequired | - | No + +--- + +### PrinterShare.ReadBasic.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5fa075e9-b951-4165-947b-c63396ff0a37 +| DisplayText | - | Read basic information about printer shares +| Description | - | Allows the application to read basic information about printer shares on behalf of the signed-in user. Does not allow reading access control information. +| AdminConsentRequired | - | No + +--- + +### PrinterShare.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 06ceea37-85e2-40d7-bec3-91337a46038f +| DisplayText | - | Read and write printer shares +| Description | - | Allows the application to read and update printer shares on behalf of the signed-in user.  +| AdminConsentRequired | - | Yes + +--- + +### PrintJob.Create + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 21f0d9c0-9f13-48b3-94e0-b6b231c7d320 +| DisplayText | - | Create print jobs +| Description | - | Allows the application to create print jobs on behalf of the signed-in user and upload document content to print jobs that the signed-in user created. +| AdminConsentRequired | - | No + +[!INCLUDE [PrintJob.Create](../includes/permissions-notes/PrintJob.Create.md)] + +--- + +### PrintJob.Manage.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 58a52f47-9e36-4b17-9ebe-ce4ef7f3e6c8 | - +| DisplayText | Perform advanced operations on print jobs | - +| Description | Allows the application to perform advanced operations like redirecting a print job to another printer without a signed-in user. Also allows the application to read and update the metadata of print jobs. | - +| AdminConsentRequired | Yes | - + +--- + +### PrintJob.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 248f5528-65c0-4c88-8326-876c7236df5e +| DisplayText | - | Read user's print jobs +| Description | - | Allows the application to read the metadata and document content of print jobs that the signed-in user created. +| AdminConsentRequired | - | No + +[!INCLUDE [PrintJob.Read](../includes/permissions-notes/PrintJob.Read.md)] + +--- + +### PrintJob.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ac6f956c-edea-44e4-bd06-64b1b4b9aec9 | afdd6933-a0d8-40f7-bd1a-b5d778e8624b +| DisplayText | Read print jobs | Read print jobs +| Description | Allows the application to read the metadata and document content of print jobs without a signed-in user.  | Allows the application to read the metadata and document content of print jobs on behalf of the signed-in user.  +| AdminConsentRequired | Yes | Yes + +[!INCLUDE [PrintJob.Read.All](../includes/permissions-notes/PrintJob.Read.All.md)] + +--- + +### PrintJob.ReadBasic + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 6a71a747-280f-4670-9ca0-a9cbf882b274 +| DisplayText | - | Read basic information of user's print jobs +| Description | - | Allows the application to read the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. +| AdminConsentRequired | - | No + +[!INCLUDE [PrintJob.ReadBasic](../includes/permissions-notes/PrintJob.ReadBasic.md)] + +--- + +### PrintJob.ReadBasic.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | fbf67eee-e074-4ef7-b965-ab5ce1c1f689 | 04ce8d60-72ce-4867-85cf-6d82f36922f3 +| DisplayText | Read basic information for print jobs | Read basic information of print jobs +| Description | Allows the application to read the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Allows the application to read the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. +| AdminConsentRequired | Yes | Yes + +[!INCLUDE [PrintJob.ReadBasic.All](../includes/permissions-notes/PrintJob.ReadBasic.All.md)] + +--- + +### PrintJob.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b81dd597-8abb-4b3f-a07a-820b0316ed04 +| DisplayText | - | Read and write user's print jobs +| Description | - | Allows the application to read and update the metadata and document content of print jobs that the signed-in user created. +| AdminConsentRequired | - | No + +[!INCLUDE [PrintJob.ReadWrite](../includes/permissions-notes/PrintJob.ReadWrite.md)] + +--- + +### PrintJob.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5114b07b-2898-4de7-a541-53b0004e2e13 | 036b9544-e8c5-46ef-900a-0646cc42b271 +| DisplayText | Read and write print jobs | Read and write print jobs +| Description | Allows the application to read and update the metadata and document content of print jobs without a signed-in user. | Allows the application to read and update the metadata and document content of print jobs on behalf of the signed-in user.  +| AdminConsentRequired | Yes | Yes + +[!INCLUDE [PrintJob.ReadWrite.All](../includes/permissions-notes/PrintJob.ReadWrite.All.md)] + +--- + +### PrintJob.ReadWriteBasic + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 6f2d22f2-1cb6-412c-a17c-3336817eaa82 +| DisplayText | - | Read and write basic information of user's print jobs +| Description | - | Allows the application to read and update the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. +| AdminConsentRequired | - | No + +[!INCLUDE [PrintJob.ReadWriteBasic](../includes/permissions-notes/PrintJob.ReadWriteBasic.md)] + +--- + +### PrintJob.ReadWriteBasic.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 57878358-37f4-4d3a-8c20-4816e0d457b1 | 3a0db2f6-0d2a-4c19-971b-49109b19ad3d +| DisplayText | Read and write basic information for print jobs | Read and write basic information of print jobs +| Description | Allows the application to read and update the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Allows the application to read and update the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. +| AdminConsentRequired | Yes | Yes + +[!INCLUDE [PrintJob.ReadWriteBasic.All](../includes/permissions-notes/PrintJob.ReadWriteBasic.All.md)] + +--- + +### PrintSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b5991872-94cf-4652-9765-29535087c6d8 | 490f32fd-d90f-4dd7-a601-ff6cdc1a3f6c +| DisplayText | Read tenant-wide print settings | Read tenant-wide print settings +| Description | Allows the application to read tenant-wide print settings without a signed-in user. | Allows the application to read tenant-wide print settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrintSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 9ccc526a-c51c-4e5c-a1fd-74726ef50b8f +| DisplayText | - | Read and write tenant-wide print settings +| Description | - | Allows the application to read and write tenant-wide print settings on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### PrintTaskDefinition.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 456b71a7-0ee0-4588-9842-c123fcc8f664 | - +| DisplayText | Read, write and update print task definitions | - +| Description | Allows the application to read and update print task definitions without a signed-in user.  | - +| AdminConsentRequired | Yes | - + +--- + +### PrivilegedAccess.Read.AzureAD + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4cdc2547-9148-4295-8d11-be0db1391d6b | b3a539c9-59cb-4ad5-825a-041ddbdc2bdb +| DisplayText | Read privileged access to Azure AD roles | Read privileged access to Azure AD +| Description | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user. | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAccess.Read.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 01e37dc9-c035-40bd-b438-b2879c4870a6 | d329c81c-20ad-4772-abf9-3f6fdb7e5988 +| DisplayText | Read privileged access to Azure AD groups | Read privileged access to Azure AD groups +| Description | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user. | Allows the app to read time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAccess.Read.AzureResources + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5df6fe86-1be0-44eb-b916-7bd443a71236 | 1d89d70c-dcac-4248-b214-903c457af83a +| DisplayText | Read privileged access to Azure resources | Read privileged access to Azure resources +| Description | Allows the app to read time-based assignment and just-in-time elevation of user privileges to audit Azure resources in your organization, without a signed-in user. | Allows the app to read time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAccess.ReadWrite.AzureAD + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 854d9ab1-6657-4ec8-be45-823027bcd009 | 3c3c74f5-cdaa-4a97-b7e0-4e788bfcfb37 +| DisplayText | Read and write privileged access to Azure AD roles | Read and write privileged access to Azure AD +| Description | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD built-in and custom administrative roles in your organization, without a signed-in user. | Allows the app to request and manage just in time elevation (including scheduled elevation) of users to Azure AD built-in administrative roles, on behalf of signed-in users. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAccess.ReadWrite.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2f6817f8-7b12-4f0f-bc18-eeaf60705a9e | 32531c59-1f32-461f-b8df-6f8a3b89f73b +| DisplayText | Read and write privileged access to Azure AD groups | Read and write privileged access to Azure AD groups +| Description | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups in your organization, without a signed-in user. | Allows the app to request and manage time-based assignment and just-in-time elevation (including scheduled elevation) of Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAccess.ReadWrite.AzureResources + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6f9d5abc-2db6-400b-a267-7de22a40fb87 | a84a9652-ffd3-496e-a991-22ba5529156a +| DisplayText | Read and write privileged access to Azure resources | Read and write privileged access to Azure resources +| Description | Allows the app to request and manage time-based assignment and just-in-time elevation of Azure resources (like your subscriptions, resource groups, storage, compute) in your organization, without a signed-in user. | Allows the app to request and manage time-based assignment and just-in-time elevation of user privileges to manage Azure resources (like subscriptions, resource groups, storage, compute) on behalf of the signed-in users. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAssignmentSchedule.Read.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | cd4161cb-f098-48f8-a884-1eda9a42434c | 02a32cc4-7ab5-4b58-879a-0586e0f7c495 +| DisplayText | Read assignment schedules for access to Azure AD groups | Read assignment schedules for access to Azure AD groups +| Description | Allows the app to read time-based assignment schedules for access to Azure AD groups, without a signed-in user. | Allows the app to read time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedAssignmentSchedule.ReadWrite.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 41202f2c-f7ab-45be-b001-85c9728b9d69 | 06dbc45d-6708-4ef0-a797-f797ee68bf4b +| DisplayText | Read, create, and delete assignment schedules for access to Azure AD groups | Read, create, and delete assignment schedules for access to Azure AD groups +| Description | Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, without a signed-in user. | Allows the app to read, create, and delete time-based assignment schedules for access to Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedEligibilitySchedule.Read.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | edb419d6-7edc-42a3-9345-509bfdf5d87c | 8f44f93d-ecef-46ae-a9bf-338508d44d6b +| DisplayText | Read eligibility schedules for access to Azure AD groups | Read eligibility schedules for access to Azure AD groups +| Description | Allows the app to read time-based eligibility schedules for access to Azure AD groups, without a signed-in user. | Allows the app to read time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 618b6020-bca8-4de6-99f6-ef445fa4d857 | ba974594-d163-484e-ba39-c330d5897667 +| DisplayText | Read, create, and delete eligibility schedules for access to Azure AD groups | Read, create, and delete eligibility schedules for access to Azure AD groups +| Description | Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, without a signed-in user. | Allows the app to read, create, and delete time-based eligibility schedules for access to Azure AD groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### profile + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 14dad69e-099b-42c9-810b-d002981feec1 +| DisplayText | - | View users' basic profile +| Description | - | Allows the app to see your users' basic profile (e.g., name, picture, user name, email address) +| AdminConsentRequired | - | No + +[!INCLUDE [profile](../includes/permissions-notes/profile.md)] + +--- + +### ProgramControl.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | eedb7fdd-7539-4345-a38b-4839e4a84cbd | c492a2e1-2f8f-4caa-b076-99bbf6e40fe4 +| DisplayText | Read all programs | Read all programs that user can access +| Description | Allows the app to read programs and program controls in the organization, without a signed-in user. | Allows the app to read programs and program controls that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | Yes + +--- + +### ProgramControl.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 60a901ed-09f7-4aa5-a16e-7dd3d6f9de36 | 50fd364f-9d93-4ae1-b170-300e87cccf84 +| DisplayText | Manage all programs | Manage all programs that user can access +| Description | Allows the app to read, update, delete and perform actions on programs and program controls in the organization, without a signed-in user. | Allows the app to read, update, delete and perform actions on programs and program controls that the signed-in user has access to in the organization. +| AdminConsentRequired | Yes | Yes + +--- + +### QnA.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ee49e170-1dd1-4030-b44c-61ad6e98f743 | f73fa04f-b9a5-4df9-8843-993ce928925e +| DisplayText | Read all Question and Answers | Read all Questions and Answers that the user can access. +| Description | Allows an app to read all question and answers, without a signed-in user. | Allows an app to read all question and answer sets that the signed-in user can access. +| AdminConsentRequired | Yes | No + +--- + +### RecordsManagement.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ac3a2b8e-03a3-4da9-9ce0-cbe28bf1accd | 07f995eb-fc67-4522-ad66-2b8ca8ea3efd +| DisplayText | Read Records Management configuration, labels and policies | Read Records Management configuration, labels, and policies +| Description | Allows the application to read any data from Records Management, such as configuration, labels, and policies without the signed in user. | Allows the application to read any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### RecordsManagement.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | eb158f57-df43-4751-8b21-b8932adb3d34 | f2833d75-a4e6-40ab-86d4-6dfe73c97605 +| DisplayText | Read and write Records Management configuration, labels and policies | Read and write Records Management configuration, labels, and policies +| Description | Allow the application to create, update and delete any data from Records Management, such as configuration, labels, and policies without the signed in user. | Allow the application to create, update and delete any data from Records Management, such as configuration, labels, and policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Reports.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 230c1aed-a721-4c5d-9cb4-a90514e508ef | 02e97553-ed7b-43d0-ab3c-f8bace0d040c +| DisplayText | Read all usage reports | Read all usage reports +| Description | Allows an app to read all service usage reports without a signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory. | Allows an app to read all service usage reports on behalf of the signed-in user. Services that provide usage reports include Office 365 and Azure Active Directory. +| AdminConsentRequired | Yes | Yes + +--- + +### ReportSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ee353f83-55ef-4b78-82da-555bfa2b4b95 | 84fac5f4-33a9-4100-aa38-a20c6d29e5e7 +| DisplayText | Read all admin report settings | Read admin report settings +| Description | Allows the app to read all admin report settings, such as whether to display concealed information in reports, without a signed-in user. | Allows the app to read admin report settings, such as whether to display concealed information in reports, on behalf of the signed-in user +| AdminConsentRequired | Yes | Yes + +--- + +### ReportSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2a60023f-3219-47ad-baa4-40e17cd02a1d | b955410e-7715-4a88-a940-dfd551018df3 +| DisplayText | Read and write all admin report settings | Read and write admin report settings +| Description | Allows the app to read and update all admin report settings, such as whether to display concealed information in reports, without a signed-in user. | Allows the app to read and update admin report settings, such as whether to display concealed information in reports, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ResourceSpecificPermissionGrant.ReadForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f1d91a8f-88e7-4774-8401-b668d5bca0c5 +| DisplayText | - | Read resource specific permissions granted on a user account +| Description | - | Allows the app to read the resource specific permissions granted on a user account, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### ResourceSpecificPermissionGrant.ReadForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | acfca4d5-f49f-40ed-9648-84068b474c73 | - +| DisplayText | Read all resource specific permissions granted on user accounts | - +| Description | Allows the app to read all resource specific permissions granted on user accounts, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### RoleAssignmentSchedule.Read.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | d5fe8ce8-684c-4c83-a52c-46e882ce4be1 | 344a729c-0285-42c6-9014-f12b9b8d6129 +| DisplayText | Read all active role assignments and role schedules for your company's directory | Read all active role assignments for your company's directory +| Description | Allows the app to read the active role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes reading directory role templates, and directory roles. | Allows the app to read the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleAssignmentSchedule.ReadWrite.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | dd199f4a-f148-40a4-a2ec-f0069cc799ec | 8c026be3-8e26-4774-9372-8d5d6f21daff +| DisplayText | Read, update, and delete all policies for privileged role assignments of your company's directory | Read, update, and delete all active role assignments for your company's directory +| Description | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Allows the app to read and manage the active role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing active directory role membership, and reading directory role templates, directory roles and active memberships. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleEligibilitySchedule.Read.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ff278e11-4a33-4d0c-83d2-d01dc58929a5 | eb0788c2-6d4e-4658-8c9e-c0fb8053f03d +| DisplayText | Read all eligible role assignments and role schedules for your company's directory | Read all eligible role assignments for your company's directory +| Description | Allows the app to read the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes reading directory role templates, and directory roles. | Allows the app to read the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, and directory roles. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleEligibilitySchedule.ReadWrite.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | fee28b28-e1f3-4841-818e-2704dc62245f | 62ade113-f8e0-4bf9-a6ba-5acb31db32fd +| DisplayText | Read, update, and delete all eligible role assignments and schedules for your company's directory | Read, update, and delete all eligible role assignments for your company's directory +| Description | Allows the app to read and manage the eligible role-based access control (RBAC) assignments and schedules for your company's directory, without a signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships. | Allows the app to read and manage the eligible role-based access control (RBAC) assignments for your company's directory, on behalf of the signed-in user. This includes managing eligible directory role membership, and reading directory role templates, directory roles and eligible memberships. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | c7fbd983-d9aa-4fa7-84b8-17382c103bc4 | 48fec646-b2ba-4019-8681-8eb31435aded +| DisplayText | Read role management data for all RBAC providers | Read role management data for all RBAC providers +| Description | Allows the app to read role-based access control (RBAC) settings for all RBAC providers without a signed-in user. This includes reading role definitions and role assignments. | Allows the app to read the role-based access control (RBAC) settings for all RBAC providers, on behalf of the signed-in user. This includes reading role definitions and role assignments. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.Read.CloudPC + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 031a549a-bb80-49b6-8032-2068448c6a3c | 9619b88a-8a25-48a7-9571-d23be0337a79 +| DisplayText | Read Cloud PC RBAC settings | Read Cloud PC RBAC settings +| Description | Allows the app to read the Cloud PC role-based access control (RBAC) settings, without a signed-in user. | Allows the app to read the Cloud PC role-based access control (RBAC) settings, on behalf of the signed-in user.  This includes reading Cloud PC role definitions and role assignments. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.Read.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 483bed4a-2ad3-4361-a73b-c83ccdbdc53c | 741c54c3-0c1e-44a1-818b-3f97ab4e8c83 +| DisplayText | Read all directory RBAC settings | Read directory RBAC settings +| Description | Allows the app to read the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes reading directory role templates, directory roles and memberships. | Allows the app to read the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes reading directory role templates, directory roles and memberships. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.Read.Exchange + +| Category | Application | Delegated | +|--|--|--| +| Identifier | c769435f-f061-4d0b-8ff1-3d39870e5f85 | 3bc15058-7858-4141-b24f-ae43b4e80b52 +| DisplayText | Read Exchange Online RBAC configuration | Read Exchange Online RBAC configuration +| Description | Allows the app to read the role-based access control (RBAC) configuration for your organization's Exchange Online service, without a signed-in user. This includes reading Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. | Allows the app to read the role-based access control (RBAC) settings for your organization's Exchange Online service, on behalf of the signed-in user. This includes reading Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.ReadWrite.CloudPC + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 274d0592-d1b6-44bd-af1d-26d259bcb43a | 501d06f8-07b8-4f18-b5c6-c191a4af7a82 +| DisplayText | Read and write all Cloud PC RBAC settings | Read and write Cloud PC RBAC settings +| Description | Allows the app to read and manage the Cloud PC role-based access control (RBAC) settings, without a signed-in user. This includes reading and managing Cloud PC role definitions and memberships. | Allows the app to read and manage the Cloud PC role-based access control (RBAC) settings, on behalf of the signed-in user. This includes reading and managing Cloud PC role definitions and role assignments. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagement.ReadWrite.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9e3f62cf-ca93-4989-b6ce-bf83c28f9fe8 | d01b97e9-cbc0-49fe-810a-750afd5527a3 +| DisplayText | Read and write all directory RBAC settings | Read and write directory RBAC settings +| Description | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, without a signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. | Allows the app to read and manage the role-based access control (RBAC) settings for your company's directory, on behalf of the signed-in user. This includes instantiating directory roles and managing directory role membership, and reading directory role templates, directory roles and memberships. +| AdminConsentRequired | Yes | Yes + +[!INCLUDE [RoleManagement.ReadWrite.Directory](../includes/permissions-notes/RoleManagement.ReadWrite.Directory.md)] + +--- + +### RoleManagement.ReadWrite.Exchange + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 025d3225-3f02-4882-b4c0-cd5b541a4e80 | c1499fe0-52b1-4b22-bed2-7a244e0e879f +| DisplayText | Read and write Exchange Online RBAC configuration | Read and write Exchange Online RBAC configuration +| Description | Allows the app to read and manage the role-based access control (RBAC) settings for your organization's Exchange Online service, without a signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. | Allows the app to read and manage the role-based access control (RBAC) settings for your organization's Exchange Online service, on behalf of the signed-in user. This includes reading, creating, updating, and deleting Exchange management role definitions, role groups, role group membership, role assignments, management scopes, and role assignment policies. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementAlert.Read.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ef31918f-2d50-4755-8943-b8638c0a077e | cce71173-f76d-446e-97ff-efb2d82e11b1 +| DisplayText | Read all alert data for your company's directory | Read all alert data for your company's directory +| Description | Allows the app to read all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Allows the app to read the role-based access control (RBAC) alerts for your company's directory, on behalf of the signed-in user. This includes reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementAlert.ReadWrite.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 11059518-d6a6-4851-98ed-509268489c4a | 435644c6-a5b1-40bf-8f52-fe8e5b53e19c +| DisplayText | Read all alert data, configure alerts, and take actions on all alerts for your company's directory | Read all alert data, configure alerts, and take actions on all alerts for your company's directory +| Description | Allows the app to read and manage all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Allows the app to read and manage the role-based access control (RBAC) alerts for your company's directory, on behalf of the signed-in user. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementPolicy.Read.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 69e67828-780e-47fd-b28c-7b27d14864e6 | 7e26fdff-9cb1-4e56-bede-211fe0e420e8 +| DisplayText | Read all policies in PIM for Groups | Read all policies in PIM for Groups +| Description | Allows the app to read policies in Privileged Identity Management for Groups, without a signed-in user. | Allows the app to read policies in Privileged Identity Management for Groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementPolicy.Read.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | fdc4c997-9942-4479-bfcb-75a36d1138df | 3de2cdbe-0ff5-47d5-bdee-7f45b4749ead +| DisplayText | Read all policies for privileged role assignments of your company's directory | Read all policies for privileged role assignments of your company's directory +| Description | Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Allows the app to read policies for privileged role-based access control (RBAC) assignments of your company's directory, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementPolicy.ReadWrite.AzureADGroup + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b38dcc4d-a239-4ed6-aa84-6c65b284f97c | 0da165c7-3f15-4236-b733-c0b0f6abe41d +| DisplayText | Read, update, and delete all policies in PIM for Groups | Read, update, and delete all policies in PIM for Groups +| Description | Allows the app to read, update, and delete policies in Privileged Identity Management for Groups, without a signed-in user. | Allows the app to read, update, and delete policies in Privileged Identity Management for Groups, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### RoleManagementPolicy.ReadWrite.Directory + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 31e08e0a-d3f7-4ca2-ac39-7343fb83e8ad | 1ff1be21-34eb-448c-9ac9-ce1f506b2a68 +| DisplayText | Read, update, and delete all policies for privileged role assignments of your company's directory | Read, update, and delete all policies for privileged role assignments of your company's directory +| Description | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, without a signed-in user. | Allows the app to read, update, and delete policies for privileged role-based access control (RBAC) assignments of your company's directory, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Schedule.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7b2ebf90-d836-437f-b90d-7b62722c4456 | fccf6dd8-5706-49fa-811f-69e2e1b585d0 +| DisplayText | Read all schedule items | Read user schedule items +| Description | Allows the app to read all schedules, schedule groups, shifts and associated entities in the Teams or Shifts application without a signed-in user. | Allows the app to read schedule, schedule groups, shifts and associated entities in the Teams or Shifts application on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Schedule.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b7760610-0545-4e8a-9ec3-cce9e63db01c | 63f27281-c9d9-4f29-94dd-6942f7f1feb0 +| DisplayText | Read and write all schedule items | Read and write user schedule items +| Description | Allows the app to manage all schedules, schedule groups, shifts and associated entities in the Teams or Shifts application without a signed-in user. | Allows the app to manage schedule, schedule groups, shifts and associated entities in the Teams or Shifts application on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SearchConfiguration.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ada977a5-b8b1-493b-9a91-66c206d76ecf | 7d307522-aa38-4cd0-bd60-90c6f0ac50bd +| DisplayText | Read your organization's search configuration | Read your organization's search configuration +| Description | Allows the app to read search configurations, without a signed-in user. | Allows the app to read search configuration, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SearchConfiguration.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0e778b85-fefa-466d-9eec-750569d92122 | b1a7d408-cab0-47d2-a2a5-a74a3733600d +| DisplayText | Read and write your organization's search configuration | Read and write your organization's search configuration +| Description | Allows the app to read and write search configurations, without a signed-in user. | Allows the app to read and write search configuration, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityActions.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5e0edab9-c148-49d0-b423-ac253e121825 | 1638cddf-07a4-4de2-8645-69c96cacad73 +| DisplayText | Read your organization's security actions | Read your organization's security actions +| Description | Allows the app to read security actions, without a signed-in user. | Allows the app to read security actions, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityActions.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | f2bf083f-0179-402a-bedb-b2784de8a49b | dc38509c-b87d-4da0-bd92-6bec988bac4a +| DisplayText | Read and update your organization's security actions | Read and update your organization's security actions +| Description | Allows the app to read or update security actions, without a signed-in user. | Allows the app to read or update security actions, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityAlert.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 472e4a4d-bb4a-4026-98d1-0b0d74cb74a5 | bc257fb8-46b4-4b15-8713-01e91bfbe4ea +| DisplayText | Read all security alerts | Read all security alerts +| Description | Allows the app to read all security alerts, without a signed-in user. | Allows the app to read all security alerts, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityAlert.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ed4fca05-be46-441f-9803-1873825f8fdb | 471f2a7f-2a42-4d45-a2bf-594d0838070d +| DisplayText | Read and write to all security alerts | Read and write to all security alerts +| Description | Allows the app to read and write to all security alerts, without a signed-in user. | Allows the app to read and write to all security alerts, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityAnalyzedMessage.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b48f7ac2-044d-4281-b02f-75db744d6f5f | 53e6783e-b127-4a35-ab3a-6a52d80a9077 +| DisplayText | Read metadata and detection details for all emails in your organization | Read metadata and detection details for emails in your organization +| Description | Read email metadata and security detection details, without a signed-in user. | Read email metadata and security detection details on behalf of the signed in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityAnalyzedMessage.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 04c55753-2244-4c25-87fc-704ab82a4f69 | 48eb8c83-6e58-46e7-a6d3-8805822f5940 +| DisplayText | Read metadata, detection details, and execute remediation actions on all emails in your organization | Read metadata, detection details, and execute remediation actions on emails in your organization +| Description | Read email metadata and security detection details, and execute remediation actions like deleting an email, without a signed-in user. | Read email metadata, security detection details, and execute remediation actions like deleting an email, on behalf of the signed in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityEvents.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | bf394140-e372-4bf9-a898-299cfc7564e5 | 64733abd-851e-478a-bffb-e47a14b18235 +| DisplayText | Read your organization’s security events | Read your organization’s security events +| Description | Allows the app to read your organization’s security events without a signed-in user. | Allows the app to read your organization’s security events on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityEvents.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | d903a879-88e0-4c09-b0c9-82f6a1333f84 | 6aedf524-7e1c-45a7-bd76-ded8cab8d0fc +| DisplayText | Read and update your organization’s security events | Read and update your organization’s security events +| Description | Allows the app to read your organization’s security events without a signed-in user. Also allows the app to update editable properties in security events. | Allows the app to read your organization’s security events on behalf of the signed-in user. Also allows the app to update editable properties in security events on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityIncident.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 45cc0394-e837-488b-a098-1918f48d186c | b9abcc4f-94fc-4457-9141-d20ce80ec952 +| DisplayText | Read all security incidents | Read incidents +| Description | Allows the app to read all security incidents, without a signed-in user. | Allows the app to read security incidents, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SecurityIncident.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 34bf0e97-1971-4929-b999-9e2442d941d7 | 128ca929-1a19-45e6-a3b8-435ec44a36ba +| DisplayText | Read and write to all security incidents | Read and write to incidents +| Description | Allows the app to read and write to all security incidents, without a signed-in user. | Allows the app to read and write security incidents, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ServiceHealth.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 79c261e0-fe76-4144-aad5-bdc68fbe4037 | 55896846-df78-47a7-aa94-8d3d4442ca7f +| DisplayText | Read service health | Read service health +| Description | Allows the app to read your tenant's service health information, without a signed-in user. Health information may include service issues or service health overviews. | Allows the app to read your tenant's service health information on behalf of the signed-in user. Health information may include service issues or service health overviews. +| AdminConsentRequired | Yes | Yes + +--- + +### ServiceMessage.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1b620472-6534-4fe6-9df2-4680e8aa28ec | eda39fa6-f8cf-4c3c-a909-432c683e4c9b +| DisplayText | Read service messages | Read service announcement messages +| Description | Allows the app to read your tenant's service announcement messages, without a signed-in user. Messages may include information about new or changed features. | Allows the app to read your tenant's service announcement messages on behalf of the signed-in user. Messages may include information about new or changed features. +| AdminConsentRequired | Yes | Yes + +--- + +### ServiceMessageViewpoint.Write + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 636e1b0b-1cc2-4b1c-9aa9-4eeed9b9761b +| DisplayText | - | Update user status on service announcement messages +| Description | - | Allows the app to update service announcement messages' user status on behalf of the signed-in user. The message status can be marked as read, archive, or favorite. +| AdminConsentRequired | - | Yes + +--- + +### ServicePrincipalEndpoint.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5256681e-b7f6-40c0-8447-2d9db68797a0 | 9f9ce928-e038-4e3b-8faf-7b59049a8ddc +| DisplayText | Read service principal endpoints | Read service principal endpoints +| Description | Allows the app to read service principal endpoints | Allows the app to read service principal endpoints +| AdminConsentRequired | Yes | Yes + +--- + +### ServicePrincipalEndpoint.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 89c8469c-83ad-45f7-8ff2-6e3d4285709e | 7297d82c-9546-4aed-91df-3d4f0a9b3ff0 +| DisplayText | Read and update service principal endpoints | Read and update service principal endpoints +| Description | Allows the app to update service principal endpoints | Allows the app to update service principal endpoints +| AdminConsentRequired | Yes | Yes + +--- + +### SharePointTenantSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 83d4163d-a2d8-4d3b-9695-4ae3ca98f888 | 2ef70e10-5bfd-4ede-a5f6-67720500b258 +| DisplayText | Read SharePoint and OneDrive tenant settings | Read SharePoint and OneDrive tenant settings +| Description | Allows the application to read the tenant-level settings of SharePoint and OneDrive, without a signed-in user. | Allows the application to read the tenant-level settings in SharePoint and OneDrive on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SharePointTenantSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 19b94e34-907c-4f43-bde9-38b1909ed408 | aa07f155-3612-49b8-a147-6c590df35536 +| DisplayText | Read and change SharePoint and OneDrive tenant settings | Read and change SharePoint and OneDrive tenant settings +| Description | Allows the application to read and change the tenant-level settings of SharePoint and OneDrive, without a signed-in user. | Allows the application to read and change the tenant-level settings of SharePoint and OneDrive on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ShortNotes.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 50f66e47-eb56-45b7-aaa2-75057d9afe08 +| DisplayText | - | Read short notes of the signed-in user +| Description | - | Allows the app to read all the short notes a sign-in user has access to. +| AdminConsentRequired | - | No + +--- + +### ShortNotes.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0c7d31ec-31ca-4f58-b6ec-9950b6b0de69 | - +| DisplayText | Read all users' short notes | - +| Description | Allows the app to read all the short notes without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### ShortNotes.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 328438b7-4c01-4c07-a840-e625a749bb89 +| DisplayText | - | Read, create, edit, and delete short notes of the signed-in user +| Description | - | Allows the app to read, create, edit, and delete short notes of a signed-in user. +| AdminConsentRequired | - | No + +--- + +### ShortNotes.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 842c284c-763d-4a97-838d-79787d129bab | - +| DisplayText | Read, create, edit, and delete all users' short notes | - +| Description | Allows the app to read, create, edit, and delete all the short notes without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### Sites.FullControl.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a82116e5-55eb-4c41-a434-62fe8a61c773 | 5a54b8b3-347c-476d-8f8e-42d5c7424d29 +| DisplayText | Have full control of all site collections | Have full control of all site collections +| Description | Allows the app to have full control of all site collections without a signed in user. | Allows the application to have full control of all site collections on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Sites.Manage.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0c0bf378-bf22-4481-8f81-9e89a9b4960a | 65e50fdc-43b7-4915-933e-e8138f11f40a +| DisplayText | Create, edit, and delete items and lists in all site collections | Create, edit, and delete items and lists in all site collections +| Description | Allows the app to create or delete document libraries and lists in all site collections without a signed in user. | Allows the application to create or delete document libraries and lists in all site collections on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### Sites.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 332a536c-c7ef-4017-ab91-336970924f0d | 205e70e5-aba6-4c52-a976-6d2d46c48043 +| DisplayText | Read items in all site collections | Read items in all site collections +| Description | Allows the app to read documents and list items in all site collections without a signed in user. | Allows the application to read documents and list items in all site collections on behalf of the signed-in user +| AdminConsentRequired | Yes | No + +--- + +### Sites.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9492366f-7969-46a4-8d15-ed1a20078fff | 89fe6a52-be36-487e-b7d8-d061c450a026 +| DisplayText | Read and write items in all site collections | Edit or delete items in all site collections +| Description | Allows the app to create, read, update, and delete documents and list items in all site collections without a signed in user. | Allows the application to edit or delete documents and list items in all site collections on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### Sites.Selected + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 883ea226-0bf2-4a8f-9f9d-92c9162a727d | - +| DisplayText | Access selected site collections | - +| Description | Allow the application to access a subset of site collections without a signed in user.  The specific site collections and the permissions granted will be configured in SharePoint Online. | - +| AdminConsentRequired | Yes | - + +--- + +### SMTP.Send + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 258f6531-6087-4cc4-bb90-092c5fb3ed3f +| DisplayText | - | Send emails from mailboxes using SMTP AUTH. +| Description | - | Allows the app to be able to send emails from the user’s mailbox using the SMTP AUTH client submission protocol. +| AdminConsentRequired | - | No + +--- + +### SubjectRightsRequest.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ee1460f0-368b-4153-870a-4e1ca7e72c42 | 9c3af74c-fd0f-4db4-b17a-71939e2a9d77 +| DisplayText | Read all subject rights requests | Read subject rights requests +| Description | Allows the app to read subject rights requests without a signed-in user. | Allows the app to read subject rights requests on behalf of the signed-in user +| AdminConsentRequired | Yes | Yes + +--- + +### SubjectRightsRequest.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8387eaa4-1a3c-41f5-b261-f888138e6041 | 2b8fcc74-bce1-4ae3-a0e8-60c53739299d +| DisplayText | Read and write all subject rights requests | Read and write subject rights requests +| Description | Allows the app to read and write subject rights requests without a signed in user. | Allows the app to read and write subject rights requests on behalf of the signed-in user +| AdminConsentRequired | Yes | Yes + +--- + +### Subscription.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5f88184c-80bb-4d52-9ff2-757288b2e9b7 +| DisplayText | - | Read all webhook subscriptions +| Description | - | Allows the app to read all webhook subscriptions on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### Synchronization.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5ba43d2f-fa88-4db2-bd1c-a67c5f0fb1ce | 7aa02aeb-824f-4fbe-a3f7-611f751f5b55 +| DisplayText | Read all Azure AD synchronization data. | Read all Azure AD synchronization data +| Description | Allows the application to read Azure AD synchronization information, without a signed-in user. | Allows the app to read Azure AD synchronization information, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Synchronization.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9b50c33d-700f-43b1-b2eb-87e89b703581 | 7bb27fa3-ea8f-4d67-a916-87715b6188bd +| DisplayText | Read and write all Azure AD synchronization data. | Read and write all Azure AD synchronization data +| Description | Allows the application to configure the Azure AD synchronization service, without a signed-in user. | Allows the app to configure the Azure AD synchronization service, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### SynchronizationData-User.Upload + +| Category | Application | Delegated | +|--|--|--| +| Identifier | db31e92a-b9ea-4d87-bf6a-75a37a9ca35a | 1a2e7420-4e92-4d2b-94cb-fb2952e9ddf7 +| DisplayText | Upload user data to the identity synchronization service | Upload user data to the identity synchronization service +| Description | Allows the application to upload bulk user data to the identity synchronization service, without a signed-in user. | Allows the app to upload bulk user data to the identity synchronization service, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### Tasks.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f45671fb-e0fe-4b4b-be20-3d3ce43f1bcb +| DisplayText | - | Read user's tasks and task lists +| Description | - | Allows the app to read the signed-in user’s tasks and task lists, including any shared with the user. Doesn't include permission to create, delete, or update anything. +| AdminConsentRequired | - | No + +--- + +### Tasks.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | f10e1f91-74ed-437f-a6fd-d6ae88e26c1f | - +| DisplayText | Read all users’ tasks and tasklist | - +| Description | Allows the app to read all users’ tasks and task lists in your organization, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### Tasks.Read.Shared + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 88d21fd4-8e5a-4c32-b5e2-4a1c95f34f72 +| DisplayText | - | Read user and shared tasks +| Description | - | Allows the app to read tasks a user has permissions to access, including their own and shared tasks. +| AdminConsentRequired | - | No + +--- + +### Tasks.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2219042f-cab5-40cc-b0d2-16b1540b4c5f +| DisplayText | - | Create, read, update, and delete user’s tasks and task lists +| Description | - | Allows the app to create, read, update, and delete the signed-in user's tasks and task lists, including any shared with the user. +| AdminConsentRequired | - | No + +--- + +### Tasks.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 44e666d1-d276-445b-a5fc-8815eeb81d55 | - +| DisplayText | Read and write all users’ tasks and tasklists | - +| Description | Allows the app to create, read, update and delete all users’ tasks and task lists in your organization, without a signed-in user | - +| AdminConsentRequired | Yes | - + +--- + +### Tasks.ReadWrite.Shared + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c5ddf11b-c114-4886-8558-8a4e557cd52b +| DisplayText | - | Read and write user and shared tasks +| Description | - | Allows the app to create, read, update, and delete tasks a user has permissions to, including their own and shared tasks. +| AdminConsentRequired | - | No + +--- + +### Team.Create + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 23fc2474-f741-46ce-8465-674744c5c361 | 7825d5d6-6049-4ce7-bdf6-3b8d53f4bcd0 +| DisplayText | Create teams | Create teams +| Description | Allows the app to create teams without a signed-in user.  | Allows the app to create teams on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### Team.ReadBasic.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 2280dda6-0bfd-44ee-a2f4-cb867cfc4c1e | 485be79e-c497-4b35-9400-0e3fa7f2a5d4 +| DisplayText | Get a list of all teams | Read the names and descriptions of teams +| Description | Get a list of all teams, without a signed-in user. | Read the names and descriptions of teams, on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### TeamMember.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 660b7406-55f1-41ca-a0ed-0b035e182f3e | 2497278c-d82d-46a2-b1ce-39d4cdde5570 +| DisplayText | Read the members of all teams | Read the members of teams +| Description | Read the members of all teams, without a signed-in user. | Read the members of teams, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamMember.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0121dc95-1b9f-4aed-8bac-58c5ac466691 | 4a06efd2-f825-4e34-813e-82a57b03d1ee +| DisplayText | Add and remove members from all teams | Add and remove members from teams +| Description | Add and remove members from all teams, without a signed-in user. Also allows changing a team member's role, for example from owner to non-owner. | Add and remove members from teams, on behalf of the signed-in user. Also allows changing a member's role, for example from owner to non-owner. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamMember.ReadWriteNonOwnerRole.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4437522e-9a86-4a41-a7da-e380edd4a97d | 2104a4db-3a2f-4ea0-9dba-143d457dc666 +| DisplayText | Add and remove members with non-owner role for all teams | Add and remove members with non-owner role for all teams +| Description | Add and remove members from all teams, without a signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role. | Add and remove members from all teams, on behalf of the signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamsActivity.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0e755559-83fb-4b44-91d0-4cc721b9323e +| DisplayText | - | Read user's teamwork activity feed +| Description | - | Allows the app to read the signed-in user's teamwork activity feed. +| AdminConsentRequired | - | No + +--- + +### TeamsActivity.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 70dec828-f620-4914-aa83-a29117306807 | - +| DisplayText | Read all users' teamwork activity feed | - +| Description | Allows the app to read all users' teamwork activity feed, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsActivity.Send + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a267235f-af13-44dc-8385-c1dc93023186 | 7ab1d787-bae7-4d5d-8db6-37ea32df9186 +| DisplayText | Send a teamwork activity to any user | Send a teamwork activity as the user +| Description | Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies. | Allows the app to create new notifications in users' teamwork activity feeds on behalf of the signed in user. These notifications may not be discoverable or be held or governed by compliance policies. +| AdminConsentRequired | Yes | No + +--- + +### TeamsAppInstallation.ReadForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | bf3fbf03-f35f-4e93-963e-47e4d874c37a +| DisplayText | - | Read installed Teams apps in chats +| Description | - | Allows the app to read the Teams apps that are installed in chats the signed-in user can access. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | No + +--- + +### TeamsAppInstallation.ReadForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | cc7e7635-2586-41d6-adaa-a8d3bcad5ee5 | - +| DisplayText | Read installed Teams apps for all chats | - +| Description | Allows the app to read the Teams apps that are installed in any chat, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 5248dcb1-f83b-4ec3-9f4d-a4428a961a72 +| DisplayText | - | Read installed Teams apps in teams +| Description | - | Allows the app to read the Teams apps that are installed in teams the signed-in user can access. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1f615aea-6bf9-4b05-84bd-46388e138537 | - +| DisplayText | Read installed Teams apps for all teams | - +| Description | Allows the app to read the Teams apps that are installed in any team, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c395395c-ff9a-4dba-bc1f-8372ba9dca84 +| DisplayText | - | Read user's installed Teams apps +| Description | - | Allows the app to read the Teams apps that are installed for the signed-in user. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | No + +--- + +### TeamsAppInstallation.ReadForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9ce09611-f4f7-4abd-a629-a05450422a97 | - +| DisplayText | Read installed Teams apps for all users | - +| Description | Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | e1408a66-8f82-451b-a2f3-3c3e38f7413f +| DisplayText | - | Manage installed Teams apps in chats +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. Gives the ability to manage permission grants for accessing those specific chats' data. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6e74eff9-4a21-45d6-bc03-3a20f61f8281 | - +| DisplayText | Manage installation and permission grants of Teams apps for all chats | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. Gives the ability to manage permission grants for accessing those specific chats' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 946349d5-2a9d-4535-abc0-7beeacaedd1d +| DisplayText | - | Manage installed Teams apps in teams +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. Gives the ability to manage permission grants for accessing those specific teams' data. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b0c13be0-8e20-4bc5-8c55-963c23a39ce9 | - +| DisplayText | Manage installation and permission grants of Teams apps for all teams | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Gives the ability to manage permission grants for accessing those specific teams' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2da62c49-dfbd-40df-ba16-fef3529d391c +| DisplayText | - | Manage installation and permission grants of Teams apps in users' personal scope +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in user accounts, on behalf of the signed-in user. Gives the ability to manage permission grants for accessing those specific users' data. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 32ca478f-f89e-41d0-aaf8-101deb7da510 | - +| DisplayText | Manage installation and permission grants of Teams apps in a user account | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any user account, without a signed-in user. Gives the ability to manage permission grants for accessing those specific users' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | a0e0e18b-8fb2-458f-8130-da2d7cab9c75 +| DisplayText | - | Allow the Teams app to manage itself and its permission grants in chats +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself in chats the signed-in user can access, and manage its permission grants for accessing those specific chats' data. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ba1ba90b-2d8f-487e-9f16-80728d85bb5c | - +| DisplayText | Allow the Teams app to manage itself and its permission grants for all chats | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself for any chat, without a signed-in user, and manage its permission grants for accessing those specific chats' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 4a6bbf29-a0e1-4a4d-a7d1-cef17f772975 +| DisplayText | - | Allow the Teams app to manage itself and its permission grants in teams +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself in teams the signed-in user can access, and manage its permission grants for accessing those specific teams' data. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1e4be56c-312e-42b8-a2c9-009600d732c0 | - +| DisplayText | Allow the Teams app to manage itself and its permission grants for all teams | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself for any team, without a signed-in user, and manage its permission grants for accessing those specific teams' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 7a349935-c54d-44ab-ab66-1b460d315be7 +| DisplayText | - | Allow the Teams app to manage itself and its permission grants in user accounts +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself in user accounts, and manage its permission grants for accessing those specific users' data, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteAndConsentSelfForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a87076cf-6abd-4e56-8559-4dbdf41bef96 | - +| DisplayText | Allow the Teams app to manage itself and its permission grants in all user accounts | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself for any user account, without a signed-in user, and manage its permission grants for accessing those specific users' data. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | aa85bf13-d771-4d5d-a9e6-bca04ce44edf +| DisplayText | - | Manage installed Teams apps in chats +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9e19bae1-2623-4c4f-ab6e-2664615ff9a0 | - +| DisplayText | Manage Teams apps for all chats | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2e25a044-2580-450d-8859-42eeb6e996c0 +| DisplayText | - | Manage installed Teams apps in teams +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 5dad17ba-f6cc-4954-a5a2-a0dcc95154f0 | - +| DisplayText | Manage Teams apps for all teams | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 093f8818-d05f-49b8-95bc-9d2a73e9a43c +| DisplayText | - | Manage user's installed Teams apps +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps installed for the signed-in user. Does not give the ability to read application-specific settings. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 74ef0291-ca83-4d02-8c7e-d2391e6a444f | - +| DisplayText | Manage Teams apps for all users | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read application-specific settings. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteSelfForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0ce33576-30e8-43b7-99e5-62f8569a4002 +| DisplayText | - | Allow the Teams app to manage itself in chats +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself in chats the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteSelfForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 73a45059-f39c-4baf-9182-4954ac0e55cf | - +| DisplayText | Allow the Teams app to manage itself for all chats | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself for any chat, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteSelfForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0f4595f7-64b1-4e13-81bc-11a249df07a9 +| DisplayText | - | Allow the app to manage itself in teams +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself to teams the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsAppInstallation.ReadWriteSelfForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9f67436c-5415-4e7f-8ac1-3014a7132630 | - +| DisplayText | Allow the Teams app to manage itself for all teams | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself in any team, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsAppInstallation.ReadWriteSelfForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 207e0cb1-3ce7-4922-b991-5a760c346ebc +| DisplayText | - | Allow the Teams app to manage itself for a user +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall itself for the signed-in user. +| AdminConsentRequired | - | No + +--- + +### TeamsAppInstallation.ReadWriteSelfForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 908de74d-f8b2-4d6b-a9ed-2a17b3b78179 | - +| DisplayText | Allow the app to manage itself for all users | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall itself to any user, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 242607bd-1d2c-432c-82eb-bdb27baa23ab | 48638b3c-ad68-4383-8ac4-e6880ee6ca57 +| DisplayText | Read all teams' settings | Read teams' settings +| Description | Read all team's settings, without a signed-in user. | Read all teams' settings, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | bdd80a03-d9bc-451d-b7c4-ce7c63fe3c8f | 39d65650-9d3e-4223-80db-a335590d027e +| DisplayText | Read and change all teams' settings | Read and change teams' settings +| Description | Read and change all teams' settings, without a signed-in user. | Read and change all teams' settings, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamsTab.Create + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 49981c42-fd7b-4530-be03-e77b21aed25e | a9ff19c2-f369-4a95-9a25-ba9d460efc8e +| DisplayText | Create tabs in Microsoft Teams. | Create tabs in Microsoft Teams. +| Description | Allows the app to create tabs in any team in Microsoft Teams, without a signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamsTab.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 46890524-499a-4bb2-ad64-1476b4f3e1cf | 59dacb05-e88d-4c13-a684-59f1afc8cc98 +| DisplayText | Read tabs in Microsoft Teams. | Read tabs in Microsoft Teams. +| Description | Read the names and settings of tabs inside any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Read the names and settings of tabs inside any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamsTab.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a96d855f-016b-47d7-b51c-1218a98d791c | b98bfd41-87c6-45cc-b104-e2de4f0dafb9 +| DisplayText | Read and write tabs in Microsoft Teams. | Read and write tabs in Microsoft Teams. +| Description | Read and write tabs in any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Read and write tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamsTab.ReadWriteForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | ee928332-e9c2-4747-b4a0-f8c164b68de6 +| DisplayText | - | Allow the Teams app to manage all tabs in chats +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall all tabs in chats the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsTab.ReadWriteForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | fd9ce730-a250-40dc-bd44-8dc8d20f39ea | - +| DisplayText | Allow the Teams app to manage all tabs for all chats | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall all tabs for any chat, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsTab.ReadWriteForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c975dd04-a06e-4fbb-9704-62daad77bb49 +| DisplayText | - | Allow the Teams app to manage all tabs in teams +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall all tabs to teams the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsTab.ReadWriteForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6163d4f4-fbf8-43da-a7b4-060fe85ed148 | - +| DisplayText | Allow the Teams app to manage all tabs for all teams | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall all tabs in any team, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsTab.ReadWriteForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | c37c9b61-7762-4bff-a156-afc0005847a0 +| DisplayText | - | Allow the Teams app to manage all tabs for a user +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall all tabs for the signed-in user. +| AdminConsentRequired | - | No + +--- + +### TeamsTab.ReadWriteForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 425b4b59-d5af-45c8-832f-bb0b7402348a | - +| DisplayText | Allow the app to manage all tabs for all users | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall all tabs for any user, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsTab.ReadWriteSelfForChat + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 0c219d04-3abf-47f7-912d-5cca239e90e6 +| DisplayText | - | Allow the Teams app to manage only its own tabs in chats +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall its own tabs in chats the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsTab.ReadWriteSelfForChat.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 9f62e4a2-a2d6-4350-b28b-d244728c4f86 | - +| DisplayText | Allow the Teams app to manage only its own tabs for all chats | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any chat, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsTab.ReadWriteSelfForTeam + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f266662f-120a-4314-b26a-99b08617c7ef +| DisplayText | - | Allow the Teams app to manage only its own tabs in teams +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall its own tabs to teams the signed-in user can access. +| AdminConsentRequired | - | Yes + +--- + +### TeamsTab.ReadWriteSelfForTeam.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 91c32b81-0ef0-453f-a5c7-4ce2e562f449 | - +| DisplayText | Allow the Teams app to manage only its own tabs for all teams | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall its own tabs in any team, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamsTab.ReadWriteSelfForUser + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 395dfec1-a0b9-465f-a783-8250a430cb8c +| DisplayText | - | Allow the Teams app to manage only its own tabs for a user +| Description | - | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for the signed-in user. +| AdminConsentRequired | - | No + +--- + +### TeamsTab.ReadWriteSelfForUser.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3c42dec6-49e8-4a0a-b469-36cff0d9da93 | - +| DisplayText | Allow the Teams app to manage only its own tabs for all users | - +| Description | Allows a Teams app to read, install, upgrade, and uninstall its own tabs for any user, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamTemplates.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | cd87405c-5792-4f15-92f7-debc0db6d1d6 +| DisplayText | - | Read available Teams templates +| Description | - | Allows the app to read the available Teams templates, on behalf of the signed-in user. +| AdminConsentRequired | - | No + +--- + +### TeamTemplates.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 6323133e-1f6e-46d4-9372-ac33a0870636 | - +| DisplayText | Read all available Teams Templates | - +| Description | Allows the app to read all available Teams Templates, without a signed-user. | - +| AdminConsentRequired | Yes | - + +--- + +### Teamwork.Migrate.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | dfb0dd15-61de-45b2-be36-d6a69fba3c79 | - +| DisplayText | Create chat and channel messages with anyone's identity and with any timestamp | - +| Description | Allows the app to create chat and channel messages, without a signed in user. The app specifies which user appears as the sender, and can backdate the message to appear as if it was sent long ago. The messages can be sent to any chat or channel in the organization. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamworkAppSettings.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 475ebe88-f071-4bd7-af2b-642952bd4986 | 44e060c4-bbdc-4256-a0b9-dcc0396db368 +| DisplayText | Read Teams app settings | Read Teams app settings +| Description | Allows the app to read the Teams app settings without a signed-in user. | Allows the app to read the Teams app settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | No + +--- + +### TeamworkAppSettings.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ab5b445e-8f10-45f4-9c79-dd3f8062cc4e | 87c556f0-2bd9-4eed-bd74-5dd8af6eaf7e +| DisplayText | Read and write Teams app settings | Read and write Teams app settings +| Description | Allows the app to read and write the Teams app settings without a signed-in user. | Allows the app to read and write the Teams app settings on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamworkDevice.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 0591bafd-7c1c-4c30-a2a5-2b9aacb1dfe8 | b659488b-9d28-4208-b2be-1c6652b3c970 +| DisplayText | Read Teams devices | Read Teams devices +| Description | Allow the app to read the management data for Teams devices, without a signed-in user. | Allow the app to read the management data for Teams devices on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamworkDevice.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 79c02f5b-bd4f-4713-bc2c-a8a4a66e127b | ddd97ecb-5c31-43db-a235-0ee20e635c40 +| DisplayText | Read and write Teams devices | Read and write Teams devices +| Description | Allow the app to read and write the management data for Teams devices, without a signed-in user. | Allow the app to read and write the management data for Teams devices on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### TeamworkTag.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 57587d0b-8399-45be-b207-8050cec54575 +| DisplayText | - | Read tags in Teams +| Description | - | Allows the app to read tags in Teams, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### TeamworkTag.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | b74fd6c4-4bde-488e-9695-eeb100e4907f | - +| DisplayText | Read tags in Teams | - +| Description | Allows the app to read tags in Teams without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TeamworkTag.ReadWrite + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 539dabd7-b5b6-4117-b164-d60cd15a8671 +| DisplayText | - | Read and write tags in Teams +| Description | - | Allows the app to read and write tags in Teams, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### TeamworkTag.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | a3371ca5-911d-46d6-901c-42c8c7a937d8 | - +| DisplayText | Read and write tags in Teams | - +| Description | Allows the app to read and write tags in Teams without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### TermStore.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | ea047cc2-df29-4f3e-83a3-205de61501ca | 297f747b-0005-475b-8fef-c890f5152b38 +| DisplayText | Read all term store data | Read term store data +| Description | Allows the app to read all term store data, without a signed-in user. This includes all sets, groups and terms in the term store. | Allows the app to read the term store data that the signed-in user has access to. This includes all sets, groups and terms in the term store. +| AdminConsentRequired | Yes | Yes + +--- + +### TermStore.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | f12eb8d6-28e3-46e6-b2c0-b7e4dc69fc95 | 6c37c71d-f50f-4bff-8fd3-8a41da390140 +| DisplayText | Read and write all term store data | Read and write term store data +| Description | Allows the app to read, edit or write all term store data, without a signed-in user. This includes all sets, groups and terms in the term store. | Allows the app to read or modify data that the signed-in user has access to. This includes all sets, groups and terms in the term store. +| AdminConsentRequired | Yes | Yes + +--- + +### ThreatAssessment.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | f8f035bb-2cce-47fb-8bf5-7baf3ecbee48 | - +| DisplayText | Read threat assessment requests | - +| Description | Allows an app to read your organization's threat assessment requests, without a signed-in user. | - +| AdminConsentRequired | Yes | - + +--- + +### ThreatAssessment.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | cac97e40-6730-457d-ad8d-4852fddab7ad +| DisplayText | - | Read and write threat assessment requests +| Description | - | Allows an app to read your organization's threat assessment requests on behalf of the signed-in user. Also allows the app to create new requests to assess threats received by your organization on behalf of the signed-in user. +| AdminConsentRequired | - | Yes + +--- + +### ThreatHunting.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | dd98c7f5-2d42-42d3-a0e4-633161547251 | b152eca8-ea73-4a48-8c98-1a6742673d99 +| DisplayText | Run hunting queries | Run hunting queries +| Description | Allows the app to run hunting queries, without a signed-in user. | Allows the app to run hunting queries, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ThreatIndicators.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 197ee4e9-b993-4066-898f-d6aecc55125b | 9cc427b4-2004-41c5-aa22-757b755e9796 +| DisplayText | Read all threat indicators | Read all threat indicators +| Description | Allows the app to read all the indicators for your organization, without a signed-in user. | Allows the app to read all the indicators for your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ThreatIndicators.ReadWrite.OwnedBy + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 21792b6c-c986-4ffc-85de-df9da54b52fa | 91e7d36d-022a-490f-a748-f8e011357b42 +| DisplayText | Manage threat indicators this app creates or owns | Manage threat indicators this app creates or owns +| Description | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user.  It cannot update any threat indicators it does not own. | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), on behalf of the signed-in user.  It cannot update any threat indicators it does not own. +| AdminConsentRequired | Yes | Yes + +--- + +### ThreatIntelligence.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | e0b77adb-e790-44a3-b0a0-257d06303687 | f266d9c0-ccb9-4fb8-a228-01ac0d8d6627 +| DisplayText | Read all Threat Intelligence Information | Read all threat intelligence information +| Description | Allows the app to read threat intellgence information, such as indicators, observations, and and articles, without a signed in user. | Allows the app to read threat intelligence information, such as indicators, observations, and articles, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- + +### ThreatSubmission.Read + +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | fd5353c6-26dd-449f-a565-c4e16b9fce78 +| DisplayText | - | Read threat submissions +| Description | - | Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. +| AdminConsentRequired | - | No --- -## Trusted certificate authority configuration permissions +### ThreatSubmission.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 86632667-cd15-4845-ad89-48a88e8412e1 | 7083913a-4966-44b6-9886-c5822a5fd910 +| DisplayText | Read all of the organization's threat submissions | Read all threat submissions +| Description | Allows the app to read your organization's threat submissions and to view threat submission policies without a signed-in user. | Allows the app to read your organization's threat submissions and threat submission policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes + +--- -#### Delegated permissions +### ThreatSubmission.ReadWrite -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_AppCertTrustConfiguration.Read.All_| Read all trusted certificate authorities| Allows the app to read configuration of trusted certificate authorities for applications on behalf of the signed-in user. | Yes | Yes | -|_AppCertTrustConfiguration.ReadWrite.All_| Manage all trusted certificate authorities| Allows the app to read and write configuration of trusted certificate authorities for applications on behalf of the signed-in user. | Yes | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 68a3156e-46c9-443c-b85c-921397f082b5 +| DisplayText | - | Read and write threat submissions +| Description | - | Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. Also allows the app to create new threat submissions on behalf of the signed-in user. +| AdminConsentRequired | - | No -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -|_AppCertTrustConfiguration.Read.All_| Read all trusted certificate authorities| Allows the app to read configuration of trusted certificate authorities for applications, without a signed-in user. | Yes | Yes | -|_AppCertTrustConfiguration.ReadWrite.All_| Manage all trusted certificate authorities| Allows the app to read and write configuration of trusted certificate authorities for applications, without a signed-in user. | Yes | Yes | +### ThreatSubmission.ReadWrite.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | d72bdbf4-a59b-405c-8b04-5995895819ac | 8458e264-4eb9-4922-abe9-768d58f13c7f +| DisplayText | Read and write all of the organization's threat submissions | Read and write all threat submissions +| Description | Allows the app to read your organization's threat submissions and threat submission policies without a signed-in user. Also allows the app to create new threat submissions without a signed-in user. | Allows the app to read your organization's threat submissions and threat submission policies on behalf of the signed-in user. Also allows the app to create new threat submissions on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## Universal Print permissions +### ThreatSubmissionPolicy.ReadWrite.All -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | 926a6798-b100-4a20-a22f-a4918f13951d | 059e5840-5353-4c68-b1da-666a033fc5e8 +| DisplayText | Read and write all of the organization's threat submission policies | Read and write all threat submission policies +| Description | Allows the app to read your organization's threat submission policies without a signed-in user. Also allows the app to create new threat submission polices without a signed-in user. | Allows the app to read your organization's threat submission policies on behalf of the signed-in user. Also allows the app to create new threat submission policies on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _Printer.Create_ | Register printers | Allows the application to create (register) printers on behalf of the signed-in user. | Yes | No | -| _Printer.FullControl.All_ | Register, read, update, and unregister printers | Allows the application to create (register), read, update, and delete (unregister) printers on behalf of the signed-in user. | Yes | No | -| _Printer.Read.All_ | Read printers | Allows the application to read printers on behalf of the signed-in user. | Yes | No | -| _Printer.ReadWrite.All_ | Read and update printers | Allows the application to read and update printers on behalf of the signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. | Yes | No | -| _PrinterShare.ReadBasic.All_ | Read basic information about printer shares | Allows the application to read basic information about printer shares on behalf of the signed-in user. Does not allow reading access control information. | No | No | -| _PrinterShare.Read.All_ | Read printer shares | Allows the application to read printer shares on behalf of the signed-in user. | No | No | -| _PrinterShare.ReadWrite.All_ | Read and write printer shares | Allows the application to read and update printer shares on behalf of the signed-in user. | Yes | No | -| _PrintJob.Create_ | Create print jobs | Allows the application to create print jobs on behalf of the signed-in user and upload document content to print jobs that the signed-in user created. | No | No | -| _PrintJob.Read_ | Read user's print jobs | Allows the application to read the metadata and document content of print jobs that the signed-in user created. | No | No | -| _PrintJob.Read.All_ | Read print jobs | Allows the application to read the metadata and document content of print jobs on behalf of the signed-in user. | Yes | No | -| _PrintJob.ReadBasic_ | Read basic information of user's print jobs | Allows the application to read the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. | No | No | -| _PrintJob.ReadBasic.All_ | Read basic information of print jobs | Allows the application to read the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. | Yes | No | -| _PrintJob.ReadWrite_ | Read and write user's print jobs | Allows the application to read and update the metadata and document content of print jobs that the signed-in user created. | No | No | -| _PrintJob.ReadWrite.All_ | Read and write print jobs | Allows the application to read and update the metadata and document content of print jobs on behalf of the signed-in user. | Yes | No | -| _PrintJob.ReadWriteBasic_ | Read and write basic information of user's print jobs | Allows the application to read and update the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. | No | No | -| _PrintJob.ReadWriteBasic.All_ | Read and write basic information of print jobs | Allows the application to read and update the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. | Yes | No | -| _PrintConnector.Read.All_ | Read connectors | Allows the application to read connectors on behalf of the signed-in user. | Yes | No | -| _PrintConnector.ReadWrite.All_ | Read and write print connectors | Allows the application to read and write print connectors on behalf of the signed-in user. | Yes | No | -| _PrintSettings.Read.All_ | Read tenant-wide print settings | Allows the application to read print settings on behalf of the signed-in user. | Yes | No | -| _PrintSettings.ReadWrite.All_ | Read and write tenant-wide print settings | Allows the application to read and update print settings on behalf of the signed-in user. | Yes | No | +--- -#### Application permissions +### TrustFrameworkKeySet.Read.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _Printer.Read.All_ | Read printers | Allows the application to read printers without a signed-in user. | Yes | -| _Printer.ReadWrite.All_ | Read and update printers | Allows the application to read and update printers without a signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. | Yes | -| _PrintJob.Manage.All_ | Perform advanced operations on print jobs | Allows the application to perform advanced operations like redirecting a print job to another printer without a signed-in user. Also allows the application to read and update the metadata of print jobs. | Yes | -| _PrintJob.Read.All_ | Read print jobs | Allows the application to read the metadata and document content of print jobs without a signed-in user. | Yes | -| _PrintJob.ReadBasic.All_ | Read basic information for print jobs | Allows the application to read the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Yes | -| _PrintJob.ReadWrite.All_ | Read and write print jobs | Allows the application to read and update the metadata and document content of print jobs without a signed-in user. | Yes | -| _PrintJob.ReadWriteBasic.All_ | Read and write basic information for print jobs | Allows the application to read and update the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Yes | -| _PrintTaskDefinition.ReadWrite.All_ | Read, write and update print task definitions | Allows the application to read and update print task definitions without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | fff194f1-7dce-4428-8301-1badb5518201 | 7ad34336-f5b1-44ce-8682-31d7dfcd9ab9 +| DisplayText | Read trust framework key sets | Read trust framework key sets +| Description | Allows the app to read trust framework key set properties without a signed-in user. | Allows the app to read trust framework key set properties on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -* To use the Universal Print service, the user or app's tenant must have an active Universal Print subscription in addition to the permissions listed earlier. +### TrustFrameworkKeySet.ReadWrite.All -* Some permissions distinguish between print job metadata and payload. Metadata describes the configuration of a print job (its name and document configuration, such as whether it should be stapled or printed in color). Payload is the document data itself (the PDF or XPS file to be printed.) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4a771c9a-1cf2-4609-b88e-3d3e02d539cd | 39244520-1e7d-4b4a-aee0-57c65826e427 +| DisplayText | Read and write trust framework key sets | Read and write trust framework key sets +| Description | Allows the app to read and write trust framework key set properties without a signed-in user. | Allows the app to read and write trust framework key set properties on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* All PrintJob.* permissions also require at least Printer.Read.All (or a more prviliged permission) because print jobs are stored within printers. +--- -### Example usage +### UnifiedGroupMember.Read.AsGuest -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 73e75199-7c3e-41bb-9357-167164dbb415 +| DisplayText | - | Read unified group memberships as guest +| Description | - | Allows the app to read basic unified group properties, memberships and owners of the group the signed-in guest is a member of. +| AdminConsentRequired | - | Yes -* _Printer.Read.All_: Get a list of all printers in the tenant (`GET /print/printers`) -* _PrintJob.Read.All_: Get a list of all print jobs queued to a Printer (`GET /print/printers/{id}/jobs`) -* _Printer.FullControl.All_: Delete (unregister) a printer (`DELETE /print/printers/{id}`) -* _PrintJob.ReadWriteBasic.All_: Update metadata (such as current status) of print jobs (`PATCH /print/printers/{id}/jobs/{id}`) -* _PrintJob.ReadWrite.All_: Create print jobs and upload document data to them (`POST /print/printers/{id}/jobs`) +--- -#### Application +### User.EnableDisableAccount.All -* _Printer.Read.All_: Get a list of all printers in the tenant (`GET /print/printers`) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 3011c876-62b7-4ada-afa2-506cbbecc68c | f92e74e7-2563-467f-9dd0-902688cb5863 +| DisplayText | Enable and disable user accounts | Enable and disable user accounts +| Description | Allows the app to enable and disable users' accounts, without a signed-in user. | Allows the app to enable and disable users' accounts, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes --- -## User permissions +### User.Export.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 405a51b5-8d8d-430b-9842-8be4b0e9f324 | 405a51b5-8d8d-430b-9842-8be4b0e9f324 +| DisplayText | Export user's data | Export user's data +| Description | Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator). | Allows the app to export data (e.g. customer content or system-generated logs), associated with any user in your company, when the app is used by a privileged user (e.g. a Company Administrator). +| AdminConsentRequired | Yes | Yes + +--- -#### Delegated permissions +### User.Invite.All -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:----------------|:------------------|:-------------|:-----------------------|:--------------| -| _User.Read_ | Sign-in and read user profile | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users.| No | Yes | -| _User.ReadWrite_ | Read and write access to user profile | Allows the app to read the signed-in user's full profile. It also allows the app to update the signed-in user's profile information on their behalf. | No | Yes | -| _User.ReadBasic.All_ | Read all users' basic profiles | Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address, open extensions and photo. Also allows the app to read the full profile of the signed-in user. | No | No | -| _User.Read.All_ | Read all users' full profiles | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. | Yes | No | -| _User.ReadWrite.All_ | Read and write all users' full profiles | Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. Also allows the app to create and delete users as well as reset user passwords on behalf of the signed-in user. | Yes | No | -| _User.Invite.All_ | Invite guest users to the organization | Allows the app to invite guest users to your organization, on behalf of the signed-in user. | Yes | No | -| _User.EnableDisableAccount.All_ | Enable and disable user accounts | Allows the app to enable and disable users' accounts, on behalf of the signed-in user.| Yes | No | -| _User.Export.All_ | Export users' data | Allows the app to export an organizational user's data, when performed by a Company Administrator.| Yes | No | -| _User.ManageIdentities.All_ | Manage user identities | Allows an application to read, update and delete identities that are associated with a user's account, that the signed-in user has access to. This controls which identities your users can sign-in with. | Yes | No | -| _User-LifeCycleInfo.Read.All_ | Read all users' lifecycle information | Allows the app to read the lifecycle information like employeeLeaveDateTime of users in your organization, on behalf of the signed-in user. | Yes | No | -| _User-LifeCycleInfo.ReadWrite.All_ | Read and write all users' lifecycle information | Allows the app to read and write the lifecycle information like employeeLeaveDateTime of users in your organization, on behalf of the signed-in user. | Yes | No | +| Category | Application | Delegated | +|--|--|--| +| Identifier | 09850681-111b-4a89-9bed-3f2cae46d706 | 63dd7cd9-b489-4adf-a28c-ac38b9a0f962 +| DisplayText | Invite guest users to the organization | Invite guest users to the organization +| Description | Allows the app to invite guest users to the organization, without a signed-in user. | Allows the app to invite guest users to the organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes +--- -#### Application permissions +### User.ManageIdentities.All -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -| _User.Read.All_ | Read all users' full profiles | Allows the app to read the full set of profile properties, group membership, reports and managers of other users in your organization, without a signed-in user.| Yes | -| _User.ReadWrite.All_ | Read and write all users' full profiles | Allows the app to read and write the full set of profile properties, group membership, reports and managers of other users in your organization, without a signed-in user. Also allows the app to create and delete non-administrative users. Does not allow reset of user passwords. | Yes | -| _User.Invite.All_ | Invite guest users to the organization | Allows the app to invite guest users to your organization, without a signed-in user. | Yes | -| _User.EnableDisableAccount.All_ | Enable and disable user accounts | Allows the app to enable and disable users' accounts, without a signed-in user.| Yes | -| _User.Export.All_ | Export users' data | Allows the app to export organizational users' data, without a signed-in user.| Yes | -| _User.ManageIdentities.All_ | Manage all user identities | Allows an application to read, update and delete identities that are associated with a user's account, without a signed in user. This controls which identities users can sign-in with. | Yes | -| _User-LifeCycleInfo.Read.All_ | Read all users' lifecycle information | Allows the app to read the lifecycle information like employeeLeaveDateTime of users in your organization, without a signed-in user. | Yes | -| _User-LifeCycleInfo.ReadWrite.All_ | Read and write all users' lifecycle information | Allows the app to read and write the lifecycle information like employeeLeaveDateTime of users in your organization, without a signed-in user. | Yes | +| Category | Application | Delegated | +|--|--|--| +| Identifier | c529cfca-c91b-489c-af2b-d92990b66ce6 | 637d7bec-b31e-4deb-acc9-24275642a2c9 +| DisplayText | Manage all users' identities | Manage user identities +| Description | Allows the app to read, update and delete identities that are associated with a user's account, without a signed in user. This controls the identities users can sign-in with. | Allows the app to read, update and delete identities that are associated with a user's account that the signed-in user has access to. This controls the identities users can sign-in with. +| AdminConsentRequired | Yes | Yes -### Remarks +--- -With the _User.Read_ permission, an app can also read the basic company information of the signed-in user for a work or school account through the [organization](/graph/api/resources/organization) resource. The following properties are available: id, displayName, and verifiedDomains. +### User.Read -For work or school accounts, the full profile includes all of the declared properties of the [User](/graph/api/resources/user) resource. On reads, only a limited number of properties are returned by default. To read properties that are not in the default set, use `$select`. The default properties are: +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | e1fe6dd8-ba31-4d61-89e7-88639da4683d +| DisplayText | - | Sign in and read user profile +| Description | - | Allows users to sign-in to the app, and allows the app to read the profile of signed-in users. It also allows the app to read basic company information of signed-in users. +| AdminConsentRequired | - | No -- displayName -- givenName -- jobTitle -- mail -- mobilePhone -- officeLocation -- preferredLanguage -- surname -- userPrincipalName +--- - _User.ReadWrite_ and _User.Readwrite.All_ delegated permissions allow the app to update the following profile properties for work or school accounts: +### User.Read.All -- aboutMe -- birthday -- hireDate -- interests -- mobilePhone -- mySite -- pastProjects -- photo -- preferredName -- responsibilities -- schools -- skills +| Category | Application | Delegated | +|--|--|--| +| Identifier | df021288-bdef-4463-88db-98f22de89214 | a154be20-db9c-4678-8ab7-66f6cc099a59 +| DisplayText | Read all users' full profiles | Read all users' full profiles +| Description | Allows the app to read user profiles without a signed in user. | Allows the app to read the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -With the _User.ReadWrite.All_ application permission, the app can update all of the declared properties of work or school accounts except for password. +--- -With the _User.ReadWrite.All_ delegated or application permission, updating another user's **businessPhones**, **mobilePhone** or **otherMails** is only allowed on users who are non-administrators or assigned one of the following roles: Directory Readers, Guest Inviter, Message Center Reader and Reports Reader. For more details, see Helpdesk (Password) Administrator in [Azure AD available roles](/azure/active-directory/users-groups-roles/directory-assign-admin-roles#available-roles). +### User.ReadBasic.All -To read or write direct reports (`directReports`) or the manager (`manager`) of a work or school account, the app must have either _User.Read.All_ (read only) or _User.ReadWrite.All_. +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b340eb25-3456-403f-be2f-af7a0d370277 +| DisplayText | - | Read all users' basic profiles +| Description | - | Allows the app to read a basic set of profile properties of other users in your organization on behalf of the signed-in user. This includes display name, first and last name, email address and photo. +| AdminConsentRequired | - | No -The _User.ReadBasic.All_ permission constrains app access to a limited set of properties known as the basic profile. This is because the full profile might contain sensitive directory information. The basic profile includes only the following properties: +--- -- displayName -- givenName -- id -- mail -- photo -- securityIdentifier -- surname -- userPrincipalName +### User.ReadWrite -To read the group memberships of a user (`memberOf`), the app must have either [_Group.Read.All_](#group-permissions) or [_Group.ReadWrite.All_](#group-permissions). However, if the user also has membership in a [directoryRole](/graph/api/resources/directoryrole) or an [administrativeUnit](/graph/api/resources/administrativeunit?view=graph-rest-beta&preserve-view=true), the app will need effective permissions to read those resources too, or Microsoft Graph will return an error. This means the app will also need [Directory permissions](#directory-permissions), and, for delegated permissions, the signed-in user will also need sufficient privileges in the organization to access directory roles and administrative units. +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | b4e74841-8e56-480b-be8b-910348b18b4c +| DisplayText | - | Read and write access to user profile +| Description | - | Allows the app to read your profile. It also allows the app to update your profile information on your behalf. +| AdminConsentRequired | - | No -With the _User.ManageIdentities.All_ delegated or application permission, it is possible to update the identities (`identities`) of a user. This includes federated (or social identities) or local identities with email or name-based sign-in names. +--- -### Example usage +### User.ReadWrite.All -#### Delegated +| Category | Application | Delegated | +|--|--|--| +| Identifier | 741f803b-c850-494e-b5df-cde7c675a1ca | 204e0828-b5ca-4ad8-b9f3-f32a958e7cc4 +| DisplayText | Read and write all users' full profiles | Read and write all users' full profiles +| Description | Allows the app to read and update user profiles without a signed in user. | Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -* _User.Read_: Read the full profile for the signed-in user (`GET /me`). -* _User.ReadWrite_: Update the photo of the signed-in user (`PUT /me/photo/$value`). -* _User.ReadBasic.All_: Find all users whose name starts with "David" (`GET /users?$filter=startswith(displayName,'David')`). -* _User.Read.All_: Read a user's manager (`GET /users/{id | userPrincipalName}/manager`). +--- -#### Application +### UserActivity.ReadWrite.CreatedByApp -* _User.Read.All_: Read all users and relationships through delta query (`GET /beta/users/delta?$select=displayName,givenName,surname`). -* _User.ReadWrite.All_: Update the photo for any user in the organization (`PUT /users/{id | userPrincipalName}/photo/$value`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 47607519-5fb1-47d9-99c7-da4b48f369b1 +| DisplayText | - | Read and write app activity to users' activity feed +| Description | - | Allows the app to read and report the signed-in user's activity in the app. +| AdminConsentRequired | - | No -For more complex scenarios involving multiple permissions, see [Permission scenarios](#permission-scenarios). +--- -## User activity permissions +### UserAuthenticationMethod.Read -#### Delegated permissions +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 1f6b61c5-2f65-4135-9c9f-31c0f8d32b52 +| DisplayText | - | Read user authentication methods. +| Description | - | Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. +| AdminConsentRequired | - | Yes -|Permission |Display String |Description |Admin Consent Required | Microsoft Account supported | -|:-----------------------------|:-----------------------------------------|:-----------------|:-----------------|:-----------------| -| _UserActivity.ReadWrite.CreatedByApp_ |Read and write app activity to users' activity feed |Allows the app to read and report the signed-in user's activity in the app. |No | Yes | +--- -#### Application permissions -None. +### UserAuthenticationMethod.Read.All -### Remarks -*UserActivity.ReadWrite.CreatedByApp* is valid for both Microsoft accounts and work or school accounts. +| Category | Application | Delegated | +|--|--|--| +| Identifier | 38d9df27-64da-44fd-b7c5-a6fbac20248f | aec28ec7-4d02-4e8c-b864-50163aea77eb +| DisplayText | Read all users' authentication methods | Read all users' authentication methods +| Description | Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. | Allows the app to read authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. +| AdminConsentRequired | Yes | Yes -The *CreatedByApp* constraint associated with this permission indicates the service will apply implicit filtering to results based on the identity of the calling app, either the MSA app id or a set of app ids configured for a cross-platform application identity. +--- -### Example usage +### UserAuthenticationMethod.ReadWrite -#### Delegated -* _UserActivity.ReadWrite.CreatedByApp_: Get a list of recent unique user activities based on associated history items published in the last day. (GET /me/activities/recent). -* _UserActivity.ReadWrite.CreatedByApp_: Publish or update a user activity which may be resumed by the user of the application. (PUT /me/activities/%2Farticle%3F12345). -* _UserActivity.ReadWrite.CreatedByApp_: Publish or update a history item for a specified user activity in order to represent the period of user engagement. (PUT /me/activities/{id}/historyItems/{id}). -* _UserActivity.ReadWrite.CreatedByApp_: Delete a user activity in response to user initiated request or to remove invalid data. (DELETE /me/activities/{id}). -* _UserActivity.ReadWrite.CreatedByApp_: Delete a history item in response to user initiated request or to remove invalid data. (DELETE /me/activities/{id}/historyItems/{id}). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 48971fc1-70d7-4245-af77-0beb29b53ee2 +| DisplayText | - | Read and write user authentication methods +| Description | - | Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. +| AdminConsentRequired | - | Yes --- -## User authentication method permissions +### UserAuthenticationMethod.ReadWrite.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | 50483e42-d915-4231-9639-7fdb7fd190e5 | b7887744-6746-4312-813d-72daeaee7e2d +| DisplayText | Read and write all users' authentication methods | Read and write all users' authentication methods. +| Description | Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods | Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user’s phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. +| AdminConsentRequired | Yes | Yes + +--- -#### Delegated permissions +### User-LifeCycleInfo.Read.All -|Permission |Display String |Description |Admin Consent Required | Microsoft Account supported | -|:---------------------------------------|:-------------------------------------|:------------------|:----------------------|:----------------------------| -|_UserAuthenticationMethod.Read_ |Read own authentication methods |Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. |Yes|No| -|_UserAuthenticationMethod.Read.All_ |Read users' authentication methods |Allows the app to read authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |Yes|No| -|_UserAuthenticationMethod.ReadWrite_ |Manage own authentication methods |Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. |Yes|No| -|_UserAuthenticationMethod.ReadWrite.All_|Manage users' authentication methods |Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |Yes|No| +| Category | Application | Delegated | +|--|--|--| +| Identifier | 8556a004-db57-4d7a-8b82-97a13428e96f | ed8d2a04-0374-41f1-aefe-da8ac87ccc87 +| DisplayText | Read all users' lifecycle information | Read all users' lifecycle information +| Description | Allows the app to read the lifecycle information like employeeLeaveDateTime of users in your organization, without a signed-in user. | Allows the app to read the lifecycle information like employeeLeaveDateTime of users in your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -#### Application permissions +--- -|Permission |Display String |Description |Admin Consent Required | -|:---------------------------------------|:-------------------------------------|:------------------|:----------------------| -|_UserAuthenticationMethod.Read.All_ |Read users' authentication methods |Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |Yes| -|_UserAuthenticationMethod.ReadWrite.All_|Manage users' authentication methods |Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. |Yes| +### User-LifeCycleInfo.ReadWrite.All -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | 925f1248-0f97-47b9-8ec8-538c54e01325 | 7ee7473e-bd4b-4c9f-987c-bd58481f5fa2 +| DisplayText | Read and write all users' lifecycle information | Read and write all users' lifecycle information +| Description | Allows the app to read and write the lifecycle information like employeeLeaveDateTime of users in your organization, without a signed-in user. | Allows the app to read and write the lifecycle information like employeeLeaveDateTime of users in your organization, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -User authentication method permissions are used to manage authentication methods on users. With these permissions, a delegated user or application can register new authentication methods on a user, read the authentication methods the user already has registered, update those authentication methods, and remove them from the user. +--- -With these permissions, all authentication methods can be read and managed on a user. This includes methods used for: +### UserNotification.ReadWrite.CreatedByApp -* Primary authentication (password, FIDO2, Microsoft Authenticator, and so on) -* Second factor of multi-factor authentication/MFA (phone numbers, Microsoft Authenticator, and so on) -* Self-Service Password Reset/SSPR (email address, and so on) +| Category | Application | Delegated | +|--|--|--| +| Identifier | 4e774092-a092-48d1-90bd-baad67c7eb47 | 26e2f3e8-b2a1-47fc-9620-89bb5b042024 +| DisplayText | Deliver and manage all user's notifications | Deliver and manage user's notifications +| Description | Allows the app to send, read, update and delete user’s notifications, without a signed-in user. | Allows the app to send, read, update and delete user’s notifications. +| AdminConsentRequired | Yes | No --- -## User resource-specific consent permissions +### UserShiftPreferences.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | de023814-96df-4f53-9376-1e2891ef5a18 | - +| DisplayText | Read all user shift preferences | - +| Description | Allows the app to read all users' shift schedule preferences without a signed-in user. | - +| AdminConsentRequired | Yes | - -#### Application permissions +--- -| Permission | Display String | Description | Admin Consent Required | Microsoft Account supported | -|:-------------------------------|:--------------------------------------------------------------|:-------------|:-----------------------|:----------------------------| -| _TeamsActivity.Send.User_ | Send activity feed notifications to this user. | Allows the app to create new notifications in the teamwork activity feed of this user, without a signed-in user. | No | No | +### UserShiftPreferences.ReadWrite.All ->[!NOTE] -> Currently, these permissions are supported only in the beta version of Microsoft Graph. +| Category | Application | Delegated | +|--|--|--| +| Identifier | d1eec298-80f3-49b0-9efb-d90e224798ac | - +| DisplayText | Read and write all user shift preferences | - +| Description | Allows the app to manage all users' shift schedule preferences without a signed-in user. | - +| AdminConsentRequired | Yes | - --- -## Virtual event permissions +### UserTimelineActivity.Write.CreatedByApp -#### Delegated permissions -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -|_VirtualEvent.Read_|Read your virtual events.|Allows the app to read virtual events created by the you.|Yes| +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 367492fc-594d-4972-a9b5-0d58c622c91c +| DisplayText | - | Write app activity to users' timeline +| Description | - | Allows the app to report the signed-in user's app activity information to Microsoft Timeline. +| AdminConsentRequired | - | No -#### Application permissions -| Permission | Display String | Description | Admin Consent Required | -|:----------------|:------------------|:-------------|:-----------------------| -|_VirtualEvent.Read.All_|Read all users' virtual events.|Allows the app to read all virtual events without a signed-in user. |Yes| +--- -### Example usage +### VirtualAppointment.Read -* _VirtualEvent.Read_: Retrieve a virtual event created by the signed-in user (`GET /solutions/virtualEvents/webinars/{id}`). -* _VirtualEvent.Read.All_: Retrieve a virtual event created by any user in the tenant (`GET /solutions/virtualEvents/webinars/{id}`). +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 27470298-d3b8-4b9c-aad4-6334312a3eac +| DisplayText | - | Read a user's virtual appointments +| Description | - | Allows an application to read virtual appointments for the signed-in user. Only an organizer or participant user can read their virtual appointments.   +| AdminConsentRequired | - | Yes --- -## Windows updates permissions +### VirtualAppointment.Read.All + +| Category | Application | Delegated | +|--|--|--| +| Identifier | d4f67ec2-59b5-4bdc-b4af-d78f6f9c1954 | - +| DisplayText | Read all virtual appointments for users, as authorized by online meetings application access policy | - +| Description | Allows the application to read virtual appointments for all users, without a signed-in user. The app must also be authorized to access an individual user’s data by the online meetings application access policy. | - +| AdminConsentRequired | Yes | - + +--- -#### Delegated permissions +### VirtualAppointment.ReadWrite -|Permission|Display String|Description|Admin Consent Required|Microsoft Account Supported| -|:---|:---|:---|:---|:---| -|_WindowsUpdates.ReadWrite.All_|Read and write all Windows update deployment settings|Allows the app to read and write all Windows update deployment settings for the organization on behalf of the signed-in user.|Yes|No| +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 2ccc2926-a528-4b17-b8bb-860eed29d64c +| DisplayText | - | Read and write a user's virtual appointments   +| Description | - | Allows an application to read and write virtual appointments for the signed-in user. Only an organizer or participant user can read and write their virtual appointments.  +| AdminConsentRequired | - | Yes -#### Application permissions +--- -|Permission|Display String|Description|Admin Consent Required| -|:---|:---|:---|:---| -|_WindowsUpdates.ReadWrite.All_|Read and write all Windows update deployment settings|Allows the app to read and write all Windows update deployment settings for the organization without a signed-in user.|Yes| +### VirtualAppointment.ReadWrite.All -### Remarks +| Category | Application | Delegated | +|--|--|--| +| Identifier | bf46a256-f47d-448f-ab78-f226fff08d40 | - +| DisplayText | Read-write all virtual appointments for users, as authorized by online meetings app access policy | - +| Description | Allows the application to read and write virtual appointments for all users, without a signed-in user. The app must also be authorized to access an individual user’s data by the online meetings application access policy. | - +| AdminConsentRequired | Yes | - -All the permissions above are valid only for work or school accounts. +--- -For an app to read or write all Windows update deployment settings with delegated permissions, the signed-in user must be assigned the Global Administrator, Intune Administrator, or Windows Update Deployment Administrator role. For more information about administrator roles, see [Assigning administrator roles in Azure Active Directory](/azure/active-directory/active-directory-assign-admin-roles). +### VirtualEvent.Read -### Example usage +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | 6b616635-ae58-433a-a918-8c45e4f304dc +| DisplayText | - | Read your virtual events +| Description | - | Allows the app to read virtual events created by the you +| AdminConsentRequired | - | Yes -#### Delegated +--- -* _WindowsUpdates.ReadWrite.All_: Create a deployment (`POST /beta/admin/windows/updates/deployments`). +### VirtualEvent.Read.All -#### Application +| Category | Application | Delegated | +|--|--|--| +| Identifier | 1dccb351-c4e4-4e09-a8d1-7a9ecbf027cc | - +| DisplayText | Read all users' virtual events | - +| Description | Allows the app to read all virtual events without a signed-in user. | - +| AdminConsentRequired | Yes | - -* _WindowsUpdates.ReadWrite.All_: Create a deployment (`POST /beta/admin/windows/updates/deployments`). +--- -## Permission scenarios +### WindowsUpdates.ReadWrite.All -This section shows some common scenarios that target [user](/graph/api/resources/user) and [group](/graph/api/resources/group) resources in an organization. The tables show the permissions that an app needs to be able to perform specific operations required by the scenario. Note that in some cases the ability of the app to perform specific operations will depend on whether a permission is an application or delegated permission. In the case of delegated permissions, the app's effective permissions will also depend on the privileges of the signed-in user within the organization. For more information, see [Delegated permissions, Application permissions, and effective permissions](auth/auth-concepts.md#microsoft-graph-permissions). +| Category | Application | Delegated | +|--|--|--| +| Identifier | 7dd1be58-6e76-4401-bf8d-31d1e8180d5b | 11776c0c-6138-4db3-a668-ee621bea2555 +| DisplayText | Read and write all Windows update deployment settings | Read and write all Windows update deployment settings +| Description | Allows the app to read and write all Windows update deployment settings for the organization without a signed-in user. | Allows the app to read and write all Windows update deployment settings for the organization on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -### Access scenarios on the User resource +--- -| **App tasks involving User** | **Required permissions** | **Permission strings** | -|:-------------------------------|:---------------------|:---------------| -| App wants to read other users' basic information (only display name and picture), for example to show in a people picking experience | _User.ReadBasic.All_ | Read all user's basic profiles | -| App wants to read complete user profile for signed in user (see direct reports, and manager, and so on) | _User.Read_ | Enable sign-in and read user profile| -| App wants to read complete user profile all users | _User.Read.All_ | Read all user's full profiles | -| App wants to read files, mail and calendar information for the signed in user | _User.Read_, _Files.Read_, _Mail.Read_, _Calendars.Read_ | Enable sign-in and read user profile, Read users' files, Read user mail, Read user calendars | -| App wants to read the signed-in user's (my) files and files that other users have shared with the signed-in user (me). | _User.Read_, _Files.Read_, _Sites.Read.All_ | Enable sign-in and read user profile, Read users' files, Read items in all site collections | -| App wants to read and write complete user profile for signed in user | _User.ReadWrite_ | Read and write access to user profile | -| App wants to read and write complete user profile all users | _User.ReadWrite.All_ | Read and write all user's full profiles | -| App wants to read and write files, mail and calendar information for the signed in user | _User.ReadWrite_, _Files.ReadWrite_, _Mail.ReadWrite_, _Calendars.ReadWrite_ | Read and write access to user profile, Read and write access to user profile, Read and write access to user mail, Have full access to user calendars | -| App wants to submit a data policy operation request to export a user's personal data | _User.Export.All_ | Export a user'a personal data. | +### WorkforceIntegration.Read.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | - | f1ccd5a7-6383-466a-8db8-1a656f7d06fa +| DisplayText | - | Read workforce integrations +| Description | - | Allows the app to read workforce integrations, to synchronize data from Microsoft Teams Shifts, on behalf of the signed-in user. +| AdminConsentRequired | - | Yes -### Access scenarios on the Group resource +--- -| **App tasks involving Group** | **Required permissions** | **Permission strings** | -|:-------------------------------|:---------------------|:---------------| -| App wants to read basic group info (only display name and picture), for example to show in a group picking experience | _Group.Read.All_ | Read all groups| -| App wants to read all content in all Microsoft 365 groups, including files, conversations. It also needs to show group memberships, be able to update group memberships, (if owner). | _Group.Read.All_ | Read items in all site collections, Read all groups| -| App wants to read and write all content in all Microsoft 365 groups, including files, conversations. It also needs to show group memberships, be able to update group memberships, (if owner). | _Group.ReadWrite.All_, _Sites.ReadWrite.All_ | Read and write all groups, Edit or delete items in all site collections | -| App wants to discover (find) a Microsoft 365 group. It allows the user to search for a particular group and choose one from the enumerated list to allow the user to join the group. | _Group.ReadWrite.All_ | Read and write all groups| -| App wants to create a group through AAD Graph | _Group.ReadWrite.All_ | Read and write all groups| +### WorkforceIntegration.ReadWrite.All +| Category | Application | Delegated | +|--|--|--| +| Identifier | 202bf709-e8e6-478e-bcfd-5d63c50b68e3 | 08c4b377-0d23-4a8b-be2a-23c1c1d88545 +| DisplayText | Read and write workforce integrations | Read and write workforce integrations +| Description | Allows the app to manage workforce integrations to synchronize data from Microsoft Teams Shifts, without a signed-in user. | Allows the app to manage workforce integrations, to synchronize data from Microsoft Teams Shifts, on behalf of the signed-in user. +| AdminConsentRequired | Yes | Yes -## All permissions and IDs +--- -[!INCLUDE [permissions-ids](includes/permissions-ids.md)] +## Delegated permissions supported for personal Microsoft accounts (MSA) + +[!INCLUDE [permissions-msa](../includes/permissions-notes/permissions-msa.md)] + +## Resource-specific consent (RSC) permissions + +[!INCLUDE [permissions-rsa](../includes/permissions-notes/permissions-rsc.md)] + +| Name | ID | Display text | Description | +|--|--|--|--| +| Calls.AccessMedia.Chat | e716890c-c30a-4ac3-a0e3-551e7d9e8deb | Access media streams in calls associated with this chat or meeting | Allows the app to access media streams in calls associated with this chat or meeting, without a signed-in user. +| Calls.JoinGroupCalls.Chat | a01e73f1-94da-4f6d-9b73-02e4ea65560b | Join calls associated with this chat or meeting | Allows the app to join calls associated with this chat or meeting, without a signed-in user. +| Channel.Create.Group | 65af85d7-62bb-4339-a206-7160fd427454 | Create channels in this team | Allows the app to create channels in this team, without a signed-in user. +| Channel.Delete.Group | 4432e57d-0983-4c17-881c-235c529f96dc | Delete this team's channels | Allows the app to delete this team's channels, without a signed-in user. +| ChannelMeeting.ReadBasic.Group | 6c13459c-facc-4b0a-93cb-63f0dff28046 | Read basic properties of the channel meetings in this team | Allows the app to read basic properties, such as name, schedule, organizer, join link, and start or end notifications, of channel meetings in this team, without a signed-in user. +| ChannelMeetingNotification.Send.Group | bbb12bdb-71e6-4602-9f5e-b1172c505746 | Send notifications in all the channel meetings associated with this team | Allows the app to send notifications inside all the channel meetings associated with this team, without a signed-in user. +| ChannelMeetingParticipant.Read.Group | bd118236-e8f5-4bec-a62d-89a623717e05 | Read the participants of this team's channel meetings | Allows the app to read participant information, including name, role, id, joined and left times, of channel meetings associated with this team, without a signed-in user. +| ChannelMeetingRecording.Read.Group | 30a40618-9b50-4764-b62e-b04023a8f5f3 | Read the recordings of all channel meetings associated with this team | Allows the app to read recordings of all the channel meetings associated with this team, without a signed-in user. +| ChannelMeetingTranscript.Read.Group | 37e59e88-1a46-482b-b623-0a4aa6abdf67 | Read the transcripts of all channel meetings associated with this team | Allows the app to read transcripts of all the channel meetings associated with this team, without a signed-in user. +| ChannelMessage.Read.Group | 19103a54-c397-4bcd-be5a-ef111e0406fa | Read this team's channel messages | Allows the app to read this team's channel's messages, without a signed-in user. +| ChannelSettings.Read.Group | 0a7b3084-8d18-46f5-8aef-b5b829292c6f | Read the names, descriptions, and settings of this team’s channels | Allows the app to read this team's channel names, channel descriptions, and channel settings, without a signed-in user. +| ChannelSettings.ReadWrite.Group | d057ad03-b27b-49f7-8219-e0d4a706da55 | Update the names, descriptions, and settings of this team’s channels | Allows the app to update and read the names, descriptions, and settings of this team’s channels, without a signed-in user. +| Chat.Manage.Chat | 4a14842e-6bb6-4088-b21a-7d0a24f835a6 | Manage this chat | Allows the app to manage the chat, the chat's members and grant access to the chat's data, without a signed-in user. +| ChatMember.Read.Chat | e854bbc6-07e3-45cc-af99-b6e78fab5b80 | Read this chat's members | Allows the app to read the members of this chat, without a signed-in user. +| ChatMessage.Read.Chat | 9398c3de-3f6b-4958-90f3-5098714ff50c | Read this chat's messages | Allows the app to read this chat's messages, without a signed-in user. +| ChatSettings.Read.Chat | 40d35d7c-9cc3-4f2d-912b-464457412a00 | Read this chat's settings | Allows the app to read this chat's settings, without a signed-in user. +| ChatSettings.ReadWrite.Chat | ed928a9c-7530-496a-a624-4c0a460ab3ed | Read and write this chat's settings | Allows the app to read and write this chat's settings, without a signed-in user. +| Member.Read.Group | 0a8ce3c7-89dd-46cf-b2c3-5ef0064437a8 | Read this group's members | Allows the app to read the basic profile of this group's members, without a signed-in user. +| OnlineMeeting.ReadBasic.Chat | eda8d262-4e6e-4ff6-a7ba-a2fb50535165 | Read basic properties of meetings associated with this chat | Allows the app to read basic properties, such as name, schedule, organizer, join link, and start or end notifications, of meetings associated with this chat, without a signed-in user. +| OnlineMeetingNotification.Send.Chat | d9837fe0-9c31-4faa-8acb-b10874560161 | Send notifications in the meetings associated with this chat | Allows the app to send notifications inside meetings associated with this chat, without a signed-in user. +| OnlineMeetingParticipant.Read.Chat | 6324a770-185c-4b4f-be13-2d9a1668e6eb | Read the participants of the meetings associated with this chat | Allows the app to read participant information, including name, role, id, joined and left times, of meetings associated with this chat, without a signed-in user. +| OnlineMeetingRecording.Read.Chat | d20f0153-08ff-48a9-b299-96a8d1131d1d | Read the recordings of the meetings associated with this chat  | Allows the app to read recordings of the meetings associated with this chat, without a signed-in user. +| OnlineMeetingTranscript.Read.Chat | 8c477e19-f0f7-45f9-ae72-604f77a599e3 | Read the transcripts of the meetings associated with this chat | Allows the app to read transcripts of the meetings associated with this chat, without a signed-in user.  +| Owner.Read.Group | 70d5316c-9b27-4057-a650-3b0fe49002ab | Read this group's owners | Allows the app to read the basic profile of this group's owners, without a signed-in user. +| TeamMember.Read.Group | b8731755-de22-4604-be08-93e1e5c2d2d6 | Read this team's members | Allows the app to read the members of this team, without a signed-in user. +| TeamsActivity.Send.Chat | 119b5846-be45-44cd-87d7-bfc566330e11 | Send activity feed notifications to users in this chat | Allows the app to create new notifications in the teamwork activity feeds of the users in this chat, without a signed-in user. +| TeamsActivity.Send.Group | d4539c25-0937-4095-b844-b97228dd8655 | Send activity feed notifications to users in this team | Allows the app to create new notifications in the teamwork activity feeds of the users in this team, without a signed-in user. +| TeamsActivity.Send.User | 483c432d-7210-44e7-a362-954c0c5e4108 | Send activity feed notifications to this user | Allows the app to create new notifications in the teamwork activity feed of this user, without a signed-in user. +| TeamsAppInstallation.Read.Chat | b60343cd-f77a-4c4f-8036-41938b1abd8b | Read which apps are installed in this chat | Allows the app to read the Teams apps that are installed in this chat along with the permissions granted to each app, without a signed-in user. +| TeamsAppInstallation.Read.Group | ba4beb29-863b-4f02-8969-37a289cd91c0 | Read which apps are installed in this team | Allows the app to read the Teams apps that are installed in this team, without a signed-in user. +| TeamSettings.Read.Group | 87909ea6-7b07-42cf-b3a0-b8bd8e7072a8 | Read this team's settings | Allows the app to read this team's settings, without a signed-in user. +| TeamSettings.ReadWrite.Group | 13451d84-ced2-4d45-9b0d-98688b90e5bf | Read and write this team's settings | Allows the app to read and write this team's settings, without a signed-in user. +| TeamsTab.Create.Chat | 0029d2bb-fc98-4712-9310-69dd5fcc94d5 | Create tabs in this chat | Allows the app to create tabs in this chat, without a signed-in user. +| TeamsTab.Create.Group | c4d7203b-1e46-4c4a-95f9-862779aa39e1 | Create tabs in this team | Allows the app to create tabs in this team, without a signed-in user. +| TeamsTab.Delete.Chat | fa50d890-02fe-4696-b82b-110dc7f7382a | Delete this chat's tabs | Allows the app to delete this chat's tabs, without a signed-in user. +| TeamsTab.Delete.Group | cc2e79a6-9a86-45cc-91c1-41c15745287e | Delete this team's tabs | Allows the app to delete this team's tabs, without a signed-in user. +| TeamsTab.Read.Chat | aa07ff41-1317-4f07-8edb-a1558e9bfc84 | Read this chat's tabs | Allows the app to read this chat's tabs, without a signed-in user. +| TeamsTab.Read.Group | 60d920d0-44e7-44f4-a811-1a172a2ea5b3 | Read this team's tabs | Allows the app to read this team's tabs, without a signed-in user. +| TeamsTab.ReadWrite.Chat | d583f4d7-57da-4b2c-9744-253e9ec3c7be | Manage this chat's tabs | Allows the app to manage this chat's tabs, without a signed-in user. +| TeamsTab.ReadWrite.Group | 717ca3a4-bc73-47f8-b613-4d43e657fa9c | Manage this team's tabs | Allows the app to manage this team's tabs, without a signed-in user. + +## See also + ++ [Overview of Microsoft Graph permissions](permissions-overview.md) From 77bfb478a500fde3af4875c06a9fe7d0a64d1898 Mon Sep 17 00:00:00 2001 From: raghuchek Date: Tue, 21 Nov 2023 17:17:53 +0530 Subject: [PATCH 029/156] conflict --- concepts/permissions-reference.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index 4543bfeb100..d99c40da1e2 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -1829,7 +1829,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| -| Identifier | f431cc63-a2de-48c4-8054-a34bc093af84 | - +| Identifier | f431cc63-a2de-48c4-8054-a34bc093af84 | - | DisplayText | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | - | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | - | AdminConsentRequired | Yes | - From 222919e98a02e6d591021953070d6460c1d575d8 Mon Sep 17 00:00:00 2001 From: cubika Date: Wed, 13 Dec 2023 16:57:13 +0800 Subject: [PATCH 030/156] Add application permissions info --- .../beta/api/rbacapplication-list-roleassignments.md | 2 +- .../beta/api/rbacapplication-list-roledefinitions.md | 2 +- .../beta/api/rbacapplication-post-roleassignments.md | 4 ++-- api-reference/beta/api/unifiedroleassignment-delete.md | 2 +- api-reference/beta/api/unifiedroleassignment-get.md | 2 +- api-reference/beta/api/unifiedroledefinition-get.md | 2 +- .../includes/permissions/customappscope-delete-permissions.md | 4 ++-- .../includes/permissions/customappscope-get-permissions.md | 2 +- .../includes/permissions/customappscope-update-permissions.md | 2 +- 9 files changed, 11 insertions(+), 11 deletions(-) diff --git a/api-reference/beta/api/rbacapplication-list-roleassignments.md b/api-reference/beta/api/rbacapplication-list-roleassignments.md index e7091aa3784..f420435edac 100644 --- a/api-reference/beta/api/rbacapplication-list-roleassignments.md +++ b/api-reference/beta/api/rbacapplication-list-roleassignments.md @@ -51,7 +51,7 @@ One of the following permissions is required to call this API. To learn more, in |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | ## HTTP request diff --git a/api-reference/beta/api/rbacapplication-list-roledefinitions.md b/api-reference/beta/api/rbacapplication-list-roledefinitions.md index 9363e079867..35d1697d0cf 100644 --- a/api-reference/beta/api/rbacapplication-list-roledefinitions.md +++ b/api-reference/beta/api/rbacapplication-list-roledefinitions.md @@ -69,7 +69,7 @@ Depending on the RBAC provider and the permission type (delegated or application |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | ## HTTP request diff --git a/api-reference/beta/api/rbacapplication-post-roleassignments.md b/api-reference/beta/api/rbacapplication-post-roleassignments.md index 8a1375cdfc0..71e07d58999 100644 --- a/api-reference/beta/api/rbacapplication-post-roleassignments.md +++ b/api-reference/beta/api/rbacapplication-post-roleassignments.md @@ -46,7 +46,7 @@ One of the following permissions is required to call this API. To learn more, in |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.ReadWrite.Exchange | ## HTTP request @@ -86,7 +86,7 @@ You can specify the following properties when creating a **unifiedRoleAssignment | Property | Type | Description | |:-------------|:------------|:------------| |appScopeId|String|Required. Identifier of the app specific scope when the assignment scope is app specific. The scope of an assignment determines the set of resources for which the principal has been granted access. App scopes are scopes that are defined and understood by a resource application only.

For the entitlement management provider, use this property to specify a catalog, for example `/AccessPackageCatalog/beedadfe-01d5-4025-910b-84abb9369997`.

Either **appScopeId** or **directoryScopeId** must be specified.| -|directoryScopeId|String|Required. Identifier of the [directory object](../resources/directoryobject.md) representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.

For the directory (Microsoft Entra ID) provider, this property supports the following formats:
  • `/` for tenant-wide scope
  • `/administrativeUnits/{administrativeunit-ID}` to scope to an administrative unit
  • `/{application-objectID}` to scope to a resource application
  • `/attributeSets/{attributeSet-ID}` to scope to an attribute set

    For entitlement management provider, `/` for tenant-wide scope. To scope to an access package catalog, use the **appScopeId** property.

    For Exchange Online provider, this property supports following formats:
  • `/` for tenant-wide scope
  • `/Users/{ObjectId of user}` to scope the role assignment to a specific user
  • `/AdministrativeUnits/{ObjectId of AU}` to scope the role assignment to an administrative unit

    Either **appScopeId** or **directoryScopeId** must be specified.| +|directoryScopeId|String|Required. Identifier of the [directory object](../resources/directoryobject.md) representing the scope of the assignment. The scope of an assignment determines the set of resources for which the principal has been granted access. Directory scopes are shared scopes stored in the directory that are understood by multiple applications, unlike app scopes that are defined and understood by a resource application only.

    For the directory (Microsoft Entra ID) provider, this property supports the following formats:
  • `/` for tenant-wide scope
  • `/administrativeUnits/{administrativeunit-ID}` to scope to an administrative unit
  • `/{application-objectID}` to scope to a resource application
  • `/attributeSets/{attributeSet-ID}` to scope to an attribute set

    For entitlement management provider, `/` for tenant-wide scope. To scope to an access package catalog, use the **appScopeId** property.

    For Exchange Online provider, this property supports following formats:
  • `/` for tenant-wide scope
  • `/Users/{ObjectId of user}` to scope the role assignment to a specific user
  • `/AdministrativeUnits/{ObjectId of AU}` to scope the role assignment to an administrative unit
  • `/Groups/{ObjectId of group}` to scope the role assinment to direct members of a specific group

    Either **appScopeId** or **directoryScopeId** must be specified.| |principalId|String|Required. Identifier of the principal to which the assignment is granted. | |roleDefinitionId|String| Identifier of the unifiedRoleDefinition the assignment is for. Read-only. Supports `$filter` (`eq`, `in`). | diff --git a/api-reference/beta/api/unifiedroleassignment-delete.md b/api-reference/beta/api/unifiedroleassignment-delete.md index f7b361f3c3a..cbb4b7e038d 100644 --- a/api-reference/beta/api/unifiedroleassignment-delete.md +++ b/api-reference/beta/api/unifiedroleassignment-delete.md @@ -46,7 +46,7 @@ One of the following permissions is required to call this API. To learn more, in |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.ReadWrite.Exchange | ## HTTP request diff --git a/api-reference/beta/api/unifiedroleassignment-get.md b/api-reference/beta/api/unifiedroleassignment-get.md index 69bf43e7577..078ec7840c6 100644 --- a/api-reference/beta/api/unifiedroleassignment-get.md +++ b/api-reference/beta/api/unifiedroleassignment-get.md @@ -46,7 +46,7 @@ One of the following permissions is required to call this API. To learn more, in |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | ## HTTP request diff --git a/api-reference/beta/api/unifiedroledefinition-get.md b/api-reference/beta/api/unifiedroledefinition-get.md index dfb43d89ba1..763ccb8c735 100644 --- a/api-reference/beta/api/unifiedroledefinition-get.md +++ b/api-reference/beta/api/unifiedroledefinition-get.md @@ -69,7 +69,7 @@ Depending on the RBAC provider and the permission type (delegated or application |:--------------------|:---------------------------------------------------------| |Delegated (work or school account) | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | |Delegated (personal Microsoft account) | Not supported. | -|Application | Not supported. | +|Application | RoleManagement.Read.Exchange, RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange | ## HTTP request diff --git a/api-reference/beta/includes/permissions/customappscope-delete-permissions.md b/api-reference/beta/includes/permissions/customappscope-delete-permissions.md index a23aa271472..6cba929ec49 100644 --- a/api-reference/beta/includes/permissions/customappscope-delete-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-delete-permissions.md @@ -1,5 +1,5 @@ |Permission type|Least privileged permissions|Higher privileged permissions| |:---|:---|:---| -|Delegated (work or school account)|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| +|Delegated (work or school account)|RoleManagement.ReadWrite.Exchange|Not available.| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|Not supported.|Not supported.| \ No newline at end of file +|Application|RoleManagement.ReadWrite.Exchange|Not available.| \ No newline at end of file diff --git a/api-reference/beta/includes/permissions/customappscope-get-permissions.md b/api-reference/beta/includes/permissions/customappscope-get-permissions.md index a23aa271472..2e34a86fee6 100644 --- a/api-reference/beta/includes/permissions/customappscope-get-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-get-permissions.md @@ -2,4 +2,4 @@ |:---|:---|:---| |Delegated (work or school account)|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|Not supported.|Not supported.| \ No newline at end of file +|Application|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| \ No newline at end of file diff --git a/api-reference/beta/includes/permissions/customappscope-update-permissions.md b/api-reference/beta/includes/permissions/customappscope-update-permissions.md index 6d17ae3a0df..6cba929ec49 100644 --- a/api-reference/beta/includes/permissions/customappscope-update-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-update-permissions.md @@ -2,4 +2,4 @@ |:---|:---|:---| |Delegated (work or school account)|RoleManagement.ReadWrite.Exchange|Not available.| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|Not supported.|Not supported.| \ No newline at end of file +|Application|RoleManagement.ReadWrite.Exchange|Not available.| \ No newline at end of file From befde4dcabd4eb84439995cc024207f20960d475 Mon Sep 17 00:00:00 2001 From: Shane Malone Date: Thu, 14 Dec 2023 15:42:13 +0000 Subject: [PATCH 031/156] Address comments --- .../beta/api/openshift-stagefordeletion.md | 5 +- api-reference/beta/api/team-getopenshifts.md | 61 ++++++++++++++----- api-reference/beta/resources/openshift.md | 12 ++-- api-reference/beta/resources/openshiftitem.md | 2 +- api-reference/beta/toc.yml | 4 ++ 5 files changed, 58 insertions(+), 26 deletions(-) diff --git a/api-reference/beta/api/openshift-stagefordeletion.md b/api-reference/beta/api/openshift-stagefordeletion.md index 525c4d6f848..7c5ebaec960 100644 --- a/api-reference/beta/api/openshift-stagefordeletion.md +++ b/api-reference/beta/api/openshift-stagefordeletion.md @@ -13,7 +13,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Stage an [openShift](../resources/openshift.md) for deletion. Staged (draft) changes are only visible to managers until the changes are [shared](../api/schedule-share.md) with the team. +Stage the deletion of an [openShift](../resources/openshift.md) instance in a [schedule](../resources/schedule.md) in draft mode. ## Permissions @@ -63,10 +63,9 @@ The following example shows a request. } --> ``` http -POST https://graph.microsoft.com/beta/teams/{teamsId}/schedule/openShifts/{openShiftId}/stageForDeletion +POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/openShifts/OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion ``` - ### Response The following example shows the response. diff --git a/api-reference/beta/api/team-getopenshifts.md b/api-reference/beta/api/team-getopenshifts.md index bc6efb56004..25a2d89328c 100644 --- a/api-reference/beta/api/team-getopenshifts.md +++ b/api-reference/beta/api/team-getopenshifts.md @@ -92,27 +92,56 @@ Content-Type: application/json { "value": [ { - "@odata.type": "#microsoft.graph.openShift", - "id": "String (identifier)", - "createdBy": { - "@odata.type": "microsoft.graph.identitySet" + "createdDateTime": "2019-03-14T04:32:51.451Z", + "draftOpenShift": { + "activities": [ + { + "code": "Break", + "displayName": "Lunch", + "endDateTime": "2018-10-04T07:58:45.332Z", + "isPaid": true, + "startDateTime": "2018-10-04T00:58:45.340Z" + } + ], + "displayName": "Day shift", + "endDateTime": "2018-10-04T08:58:45.340Z", + "notes": "Inventory Management", + "openSlotCount": 3, + "startDateTime": "2018-10-04T00:58:45.332Z", + "theme": "white" }, - "createdDateTime": "String (timestamp)", - "lastModifiedDateTime": "String (timestamp)", + "id": "OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8", "lastModifiedBy": { - "@odata.type": "microsoft.graph.identitySet" + "application": null, + "conversation": null, + "device": null, + "user": { + "displayName": "John Doe", + "id": "366c0b19-49b1-41b5-a03f-9f3887bd0ed8" + } }, + "lastModifiedDateTime": "2019-03-14T05:32:51.451Z", + "schedulingGroupId": "TAG_228940ed-ff84-4e25-b129-1b395cf78be0", "sharedOpenShift": { - "@odata.type": "microsoft.graph.openShiftItem" - }, - "draftOpenShift": { - "@odata.type": "microsoft.graph.openShiftItem" + "activities": [ + { + "code": "", + "displayName": "Lunch", + "endDateTime": "2018-10-04T01:58:45.340Z", + "isPaid": true, + "startDateTime": "2018-10-04T00:58:45.340Z" + } + ], + "displayName": "Day shift", + "endDateTime": "2018-10-04T09:50:45.332Z", + "notes": "Inventory Management", + "openSlotCount": 2, + "startDateTime": "2018-10-04T00:58:45.340Z", + "theme": "white" }, - "schedulingGroupId": "String", - "isStagedForDeletion": "Boolean", - "schedulingGroupName": "String", - "teamId": "String", - "teamName": "String" + "schedulingGroupName": "Cashiers", + "teamId": "228940ed-ff84-4e25-b129-1b395cf78be0", + "teamName": "Downtown shop" } ] } diff --git a/api-reference/beta/resources/openshift.md b/api-reference/beta/resources/openshift.md index b0e0ee6cd5d..d4067b72a18 100644 --- a/api-reference/beta/resources/openshift.md +++ b/api-reference/beta/resources/openshift.md @@ -33,16 +33,16 @@ Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). |:---|:---|:---| |createdBy|[identitySet](identityset.md)|Identity of the person who created the **openShift** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| |createdDateTime|DateTimeOffset|Date and time when the **openShift** was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|draftOpenShift|[openShiftItem](../resources/openshiftitem.md)|Draft changes in the open shift (only visible to managers until [shared](../api/schedule-share.md)).| +|draftOpenShift|[openShiftItem](../resources/openshiftitem.md)|Draft changes in the open shift which are only visible to managers until [shared](../api/schedule-share.md).| |id|String| Unique identifier for the **openShift** object. Read-only. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|isStagedForDeletion|Boolean|The open shift is marked for deletion (finalized when the schedule is [shared](../api/schedule-share.md)).| +|isStagedForDeletion|Boolean|The open shift is marked for deletion which are finalized when the schedule is [shared](../api/schedule-share.md).| |lastModifiedBy|[identitySet](identityset.md)|Identity of the person who last modified the **openShift** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| |lastModifiedDateTime|DateTimeOffset|Date and time when the **openShift** was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| |schedulingGroupId|String|The ID of the schedule group the open shift is in.| -|schedulingGroupName|String|The name of the scheduling group the open shift is in (computed).| -|sharedOpenShift|[openShiftItem](../resources/openshiftitem.md)|Published changes in the open shift (Shared with team).| -|teamId|String|The ID of the team the open shift is in (computed).| -|teamName|String|The name of the team the open shift is in (computed).| +|schedulingGroupName|String|The name of the scheduling group the open shift is in.| +|sharedOpenShift|[openShiftItem](../resources/openshiftitem.md)|Published changes in the open shift.| +|teamId|String|The ID of the team the open shift is in.| +|teamName|String|The name of the team the open shift is in.| ## Relationships None. diff --git a/api-reference/beta/resources/openshiftitem.md b/api-reference/beta/resources/openshiftitem.md index ec91c5ea466..2ace046c8e4 100644 --- a/api-reference/beta/resources/openshiftitem.md +++ b/api-reference/beta/resources/openshiftitem.md @@ -27,7 +27,7 @@ Inherits from [shiftItem](../resources/shiftitem.md). | notes | String | The shift notes for the **openShift**. Inherited from [shiftItem](../resources/shiftitem.md). | |openSlotCount|Int32| Count of the number of slots for the given open shift.| | startDateTime | DateTimeOffset | The start date and time for the **openShift**. Required. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [shiftItem](../resources/shiftitem.md). | -| theme | scheduleEntityTheme | Possible values are: `white`, `blue`, `green`, `purple`, `pink`, `yellow`, `gray`, `darkBlue`, `darkGreen`, `darkPurple`, `darkPink`, `darkYellow`, `unknownFutureValue`. Inherited from [shiftItem](../resources/shiftitem.md). | +| theme | scheduleEntityTheme | The color of the open shift. Possible values are: `white`, `blue`, `green`, `purple`, `pink`, `yellow`, `gray`, `darkBlue`, `darkGreen`, `darkPurple`, `darkPink`, `darkYellow`, `unknownFutureValue`. Inherited from [shiftItem](../resources/shiftitem.md). | ## JSON representation diff --git a/api-reference/beta/toc.yml b/api-reference/beta/toc.yml index df9f51169f7..55be427b33a 100644 --- a/api-reference/beta/toc.yml +++ b/api-reference/beta/toc.yml @@ -18913,6 +18913,10 @@ items: href: api/openshift-update.md - name: Delete href: api/openshift-delete.md + - name: Stage for deletion + href: api/openshift-stageforedeletion.md + - name: List for all joined teams + href: api/team-getopenshifts.md - name: Open shift change request href: resources/openshiftchangerequest.md items: From e279d986a5b3406ffa4df946b36078b5903d4fc0 Mon Sep 17 00:00:00 2001 From: Shane Malone Date: Thu, 14 Dec 2023 16:02:50 +0000 Subject: [PATCH 032/156] Fix toc --- api-reference/beta/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/beta/toc.yml b/api-reference/beta/toc.yml index 55be427b33a..9cb6cb32bb5 100644 --- a/api-reference/beta/toc.yml +++ b/api-reference/beta/toc.yml @@ -18914,7 +18914,7 @@ items: - name: Delete href: api/openshift-delete.md - name: Stage for deletion - href: api/openshift-stageforedeletion.md + href: api/openshift-stagefordeletion.md - name: List for all joined teams href: api/team-getopenshifts.md - name: Open shift change request From 60969fa8f740cd46f8c8638057c43b706f38be7a Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Fri, 15 Dec 2023 06:58:51 +0100 Subject: [PATCH 033/156] Update openshift.md Edit. --- api-reference/beta/resources/openshift.md | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/api-reference/beta/resources/openshift.md b/api-reference/beta/resources/openshift.md index d4067b72a18..47d06f8759d 100644 --- a/api-reference/beta/resources/openshift.md +++ b/api-reference/beta/resources/openshift.md @@ -38,17 +38,20 @@ Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). |isStagedForDeletion|Boolean|The open shift is marked for deletion which are finalized when the schedule is [shared](../api/schedule-share.md).| |lastModifiedBy|[identitySet](identityset.md)|Identity of the person who last modified the **openShift** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| |lastModifiedDateTime|DateTimeOffset|Date and time when the **openShift** was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|schedulingGroupId|String|The ID of the schedule group the open shift is in.| -|schedulingGroupName|String|The name of the scheduling group the open shift is in.| +|schedulingGroupId|String|The ID of the scheduling group that contains the open shift.| +|schedulingGroupName|String|The name of the scheduling group that contains the open shift.| |sharedOpenShift|[openShiftItem](../resources/openshiftitem.md)|Published changes in the open shift.| -|teamId|String|The ID of the team the open shift is in.| -|teamName|String|The name of the team the open shift is in.| +|teamId|String|The ID of the team in which the open shift is located.| +|teamName|String|The name of the team in which the open shift is located.| ## Relationships + None. ## JSON representation + The following JSON representation shows the resource type. + ``` http From 6e726f851e489383e656dc4eac4252280bb0cb72 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Fri, 15 Dec 2023 07:39:29 +0100 Subject: [PATCH 041/156] Update team-getopenshifts.md Edit. --- api-reference/beta/api/team-getopenshifts.md | 74 ++++++++++---------- 1 file changed, 37 insertions(+), 37 deletions(-) diff --git a/api-reference/beta/api/team-getopenshifts.md b/api-reference/beta/api/team-getopenshifts.md index 25a2d89328c..d5be353d6b8 100644 --- a/api-reference/beta/api/team-getopenshifts.md +++ b/api-reference/beta/api/team-getopenshifts.md @@ -94,50 +94,50 @@ Content-Type: application/json { "createdDateTime": "2019-03-14T04:32:51.451Z", "draftOpenShift": { - "activities": [ - { - "code": "Break", - "displayName": "Lunch", - "endDateTime": "2018-10-04T07:58:45.332Z", - "isPaid": true, - "startDateTime": "2018-10-04T00:58:45.340Z" - } - ], - "displayName": "Day shift", - "endDateTime": "2018-10-04T08:58:45.340Z", - "notes": "Inventory Management", - "openSlotCount": 3, - "startDateTime": "2018-10-04T00:58:45.332Z", - "theme": "white" + "activities": [ + { + "code": "Break", + "displayName": "Lunch", + "endDateTime": "2018-10-04T07:58:45.332Z", + "isPaid": true, + "startDateTime": "2018-10-04T00:58:45.340Z" + } + ], + "displayName": "Day shift", + "endDateTime": "2018-10-04T08:58:45.340Z", + "notes": "Inventory Management", + "openSlotCount": 3, + "startDateTime": "2018-10-04T00:58:45.332Z", + "theme": "white" }, "id": "OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8", "lastModifiedBy": { - "application": null, - "conversation": null, - "device": null, - "user": { - "displayName": "John Doe", - "id": "366c0b19-49b1-41b5-a03f-9f3887bd0ed8" - } + "application": null, + "conversation": null, + "device": null, + "user": { + "displayName": "John Doe", + "id": "366c0b19-49b1-41b5-a03f-9f3887bd0ed8" + } }, "lastModifiedDateTime": "2019-03-14T05:32:51.451Z", "schedulingGroupId": "TAG_228940ed-ff84-4e25-b129-1b395cf78be0", "sharedOpenShift": { - "activities": [ - { - "code": "", - "displayName": "Lunch", - "endDateTime": "2018-10-04T01:58:45.340Z", - "isPaid": true, - "startDateTime": "2018-10-04T00:58:45.340Z" - } - ], - "displayName": "Day shift", - "endDateTime": "2018-10-04T09:50:45.332Z", - "notes": "Inventory Management", - "openSlotCount": 2, - "startDateTime": "2018-10-04T00:58:45.340Z", - "theme": "white" + "activities": [ + { + "code": "", + "displayName": "Lunch", + "endDateTime": "2018-10-04T01:58:45.340Z", + "isPaid": true, + "startDateTime": "2018-10-04T00:58:45.340Z" + } + ], + "displayName": "Day shift", + "endDateTime": "2018-10-04T09:50:45.332Z", + "notes": "Inventory Management", + "openSlotCount": 2, + "startDateTime": "2018-10-04T00:58:45.340Z", + "theme": "white" }, "schedulingGroupName": "Cashiers", "teamId": "228940ed-ff84-4e25-b129-1b395cf78be0", From 2e0c229b6d0e12e8b630fd475dd4a84c944ba511 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Fri, 15 Dec 2023 07:41:07 +0100 Subject: [PATCH 042/156] Rename openshift-stagefordeletion-permissions.md to changetrackedentity-stagefordeletion-permissions.md Edit. --- ...ons.md => changetrackedentity-stagefordeletion-permissions.md} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename api-reference/beta/includes/permissions/{openshift-stagefordeletion-permissions.md => changetrackedentity-stagefordeletion-permissions.md} (100%) diff --git a/api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md b/api-reference/beta/includes/permissions/changetrackedentity-stagefordeletion-permissions.md similarity index 100% rename from api-reference/beta/includes/permissions/openshift-stagefordeletion-permissions.md rename to api-reference/beta/includes/permissions/changetrackedentity-stagefordeletion-permissions.md From cc232501a0ce9776b391385871fa2734bdbb3026 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Fri, 15 Dec 2023 07:41:25 +0100 Subject: [PATCH 043/156] Update changetrackedentity-stagefordeletion.md Edit. --- api-reference/beta/api/changetrackedentity-stagefordeletion.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/beta/api/changetrackedentity-stagefordeletion.md b/api-reference/beta/api/changetrackedentity-stagefordeletion.md index 5866a4070d9..7f965adec36 100644 --- a/api-reference/beta/api/changetrackedentity-stagefordeletion.md +++ b/api-reference/beta/api/changetrackedentity-stagefordeletion.md @@ -24,7 +24,7 @@ One of the following permissions is required to call this API. To learn more, in "name": "openshift-stagefordeletion-permissions" } --> -[!INCLUDE [permissions-table](../includes/permissions/openshift-stagefordeletion-permissions.md)] +[!INCLUDE [permissions-table](../includes/permissions/changetrackedentity-stagefordeletion-permissions.md)] ## HTTP request From 235420f99d1bdd2393d0554be130b4521dbf2ad0 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Sat, 16 Dec 2023 21:01:07 +0100 Subject: [PATCH 044/156] Update changetrackedentity.md Edit. --- api-reference/beta/resources/changetrackedentity.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/api-reference/beta/resources/changetrackedentity.md b/api-reference/beta/resources/changetrackedentity.md index af811d8e9dd..faa926b5a33 100644 --- a/api-reference/beta/resources/changetrackedentity.md +++ b/api-reference/beta/resources/changetrackedentity.md @@ -15,6 +15,11 @@ Namespace: microsoft.graph Represents an entity to track changes made to any supported [schedule](schedule.md) and associated resource. +## Methods +|Method|Return type|Description| +|:---|:---|:---| +|[stageForDeletion](../api/changetrackedentity-stagefordeletion.md)|None|Stage an [openShift](../resources/openshift.md) for deletion.| + ## Properties | Property | Type | Description | From 36a15069fe63094ccfe23f59908b9ea1b89d4119 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Sat, 16 Dec 2023 21:02:40 +0100 Subject: [PATCH 045/156] Update changetrackedentity.md Edit. --- api-reference/beta/resources/changetrackedentity.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api-reference/beta/resources/changetrackedentity.md b/api-reference/beta/resources/changetrackedentity.md index faa926b5a33..7caa625aa1c 100644 --- a/api-reference/beta/resources/changetrackedentity.md +++ b/api-reference/beta/resources/changetrackedentity.md @@ -24,10 +24,10 @@ Represents an entity to track changes made to any supported [schedule](schedule. | Property | Type | Description | |:-------------|:------------|:------------| -|createdDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| -|id|String| Read-only.| +|createdDateTime|DateTimeOffset|The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| +|id|String| The unique identifier for the **changeTrackedEntity** object. Read-only.| |lastModifiedBy|[identitySet](identityset.md)|Identity of the person who last modified the entity.| -|lastModifiedDateTime|DateTimeOffset|The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| +|lastModifiedDateTime|DateTimeOffset|The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`| ## Relationships @@ -35,7 +35,7 @@ None. ## JSON representation -The following is a JSON representation of the resource. +The following JSON representation shows the resource type. ``` http HTTP/1.1 204 No Content -``` - - -### Error Conditions - -|Scenario|HTTP Code|Code|Message|Details| -|:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| -|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| -|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| -|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| -|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| -|Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| -|Bad Request|400|BadRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| -|Bad Request|400|BadRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| -|Bad Request|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| -|Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| -|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file +``` \ No newline at end of file diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md new file mode 100644 index 00000000000..bc31eab5a38 --- /dev/null +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -0,0 +1,75 @@ +--- +title: "Microsoft Graph LearningCourseActivity API error responses" +description: "Errors in the Microsoft Graph LearningCourseActivity API returned when a request sent through the API fails." +author: "jprasad" +ms.localizationpriority: medium +ms.prod: "employee-learning" +doc_type: conceptualPageType +--- + +# Microsoft Graph LearningCourseActivity API error responses + +Namespace: microsoft.graph + +This article describes error codes that are returned by the LearningCourseActivity APIs in Microsoft Graph when a request sent through these APIs fails. + +## Error codes and messages for create request fail + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Multiple Field validations fail|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| +|Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| +|Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| + +## Error codes and messages for delete request fail + +|Scenario|HTTP code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal server error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| + +## Error codes and messages for get request fail + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| + +## Error codes and messages for update request fail + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Bad Request|400|BadRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| +|Bad Request|400|BadRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| +|Bad Request|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| +|Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| +|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file diff --git a/api-reference/v1.0/resources/learningselfinitiatedcourse.md b/api-reference/v1.0/resources/learningselfinitiatedcourse.md index a8e3ce14acb..d35fba78026 100644 --- a/api-reference/v1.0/resources/learningselfinitiatedcourse.md +++ b/api-reference/v1.0/resources/learningselfinitiatedcourse.md @@ -27,7 +27,7 @@ Inherits from [learningCourseActivity](../resources/learningcourseactivity.md). |learnerUserId|String|The user ID of the learner who initiated the course. Required. Inherited from [learningCourseActivity](../resources/learningcourseactivity.md).| |learningProviderId|String|The registration ID of the provider. Required. Inherited from [learningCourseActivity](../resources/learningcourseactivity.md).| |startedDateTime|DateTimeOffset|The date and time on which the self-initiated course was started by the learner. Optional.| -|status|courseStatus|The status of the course activity. Possible values are `notStarted`, `inProgress`, `completed`. Optional. Inherited from [learningCourseActivity](../resources/learningcourseactivity.md).| +|status|courseStatus|The status of the course activity. Possible values are `inProgress`, `completed`. Optional. Inherited from [learningCourseActivity](../resources/learningcourseactivity.md).| ## Relationships None. From e6839cc2d509eb6d97e4661efe25ece4ba541618 Mon Sep 17 00:00:00 2001 From: jagritee Date: Mon, 18 Dec 2023 22:55:13 +0530 Subject: [PATCH 055/156] update minor --- api-reference/beta/toc.yml | 2 -- api-reference/v1.0/toc.yml | 2 ++ 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/api-reference/beta/toc.yml b/api-reference/beta/toc.yml index b2a5082f13d..660b91b169d 100644 --- a/api-reference/beta/toc.yml +++ b/api-reference/beta/toc.yml @@ -18597,8 +18597,6 @@ items: href: api/learningcourseactivity-update.md - name: Delete href: api/learningcourseactivity-delete.md - - name: Error Codes - href: resource/learningcourseactivity-error-codes.md - name: Messaging items: - name: Activity feed diff --git a/api-reference/v1.0/toc.yml b/api-reference/v1.0/toc.yml index e27797249f2..a61bea98a70 100644 --- a/api-reference/v1.0/toc.yml +++ b/api-reference/v1.0/toc.yml @@ -9096,6 +9096,8 @@ items: href: api/learningcourseactivity-update.md - name: Delete href: api/learningcourseactivity-delete.md + - name: Error Codes + href: api/learningcourseactivity-error-codes.md - name: Messaging items: - name: Activity feed From a0a2ce6ec47dcf9b3d4497d23fde99ee18f3ba08 Mon Sep 17 00:00:00 2001 From: jagritee Date: Mon, 18 Dec 2023 22:55:50 +0530 Subject: [PATCH 056/156] update minor --- api-reference/v1.0/toc.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/toc.yml b/api-reference/v1.0/toc.yml index a61bea98a70..558c5a4c662 100644 --- a/api-reference/v1.0/toc.yml +++ b/api-reference/v1.0/toc.yml @@ -9097,7 +9097,7 @@ items: - name: Delete href: api/learningcourseactivity-delete.md - name: Error Codes - href: api/learningcourseactivity-error-codes.md + href: resources/learningcourseactivity-error-codes.md - name: Messaging items: - name: Activity feed From 50f60317b35aa2c00433e2a326e0400310c169a1 Mon Sep 17 00:00:00 2001 From: jagritee Date: Mon, 18 Dec 2023 23:08:55 +0530 Subject: [PATCH 057/156] camel cassing --- .../learningcourseactivity-error-codes.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index bc31eab5a38..229fb7482ee 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -21,9 +21,9 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| -|Multiple Field validations fail|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| +|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Multiple Field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| @@ -38,8 +38,8 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal server error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| ## Error codes and messages for get request fail @@ -52,8 +52,8 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| ## Error codes and messages for update request fail @@ -66,10 +66,10 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "TooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "ServiceUnavailable","message": "Retry after {noOfMinutes} minutes"}| -|Bad Request|400|BadRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| -|Bad Request|400|BadRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| -|Bad Request|400|BadRequest|BadRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| +|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Bad Request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| +|Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| +|Bad Request|400|badRequest|badRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| |Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file From 6e7ff60b460ff2978462207d13dc434d3e2c4d19 Mon Sep 17 00:00:00 2001 From: jagritee Date: Tue, 19 Dec 2023 00:00:52 +0530 Subject: [PATCH 058/156] build failure --- api-reference/v1.0/api/learningcourseactivity-get.md | 1 + 1 file changed, 1 insertion(+) diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index 0b7506fbc3e..c4c1330e0b0 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -299,3 +299,4 @@ Content-Type: application/json }, "status": "notStarted" } +``` From 3c7888409f9515f03d6618a1d2d41038e0062966 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Mon, 18 Dec 2023 13:10:12 -0600 Subject: [PATCH 059/156] Update learningcourseactivity-error-codes.md --- .../v1.0/resources/learningcourseactivity-error-codes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 229fb7482ee..32865cca5c2 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -1,5 +1,5 @@ --- -title: "Microsoft Graph LearningCourseActivity API error responses" +title: "LearningCourseActivity API error responses" description: "Errors in the Microsoft Graph LearningCourseActivity API returned when a request sent through the API fails." author: "jprasad" ms.localizationpriority: medium @@ -72,4 +72,4 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| |Bad Request|400|badRequest|badRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| -|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| \ No newline at end of file +|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| From 4dba69acd2299263000a6df8ab71d3e6045a3b17 Mon Sep 17 00:00:00 2001 From: Mike Norman <1462796+MichaelNorman@users.noreply.github.com> Date: Tue, 19 Dec 2023 09:26:06 +0700 Subject: [PATCH 060/156] Acrolinx and review pass. --- concepts/permissions-reference.md | 24 ++++++++++++------------ 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index 3da6ecce6f6..cd1517c8375 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -13,7 +13,7 @@ ms.date: 10/26/2023 # Microsoft Graph permissions reference -For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This topic lists the delegated and application permissions exposed by Microsoft Graph. For guidance about how to use the permissions, see the [Overview of Microsoft Graph permissions](permissions-overview.md). +For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists the delegated and application permissions exposed by Microsoft Graph. For guidance about how to use the permissions, see the [Overview of Microsoft Graph permissions](permissions-overview.md). To read information about all Microsoft Graph permissions programmatically, sign-in to an API client such as Graph Explorer using an account that has at least the *Application.Read.All* permission and run the following request. @@ -144,7 +144,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | e03cf23f-8056-446a-8994-7d93dfc8b50e | DisplayText | - | Read user activity statistics -| Description | - | Allows the app to read the signed-in user's activity statistics, such as how much time the user has spent on emails, in meetings, or in chat sessions. +| Description | - | Allows the app to read the signed-in user's activity statistics, such as how much time the user spent on emails, in meetings, or in chat sessions. | AdminConsentRequired | - | No --- @@ -210,7 +210,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | af281d3a-030d-4122-886e-146fb30a0413 | DisplayText | - | Read the trusted certificate authority configuration for applications -| Description | - | Allows the app to read the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. +| Description | - | Allows the app to read the trusted certificate authority configuration, which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. | AdminConsentRequired | - | Yes --- @@ -221,7 +221,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 4bae2ed4-473e-4841-a493-9829cfd51d48 | DisplayText | - | Read and write the trusted certificate authority configuration for applications -| Description | - | Allows the app to create, read, update and delete the trusted certificate authority configuration which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. +| Description | - | Allows the app to create, read, update and delete the trusted certificate authority configuration, which can be used to restrict application certificates based on their issuing authority, on behalf of the signed-in user. | AdminConsentRequired | - | Yes --- @@ -1775,8 +1775,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | c0b0103b-c053-4b2e-9973-9f3a544ec9b8 -| DisplayText | - | Read users' class assignments information without reading any feedback or outcomes -| Description | - | Allows the app to read assignments information on behalf of the user without reading any feedback or outcomes. +| DisplayText | - | Read users' class assignment information without reading any feedback or outcomes +| Description | - | Allows the app to read assignment information on behalf of the user without reading any feedback or outcomes. | AdminConsentRequired | - | Yes --- @@ -1786,8 +1786,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 6e0a958b-b7fc-4348-b7c4-a6ab9fd3dd0e | - -| DisplayText | Read all class assignments information without reading any feedback or outcomes | - -| Description | Allows the app to read all class assignments information for all users without a signed-in user without reading any feedback or outcomes. | - +| DisplayText | Read all class assignment information without reading any feedback or outcomes | - +| Description | Allows the app to read all class assignment information for all users without a signed-in user without reading any feedback or outcomes. | - | AdminConsentRequired | Yes | - --- @@ -1819,8 +1819,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | 2ef770a1-622a-47c4-93ee-28d6adbed3a0 -| DisplayText | - | Read and write users' class assignments information without impacting or reading any feedback or outcomes -| Description | - | Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. +| DisplayText | - | Read and write users' class assignment information without impacting or reading any feedback or outcomes +| Description | - | Allows the app to read and write assignment information on behalf of the user without affecting or reading any feedback or outcomes. | AdminConsentRequired | - | Yes --- @@ -1830,8 +1830,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | f431cc63-a2de-48c4-8054-a34bc093af84 | - -| DisplayText | Create, read, update, and delete all class assignments information without accessing or impacting any feedback or outcomes | - -| Allows the app to read and write assignments information on behalf of the user without affecting or reading any feedback or outcomes. | - +| DisplayText | Create, read, update, and delete all class assignment information without accessing or impacting any feedback or outcomes | - +| Allows the app to read and write assignment information on behalf of the user without affecting or reading any feedback or outcomes. | - | AdminConsentRequired | Yes | - --- From c048f1594b826bf1947f92c5417f80d7aa70fc48 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:44:34 +0530 Subject: [PATCH 061/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 32865cca5c2..9c061fda71f 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -35,7 +35,7 @@ This article describes error codes that are returned by the LearningCourseActivi |User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| |Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| -|Bad request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal server error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| From ee651fbe190ee73b76748307b8bf3e7abbd66100 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:45:57 +0530 Subject: [PATCH 062/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 9c061fda71f..e60d7709d71 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -72,4 +72,4 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| |Bad Request|400|badRequest|badRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| -|Forbidden|403|Forbidden|User License is not valid to perform the operation|When the user for which Assignment is being created does not have a premium license| +|Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| From ae7f9ab27b6dcac170349cfa0579d548ca1132bf Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:46:54 +0530 Subject: [PATCH 063/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index e60d7709d71..999669ac521 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -71,5 +71,5 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| |Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| |Bad Request|400|badRequest|badRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| -|Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the LearningContent is created| +|Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| |Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| From eecfdd68fad5e3fd79df0967570fbbcd9818c79d Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:47:15 +0530 Subject: [PATCH 064/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 999669ac521..73b7b69cbb2 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -70,6 +70,6 @@ This article describes error codes that are returned by the LearningCourseActivi |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| |Bad Request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| |Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| -|Bad Request|400|badRequest|badRequest|{"code": "badRequest","message": "Input Field {fieldName} shouldn't be empty"}| +|Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| |Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| From 7d8bc7357c72f5dd02e1e6067f94ab04a34a2eca Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:47:38 +0530 Subject: [PATCH 065/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 73b7b69cbb2..a6ee8f0309b 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -69,7 +69,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| |Bad Request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| -|Bad Request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input Field {fieldName} is invalid"}| +|Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| |Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| |Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| From 76db94f78c6e95dd2bd6df9d0518c5ee408385f8 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 12:47:55 +0530 Subject: [PATCH 066/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index a6ee8f0309b..8775c3d57be 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -68,7 +68,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| -|Bad Request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input Field {fieldName} is required"}| +|Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| |Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| |Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| |Forbidden|403|Forbidden|The provider is not valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| From b3f5e0dc07baaca4744b88b71b1323f1cce17755 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 13:51:24 +0530 Subject: [PATCH 067/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 8775c3d57be..dde311c0f19 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -67,7 +67,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| |Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| |Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| From 80c91acff3c055d31d2be75c5fce20635620f095 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 13:52:01 +0530 Subject: [PATCH 068/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index dde311c0f19..496c3826aa0 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -62,7 +62,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| -|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| From 2d0a634f6c08b2942c20b5b08246beb4b8887835 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:05:30 +0530 Subject: [PATCH 069/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 496c3826aa0..79b206f847b 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -64,7 +64,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| -|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Bad request|404|Not found|The assignment ID requested doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| From aec19a85f42c8bc992d4fcdbdf6714af07f74358 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:06:04 +0530 Subject: [PATCH 070/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 79b206f847b..401efaa5151 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -66,7 +66,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not found|The assignment ID requested doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| |Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| From e0a608f59123b2ce451185faad9ed12c62b1591d Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:11:08 +0530 Subject: [PATCH 071/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 401efaa5151..6f187badeaa 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -1,5 +1,5 @@ --- -title: "LearningCourseActivity API error responses" +title: "Error Responses in the LearningCourseActivity API" description: "Errors in the Microsoft Graph LearningCourseActivity API returned when a request sent through the API fails." author: "jprasad" ms.localizationpriority: medium From 0a56610d4ca7e7a4746b4d5fa062ad2cd9484610 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:15:07 +0530 Subject: [PATCH 072/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 6f187badeaa..2af8b53e51d 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -65,7 +65,7 @@ This article describes error codes that are returned by the LearningCourseActivi |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not found|The assignment ID requested doesn’t exist.| -|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Internal server error|500|Internal server error|Internal server error| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| From 765fb081252f7cf47795393e0ee4c7f20680d21c Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:17:37 +0530 Subject: [PATCH 073/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 2af8b53e51d..3ddd1720401 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -1,6 +1,6 @@ --- title: "Error Responses in the LearningCourseActivity API" -description: "Errors in the Microsoft Graph LearningCourseActivity API returned when a request sent through the API fails." +description: "This article describes error codes that are returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails." author: "jprasad" ms.localizationpriority: medium ms.prod: "employee-learning" From a282459dd8ef1b3e304fa34838725974ed141534 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:17:53 +0530 Subject: [PATCH 074/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 3ddd1720401..2a894163342 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -7,7 +7,7 @@ ms.prod: "employee-learning" doc_type: conceptualPageType --- -# Microsoft Graph LearningCourseActivity API error responses +#Error Responses in the LearningCourseActivity API Namespace: microsoft.graph From 65bb6adfa43e3492dd85683c4d841553fce7c087 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:18:24 +0530 Subject: [PATCH 075/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 2a894163342..b2ec15c8b6f 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -11,7 +11,7 @@ doc_type: conceptualPageType Namespace: microsoft.graph -This article describes error codes that are returned by the LearningCourseActivity APIs in Microsoft Graph when a request sent through these APIs fails. +This article describes error codes that are returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails. ## Error codes and messages for create request fail From 7ba08a9a089d1e83904b478e3c0e6f5009fe2110 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:19:09 +0530 Subject: [PATCH 076/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index b2ec15c8b6f..99a690a1dc7 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -47,7 +47,7 @@ This article describes error codes that are returned by the learningCourseActivi |:---|:---|:---|:---|:---| |Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't access to this report or data. Please contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| From 3bdd73e76851c391cb2af3af3a96dd76ead4a94d Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:19:29 +0530 Subject: [PATCH 077/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 99a690a1dc7..0a473d52d05 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -13,7 +13,7 @@ Namespace: microsoft.graph This article describes error codes that are returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails. -## Error codes and messages for create request fail +## Error codes and messages for failed create requests |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| From 8dc7e8c9564d3ace44e805abafe30ebfd9b2a667 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:41:29 +0530 Subject: [PATCH 078/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 0a473d52d05..23469fb559c 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -17,7 +17,7 @@ This article describes error codes that are returned by the learningCourseActivi |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| From 15ea6113099ece45ddabefd2e280257e2503a74f Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:42:20 +0530 Subject: [PATCH 079/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 23469fb559c..9a64236469d 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -21,7 +21,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| |Multiple Field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| From 411fcc20d54c0d31dbb0e768b98895daabc052f4 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:43:19 +0530 Subject: [PATCH 080/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 9a64236469d..23fb6b07c7d 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -63,7 +63,7 @@ This article describes error codes that are returned by the learningCourseActivi |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| -|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not found|The assignment ID requested doesn’t exist.| |Internal server error|500|Internal server error|Internal server error| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| From e06e1d89a42c83620dac7674b3f9ecd4a19a20d2 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 14:50:41 +0530 Subject: [PATCH 081/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 23fb6b07c7d..dfbaf4427a8 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -61,7 +61,7 @@ This article describes error codes that are returned by the learningCourseActivi |:---|:---|:---|:---|:---| |Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad request|404|Not found|The assignment ID requested doesn’t exist.| From 86834b386cae296d8957c4ae77b8ca63496f276e Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:08:37 +0530 Subject: [PATCH 082/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index dfbaf4427a8..048605b9b7b 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -59,7 +59,7 @@ This article describes error codes that are returned by the learningCourseActivi |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| From 998d4fd89423985899e39d09dd65a8eedd6288c9 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:09:13 +0530 Subject: [PATCH 083/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 048605b9b7b..f60e3a45c67 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -18,7 +18,7 @@ This article describes error codes that are returned by the learningCourseActivi |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| From 949df938a65e148c850dbcf6ad7583eb87e57a43 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:09:31 +0530 Subject: [PATCH 084/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index f60e3a45c67..9310838861e 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -19,7 +19,7 @@ This article describes error codes that are returned by the learningCourseActivi |:---|:---|:---|:---|:---| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| -|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| From 3ab1d08eab54804af104538d8dddb4c2b7dda43f Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 15:10:07 +0530 Subject: [PATCH 085/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 9310838861e..f136ecd78c5 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -20,7 +20,7 @@ This article describes error codes that are returned by the learningCourseActivi |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| -|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| |Multiple Field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| From 9eaaf54ab149df3ed09345a6593cb3b6999498f2 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:34:52 +0530 Subject: [PATCH 086/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index f136ecd78c5..cdee9a4b364 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -22,7 +22,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| -|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Multiple Field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| From 747d7ffdddb52243959bbb2adeeb7b4f8e9ed32d Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:40:56 +0530 Subject: [PATCH 087/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index cdee9a4b364..cd0f55eea52 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -23,7 +23,7 @@ This article describes error codes that are returned by the learningCourseActivi |Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| -|Multiple Field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input Field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}| +|Multiple field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}.| |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| |Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| From e11ea8cfcbfd8d51a83e7116c495747cf0f51846 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 16:41:09 +0530 Subject: [PATCH 088/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index cd0f55eea52..390eb269a12 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -37,7 +37,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| -|Internal server error|500|Internal Server Error|Internal Server Error| +|Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| From 964ac797bad17623e25ad23a2c77fabd67ef03fc Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:45:37 +0530 Subject: [PATCH 089/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 390eb269a12..8b20b17daa4 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -24,7 +24,7 @@ This article describes error codes that are returned by the learningCourseActivi |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Multiple field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}.| -|Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesnot match with the provider with which the LearningContent is created| +|Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match the provider with which the learningContent is created.| |Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| ## Error codes and messages for delete request fail From 58b68dca0a0a8bff5edf0116fc2e5a4aa5f94648 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:46:46 +0530 Subject: [PATCH 090/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 8b20b17daa4..a2109579d98 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -27,7 +27,7 @@ This article describes error codes that are returned by the learningCourseActivi |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match the provider with which the learningContent is created.| |Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| -## Error codes and messages for delete request fail +## Error codes and messages for failed delete requests |Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| From 0302ee7dea29c2f2f7312b2ca310b26aa9ba4531 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:47:05 +0530 Subject: [PATCH 091/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index a2109579d98..d0fad9763be 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -31,7 +31,7 @@ This article describes error codes that are returned by the learningCourseActivi |Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| |Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| From a12e2f52db54fa5370c7f034ede7388b09d79886 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:47:28 +0530 Subject: [PATCH 092/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index d0fad9763be..8b373bb88c4 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -34,7 +34,7 @@ This article describes error codes that are returned by the learningCourseActivi |Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| -|Bad request|400|Bad Request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal server error|500|Internal server error|Internal server error.| From 47e6d4d6d3c722d35d104c773bfa370991cb074f Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:47:56 +0530 Subject: [PATCH 093/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 8b373bb88c4..ad031008dd2 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -25,7 +25,7 @@ This article describes error codes that are returned by the learningCourseActivi |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Multiple field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}.| |Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match the provider with which the learningContent is created.| -|Forbidden|403|User License isn't valid to perform the operation|When the user for which Assignment is being created doesn't have a premium license| +|Forbidden|403|The user license isn't valid to perform the operation|When the user for which the assignment is being created doesn't have a premium license.| ## Error codes and messages for failed delete requests From f7370b7ead4230a3c54e960e7eb28eba5f0059fc Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:48:30 +0530 Subject: [PATCH 094/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index ad031008dd2..7a028d23bf4 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -55,7 +55,7 @@ This article describes error codes that are returned by the learningCourseActivi |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| -## Error codes and messages for update request fail +## Error codes and messages for failed update requests |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| From 8c298639f2aa896adb1970fd6ec3c2383c9b84b8 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:48:47 +0530 Subject: [PATCH 095/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 7a028d23bf4..d9d49d28c93 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -45,7 +45,7 @@ This article describes error codes that are returned by the learningCourseActivi |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| -|Method not supported for entity|405|MethodNotAllowed|This method isn't supported for this entity type. Reference the Microsoft Graph documentation for the methods applicable to this entity| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| From b279552df11f455f446d7c13b81cb87c3d6be1ef Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:49:23 +0530 Subject: [PATCH 096/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index d9d49d28c93..efbca904f41 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -33,7 +33,7 @@ This article describes error codes that are returned by the learningCourseActivi |:---|:---|:---|:---|:---| |Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have a service plan adequate for this request.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| From 23bee27e315a78d4b4db53e54fda0e2d28f00bc5 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:50:00 +0530 Subject: [PATCH 097/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index efbca904f41..eb52f0d406e 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -53,7 +53,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service Unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| ## Error codes and messages for failed update requests From 8cd5152a87343e970a1bbcda7a43359895078935 Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:50:25 +0530 Subject: [PATCH 098/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index eb52f0d406e..fd3aefb8d72 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -36,7 +36,8 @@ This article describes error codes that are returned by the learningCourseActivi |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|Bad request|This provider isn't enabled for the given tenant.| |Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| -|Bad request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Bad request|404|Not found|The requested assignment ID doesn’t exist.| +```d |Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| |Service unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| From 2df75b3cfc67b421d6ab5b75d0136422c541c6da Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:51:05 +0530 Subject: [PATCH 099/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index fd3aefb8d72..77dff798888 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -53,7 +53,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| |Internal Server Error|500|Internal Server Error|Internal Server Error| -|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| ## Error codes and messages for failed update requests From bddaf4fa6410f6498d33e4d920258a85c799beae Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:51:19 +0530 Subject: [PATCH 100/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 77dff798888..ee176e6ed8e 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -52,7 +52,7 @@ This article describes error codes that are returned by the learningCourseActivi |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| |Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| -|Internal Server Error|500|Internal Server Error|Internal Server Error| +|Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| From 1e70cec83ee0a4039f91dd1beb26801e2c36a15f Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:51:41 +0530 Subject: [PATCH 101/156] Update api-reference/v1.0/resources/learningcourseactivity-error-codes.md Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../v1.0/resources/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index ee176e6ed8e..3c92382669b 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -51,7 +51,7 @@ This article describes error codes that are returned by the learningCourseActivi |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| |Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| -|Bad Request|404|Not Found|The requested assignment {id} doesn’t exist.| +|Bad request|404|Not found|The requested assignment ID doesn’t exist.| |Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| |Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| From 68dad6be2864da28835087cc6de7adc15922143a Mon Sep 17 00:00:00 2001 From: jprasad <121279111+jagriteeMS@users.noreply.github.com> Date: Tue, 19 Dec 2023 17:54:29 +0530 Subject: [PATCH 102/156] Apply suggestions from code review Co-authored-by: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> --- .../resources/learningcourseactivity-error-codes.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md index 3c92382669b..ddcc26e90f7 100644 --- a/api-reference/v1.0/resources/learningcourseactivity-error-codes.md +++ b/api-reference/v1.0/resources/learningcourseactivity-error-codes.md @@ -39,18 +39,18 @@ This article describes error codes that are returned by the learningCourseActivi |Bad request|404|Not found|The requested assignment ID doesn’t exist.| ```d |Internal server error|500|Internal server error|Internal server error.| -|Request throttled|429|Too Many Requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}| -|Service unavailable|503|Service Unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}| +|Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| +|Service unavailable|503|Service unavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| -## Error codes and messages for get request fail +## Error codes and messages for failed get requests |Scenario|HTTP Code|Code|Message|Details| |:---|:---|:---|:---|:---| |Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| -|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't access to this report or data. Please contact your global administrator to request access.| +|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Please contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad Request|400|Bad Request|This provider isn't enabled for the given tenant.| -|Bad Request|400|Bad Request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|400|Bad request|This provider isn't enabled for the given tenant.| +|Bad request|400|Bad request|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|Not found|The requested assignment ID doesn’t exist.| |Internal server error|500|Internal server error|Internal server error.| |Request throttled|429|Too many requests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| From ba4fa7266ed82627ebfd73684b3c86953d3b29e6 Mon Sep 17 00:00:00 2001 From: Microsoft Graph DevX Tooling Date: Tue, 19 Dec 2023 12:50:02 +0000 Subject: [PATCH 103/156] Update generated files with build 130667 --- api-reference/beta/api/community-get.md | 31 +++++++ api-reference/beta/api/daynote-update.md | 1 - .../api/devicemanagement-alertrule-post.md | 8 ++ .../api/devicemanagement-alertrule-update.md | 8 ++ .../api/deviceregistrationpolicy-update.md | 4 + .../employeeexperience-post-communities.md | 62 +++++++++++++ .../beta/api/engagementasyncoperation-get.md | 31 +++++++ .../beta/api/goals-list-exportjobs.md | 3 - .../beta/api/goals-post-exportjobs.md | 4 - api-reference/beta/api/goalsexportjob-get.md | 6 -- ...licensedetails-getteamslicensingdetails.md | 31 +++++++ .../api/m365appsinstallationoptions-get.md | 31 +++++++ .../api/m365appsinstallationoptions-update.md | 31 +++++++ api-reference/beta/api/teamwork-get.md | 35 +++++++ api-reference/beta/api/userteamwork-get.md | 35 +++++++ ...rtualendpoint-post-provisioningpolicies.md | 4 + ...community-from-app-only-e2-cli-snippets.md | 18 ++++ ...-community-from-minimal-e1-cli-snippets.md | 15 +++ .../cli/get-community-cli-snippets.md | 10 ++ ...t-engagementasyncoperation-cli-snippets.md | 10 ++ ...365appsinstallationoptions-cli-snippets.md | 10 ++ ...ksettings-for-organization-cli-snippets.md | 10 ++ ...rteamworksettings-for-user-cli-snippets.md | 10 ++ ...365appsinstallationoptions-cli-snippets.md | 13 +++ ...et-teams-licensing-details-cli-snippets.md | 10 ++ ...oudpcprovisioningpolicy-csharp-snippets.md | 7 +- ...munity-from-app-only-e2-csharp-snippets.md | 32 +++++++ ...mmunity-from-minimal-e1-csharp-snippets.md | 23 +++++ .../csharp/get-community-csharp-snippets.md | 13 +++ ...ngagementasyncoperation-csharp-snippets.md | 13 +++ ...appsinstallationoptions-csharp-snippets.md | 13 +++ ...ttings-for-organization-csharp-snippets.md | 13 +++ ...amworksettings-for-user-csharp-snippets.md | 13 +++ .../csharp/post-alertrule-csharp-snippets.md | 27 +++--- .../update-alertrule-csharp-snippets.md | 27 +++--- ...appsinstallationoptions-csharp-snippets.md | 21 +++++ ...teams-licensing-details-csharp-snippets.md | 13 +++ ...m-cloudpcprovisioningpolicy-go-snippets.md | 6 +- ...-community-from-app-only-e2-go-snippets.md | 35 +++++++ ...e-community-from-minimal-e1-go-snippets.md | 29 ++++++ .../snippets/go/get-community-go-snippets.md | 21 +++++ ...et-engagementasyncoperation-go-snippets.md | 21 +++++ ...m365appsinstallationoptions-go-snippets.md | 21 +++++ ...rksettings-for-organization-go-snippets.md | 21 +++++ ...erteamworksettings-for-user-go-snippets.md | 21 +++++ .../snippets/go/post-alertrule-go-snippets.md | 93 +++++++++++++++++++ .../go/update-alertrule-go-snippets.md | 83 +++++++++++++++++ ...m365appsinstallationoptions-go-snippets.md | 25 +++++ ...get-teams-licensing-details-go-snippets.md | 21 +++++ ...naccessiblecloudpcreports-java-snippets.md | 1 + ...cationeventlistener-from--java-snippets.md | 2 +- ...cloudpcprovisioningpolicy-java-snippets.md | 41 ++++++++ ...ommunity-from-app-only-e2-java-snippets.md | 19 ++++ ...community-from-minimal-e1-java-snippets.md | 18 ++++ .../java/get-community-java-snippets.md | 13 +++ ...-engagementasyncoperation-java-snippets.md | 13 +++ ...65appsinstallationoptions-java-snippets.md | 13 +++ ...settings-for-organization-java-snippets.md | 13 +++ ...teamworksettings-for-user-java-snippets.md | 13 +++ .../listitem-createlink-3-java-snippets.md | 1 + ...e-company-shareable-links-java-snippets.md | 1 + ...r-itemid-in-specific-list-java-snippets.md | 1 + .../java/post-alertrule-java-snippets.md | 52 +++++++++++ .../java/update-alertrule-java-snippets.md | 47 ++++++++++ ...-deviceregistrationpolicy-java-snippets.md | 38 ++++++++ ...65appsinstallationoptions-java-snippets.md | 16 ++++ ...t-teams-licensing-details-java-snippets.md | 14 +++ ...ty-from-app-only-e2-javascript-snippets.md | 26 ++++++ ...ity-from-minimal-e1-javascript-snippets.md | 23 +++++ .../get-community-javascript-snippets.md | 17 ++++ ...ementasyncoperation-javascript-snippets.md | 17 ++++ ...installationoptions-javascript-snippets.md | 17 ++++ ...gs-for-organization-javascript-snippets.md | 17 ++++ ...rksettings-for-user-javascript-snippets.md | 17 ++++ ...eregistrationpolicy-javascript-snippets.md | 16 ++-- ...installationoptions-javascript-snippets.md | 21 +++++ ...s-licensing-details-javascript-snippets.md | 17 ++++ ...-cloudpcprovisioningpolicy-php-snippets.md | 5 +- ...community-from-app-only-e2-php-snippets.md | 24 +++++ ...-community-from-minimal-e1-php-snippets.md | 19 ++++ .../php/get-community-php-snippets.md | 15 +++ ...t-engagementasyncoperation-php-snippets.md | 15 +++ ...365appsinstallationoptions-php-snippets.md | 15 +++ ...ksettings-for-organization-php-snippets.md | 15 +++ ...rteamworksettings-for-user-php-snippets.md | 15 +++ .../php/post-alertrule-php-snippets.md | 23 ++--- .../php/update-alertrule-php-snippets.md | 23 ++--- ...365appsinstallationoptions-php-snippets.md | 17 ++++ ...et-teams-licensing-details-php-snippets.md | 15 +++ ...gs-for-organization-powershell-snippets.md | 11 +++ ...rksettings-for-user-powershell-snippets.md | 11 +++ .../post-alertrule-powershell-snippets.md | 7 ++ .../update-alertrule-powershell-snippets.md | 7 ++ ...oudpcprovisioningpolicy-python-snippets.md | 4 +- ...munity-from-app-only-e2-python-snippets.md | 25 +++++ ...mmunity-from-minimal-e1-python-snippets.md | 20 ++++ .../python/get-community-python-snippets.md | 15 +++ ...ngagementasyncoperation-python-snippets.md | 15 +++ ...appsinstallationoptions-python-snippets.md | 15 +++ ...ttings-for-organization-python-snippets.md | 15 +++ ...amworksettings-for-user-python-snippets.md | 15 +++ .../python/post-alertrule-python-snippets.md | 20 ++-- .../update-alertrule-python-snippets.md | 20 ++-- ...appsinstallationoptions-python-snippets.md | 18 ++++ ...teams-licensing-details-python-snippets.md | 15 +++ .../v1.0/api/attendancerecord-list.md | 35 +++++++ .../v1.0/api/meetingattendancereport-get.md | 35 +++++++ .../v1.0/api/meetingattendancereport-list.md | 35 +++++++ .../v1.0/api/virtualeventregistration-get.md | 35 +++++++ .../v1.0/api/virtualeventsession-get.md | 35 +++++++ .../api/virtualeventsroot-list-webinars.md | 35 +++++++ .../v1.0/api/virtualeventwebinar-get.md | 35 +++++++ .../virtualeventwebinar-getbyuseridandrole.md | 35 +++++++ .../api/virtualeventwebinar-getbyuserrole.md | 35 +++++++ .../virtualeventwebinar-list-registrations.md | 35 +++++++ ...rtualeventattendancereport-cli-snippets.md | 10 ++ ...t-virtualeventregistration-cli-snippets.md | 10 ++ .../get-virtualeventsession-cli-snippets.md | 10 ++ ...virtualeventsession-record-cli-snippets.md | 10 ++ .../get-virtualeventwebinar-cli-snippets.md | 10 ++ ...tualevent-attendancereport-cli-snippets.md | 10 ++ ...t-virtualeventregistration-cli-snippets.md | 10 ++ .../list-virtualeventwebinars-cli-snippets.md | 10 ++ ...inarthisgetbyuseridandrole-cli-snippets.md | 10 ++ ...ntwebinarthisgetbyuserrole-cli-snippets.md | 10 ++ ...aleventattendancereport-csharp-snippets.md | 13 +++ ...irtualeventregistration-csharp-snippets.md | 13 +++ ...get-virtualeventsession-csharp-snippets.md | 13 +++ ...tualeventsession-record-csharp-snippets.md | 13 +++ ...get-virtualeventwebinar-csharp-snippets.md | 13 +++ ...levent-attendancereport-csharp-snippets.md | 13 +++ ...irtualeventregistration-csharp-snippets.md | 13 +++ ...st-virtualeventwebinars-csharp-snippets.md | 13 +++ ...rthisgetbyuseridandrole-csharp-snippets.md | 13 +++ ...ebinarthisgetbyuserrole-csharp-snippets.md | 13 +++ ...irtualeventattendancereport-go-snippets.md | 21 +++++ ...et-virtualeventregistration-go-snippets.md | 21 +++++ .../go/get-virtualeventsession-go-snippets.md | 21 +++++ ...-virtualeventsession-record-go-snippets.md | 21 +++++ .../go/get-virtualeventwebinar-go-snippets.md | 21 +++++ ...rtualevent-attendancereport-go-snippets.md | 21 +++++ ...st-virtualeventregistration-go-snippets.md | 21 +++++ .../list-virtualeventwebinars-go-snippets.md | 21 +++++ ...binarthisgetbyuseridandrole-go-snippets.md | 21 +++++ ...entwebinarthisgetbyuserrole-go-snippets.md | 22 +++++ ...tualeventattendancereport-java-snippets.md | 13 +++ ...-virtualeventregistration-java-snippets.md | 13 +++ .../get-virtualeventsession-java-snippets.md | 13 +++ ...irtualeventsession-record-java-snippets.md | 13 +++ .../get-virtualeventwebinar-java-snippets.md | 13 +++ ...ualevent-attendancereport-java-snippets.md | 13 +++ ...-virtualeventregistration-java-snippets.md | 13 +++ ...list-virtualeventwebinars-java-snippets.md | 13 +++ ...narthisgetbyuseridandrole-java-snippets.md | 18 ++++ ...twebinarthisgetbyuserrole-java-snippets.md | 17 ++++ ...entattendancereport-javascript-snippets.md | 16 ++++ ...aleventregistration-javascript-snippets.md | 16 ++++ ...virtualeventsession-javascript-snippets.md | 16 ++++ ...eventsession-record-javascript-snippets.md | 16 ++++ ...virtualeventwebinar-javascript-snippets.md | 16 ++++ ...nt-attendancereport-javascript-snippets.md | 16 ++++ ...aleventregistration-javascript-snippets.md | 16 ++++ ...irtualeventwebinars-javascript-snippets.md | 17 ++++ ...sgetbyuseridandrole-javascript-snippets.md | 16 ++++ ...arthisgetbyuserrole-javascript-snippets.md | 16 ++++ ...rtualeventattendancereport-php-snippets.md | 15 +++ ...t-virtualeventregistration-php-snippets.md | 15 +++ .../get-virtualeventsession-php-snippets.md | 15 +++ ...virtualeventsession-record-php-snippets.md | 15 +++ .../get-virtualeventwebinar-php-snippets.md | 15 +++ ...tualevent-attendancereport-php-snippets.md | 15 +++ ...t-virtualeventregistration-php-snippets.md | 15 +++ .../list-virtualeventwebinars-php-snippets.md | 15 +++ ...inarthisgetbyuseridandrole-php-snippets.md | 15 +++ ...ntwebinarthisgetbyuserrole-php-snippets.md | 15 +++ ...entattendancereport-powershell-snippets.md | 11 +++ ...aleventregistration-powershell-snippets.md | 11 +++ ...virtualeventsession-powershell-snippets.md | 11 +++ ...eventsession-record-powershell-snippets.md | 11 +++ ...virtualeventwebinar-powershell-snippets.md | 11 +++ ...nt-attendancereport-powershell-snippets.md | 11 +++ ...aleventregistration-powershell-snippets.md | 11 +++ ...irtualeventwebinars-powershell-snippets.md | 11 +++ ...sgetbyuseridandrole-powershell-snippets.md | 11 +++ ...arthisgetbyuserrole-powershell-snippets.md | 11 +++ ...aleventattendancereport-python-snippets.md | 15 +++ ...irtualeventregistration-python-snippets.md | 15 +++ ...get-virtualeventsession-python-snippets.md | 15 +++ ...tualeventsession-record-python-snippets.md | 15 +++ ...get-virtualeventwebinar-python-snippets.md | 15 +++ ...levent-attendancereport-python-snippets.md | 15 +++ ...irtualeventregistration-python-snippets.md | 15 +++ ...st-virtualeventwebinars-python-snippets.md | 15 +++ ...rthisgetbyuseridandrole-python-snippets.md | 15 +++ ...ebinarthisgetbyuserrole-python-snippets.md | 15 +++ 195 files changed, 3363 insertions(+), 119 deletions(-) create mode 100644 api-reference/beta/includes/snippets/cli/create-community-from-app-only-e2-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/create-community-from-minimal-e1-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/get-community-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/get-engagementasyncoperation-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/get-m365appsinstallationoptions-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/get-teamworksettings-for-organization-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/get-userteamworksettings-for-user-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/update-m365appsinstallationoptions-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/cli/user-get-teams-licensing-details-cli-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/create-community-from-app-only-e2-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/create-community-from-minimal-e1-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/get-community-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/get-engagementasyncoperation-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/get-m365appsinstallationoptions-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/get-teamworksettings-for-organization-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/get-userteamworksettings-for-user-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/update-m365appsinstallationoptions-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/csharp/user-get-teams-licensing-details-csharp-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/create-community-from-app-only-e2-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/create-community-from-minimal-e1-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/get-community-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/get-engagementasyncoperation-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/get-m365appsinstallationoptions-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/get-teamworksettings-for-organization-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/get-userteamworksettings-for-user-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/post-alertrule-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/update-alertrule-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/update-m365appsinstallationoptions-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/go/user-get-teams-licensing-details-go-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/create-cloudpcprovisioningpolicy-from-cloudpcprovisioningpolicy-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/create-community-from-app-only-e2-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/create-community-from-minimal-e1-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/get-community-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/get-engagementasyncoperation-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/get-m365appsinstallationoptions-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/get-teamworksettings-for-organization-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/get-userteamworksettings-for-user-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/post-alertrule-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/update-alertrule-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/update-deviceregistrationpolicy-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/update-m365appsinstallationoptions-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/java/user-get-teams-licensing-details-java-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/create-community-from-app-only-e2-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/create-community-from-minimal-e1-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/get-community-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/get-engagementasyncoperation-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/get-m365appsinstallationoptions-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/get-teamworksettings-for-organization-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/get-userteamworksettings-for-user-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/update-m365appsinstallationoptions-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/javascript/user-get-teams-licensing-details-javascript-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/create-community-from-app-only-e2-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/create-community-from-minimal-e1-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/get-community-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/get-engagementasyncoperation-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/get-m365appsinstallationoptions-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/get-teamworksettings-for-organization-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/get-userteamworksettings-for-user-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/update-m365appsinstallationoptions-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/php/user-get-teams-licensing-details-php-snippets.md create mode 100644 api-reference/beta/includes/snippets/powershell/get-teamworksettings-for-organization-powershell-snippets.md create mode 100644 api-reference/beta/includes/snippets/powershell/get-userteamworksettings-for-user-powershell-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/create-community-from-app-only-e2-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/create-community-from-minimal-e1-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/get-community-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/get-engagementasyncoperation-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/get-m365appsinstallationoptions-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/get-teamworksettings-for-organization-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/get-userteamworksettings-for-user-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/update-m365appsinstallationoptions-python-snippets.md create mode 100644 api-reference/beta/includes/snippets/python/user-get-teams-licensing-details-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/get-virtualeventattendancereport-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/get-virtualeventregistration-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/get-virtualeventsession-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/get-virtualeventsession-record-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/get-virtualeventwebinar-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/list-virtualevent-attendancereport-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/list-virtualeventregistration-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/list-virtualeventwebinars-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/virtualeventwebinarthisgetbyuseridandrole-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/cli/virtualeventwebinarthisgetbyuserrole-cli-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/get-virtualeventattendancereport-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/get-virtualeventregistration-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/get-virtualeventsession-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/get-virtualeventsession-record-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/get-virtualeventwebinar-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/list-virtualevent-attendancereport-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/list-virtualeventregistration-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/list-virtualeventwebinars-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/virtualeventwebinarthisgetbyuseridandrole-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/csharp/virtualeventwebinarthisgetbyuserrole-csharp-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/get-virtualeventattendancereport-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/get-virtualeventregistration-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/get-virtualeventsession-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/get-virtualeventsession-record-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/get-virtualeventwebinar-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/list-virtualevent-attendancereport-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/list-virtualeventregistration-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/list-virtualeventwebinars-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/virtualeventwebinarthisgetbyuseridandrole-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/go/virtualeventwebinarthisgetbyuserrole-go-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/get-virtualeventattendancereport-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/get-virtualeventregistration-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/get-virtualeventsession-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/get-virtualeventsession-record-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/get-virtualeventwebinar-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/list-virtualevent-attendancereport-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/list-virtualeventregistration-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/list-virtualeventwebinars-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/virtualeventwebinarthisgetbyuseridandrole-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/java/virtualeventwebinarthisgetbyuserrole-java-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/get-virtualeventattendancereport-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/get-virtualeventregistration-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/get-virtualeventsession-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/get-virtualeventsession-record-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/get-virtualeventwebinar-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/list-virtualevent-attendancereport-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/list-virtualeventregistration-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/list-virtualeventwebinars-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/virtualeventwebinarthisgetbyuseridandrole-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/javascript/virtualeventwebinarthisgetbyuserrole-javascript-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/get-virtualeventattendancereport-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/get-virtualeventregistration-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/get-virtualeventsession-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/get-virtualeventsession-record-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/get-virtualeventwebinar-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/list-virtualevent-attendancereport-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/list-virtualeventregistration-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/list-virtualeventwebinars-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/virtualeventwebinarthisgetbyuseridandrole-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/php/virtualeventwebinarthisgetbyuserrole-php-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/get-virtualeventattendancereport-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/get-virtualeventregistration-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/get-virtualeventsession-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/get-virtualeventsession-record-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/get-virtualeventwebinar-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/list-virtualevent-attendancereport-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/list-virtualeventregistration-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/list-virtualeventwebinars-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/virtualeventwebinarthisgetbyuseridandrole-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/powershell/virtualeventwebinarthisgetbyuserrole-powershell-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/get-virtualeventattendancereport-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/get-virtualeventregistration-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/get-virtualeventsession-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/get-virtualeventsession-record-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/get-virtualeventwebinar-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/list-virtualevent-attendancereport-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/list-virtualeventregistration-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/list-virtualeventwebinars-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/virtualeventwebinarthisgetbyuseridandrole-python-snippets.md create mode 100644 api-reference/v1.0/includes/snippets/python/virtualeventwebinarthisgetbyuserrole-python-snippets.md diff --git a/api-reference/beta/api/community-get.md b/api-reference/beta/api/community-get.md index 7b566aa92e8..82fd97320bf 100644 --- a/api-reference/beta/api/community-get.md +++ b/api-reference/beta/api/community-get.md @@ -60,6 +60,7 @@ If successful, this method returns a `200 OK` response code and a [community](.. The following example shows a request. +# [HTTP](#tab/http) [!INCLUDE [permissions-table](../includes/permissions/changetrackedentity-stagefordeletion-permissions.md)] ## HTTP request + +``` http +POST /teams/{teamsId}/schedule/shifts/{shiftId}/stageForDeletion +``` + +``` http +POST /teams/{teamsId}/schedule/timesOff/{timeOffId}/stageForDeletion +``` + ## Request headers |Name|Description| @@ -59,7 +77,17 @@ The following example shows a request. +``` http +POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/shifts/SHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion +``` + + @@ -67,6 +95,16 @@ The following example shows a request. POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/openShifts/OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion ``` + +``` http +POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/timesOff/SHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion +``` + ### Response The following example shows the response. diff --git a/api-reference/beta/api/team-getopenshifts.md b/api-reference/beta/api/team-getopenshifts.md index d5be353d6b8..46a9d391df1 100644 --- a/api-reference/beta/api/team-getopenshifts.md +++ b/api-reference/beta/api/team-getopenshifts.md @@ -13,7 +13,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Get a list of [openShift](../resources/openshift.md) objects from across all schedules a user has access to. +Get all [openShifts](../resources/openshift.md) across all teams a user is a direct member of. ## Permissions @@ -39,10 +39,10 @@ GET /users/{id | user-principal-name}/joinedTeams/getOpenShifts ## Optional query parameters -This method supports the `$filter` [OData query parameter](/graph/query-parameters) to help customize the response. +This method supports the `$top` and `$filter` [OData query parameters](/graph/query-parameters) to help customize the response. > [!NOTE] -> The `$filter` parameter doesn't support the use of the same property more than once in a query. For example, the following query doesn't work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/startDateTime le 2024-05-09T23:59:59Z`; however, the following query works: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/endDateTime le 2024-05-09T23:59:59Z`. +> The `$filter` parameter supports the `sharedOpenShift/startDateTime`, `sharedOpenShift/endDateTime`, and `teamId` properties. It doesn't support the use of the same property more than once in a query. For example, the following query doesn't work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/startDateTime le 2024-05-09T23:59:59Z`; however, the following query works: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/endDateTime le 2024-05-09T23:59:59Z`. ## Request headers diff --git a/api-reference/beta/resources/openshift.md b/api-reference/beta/resources/openshift.md index 4023fd1620e..64632d44dc5 100644 --- a/api-reference/beta/resources/openshift.md +++ b/api-reference/beta/resources/openshift.md @@ -18,31 +18,31 @@ Represents an unassigned open shift in a [schedule](../resources/schedule.md). Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). ## Methods -|Method|Return type|Description| -|:---|:---|:---| -|[List openShift](../api/openshift-list.md)|[openShift](../resources/openshift.md) collection|List [openShift](../resources/openshift.md) objects in a team.| -|[Create openShift](../api/openshift-post.md)|[openShift](../resources/openshift.md)|Create an instance of an [openShift](../resources/openshift.md) object.| -|[Get openShift](../api/openshift-get.md)|[openShift](../resources/openshift.md)|Retrieve the properties and relationships of an [openShift](../resources/openshift.md) object.| -|[Update openShift](../api/openshift-update.md)|[openShift](../resources/openshift.md)|Update the properties of an [openShift](../resources/openshift.md) object.| -|[Delete openShift](../api/openshift-delete.md)|None|Delete an [openShift](../resources/openshift.md) object.| -|[Get open shifts across all joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get a list of openShift objects from across all schedules the user has access to.| -|[Stage for deletion](../api/changetrackedentity-stagefordeletion.md)|None|Stage the deletion of an [openShift](../resources/openshift.md) instance in a [schedule](../resources/schedule.md) in draft mode.| +| Method | Return Type | Description | +| :---------------------------------------------------------------------- | :------------------------------------ | :------------------------------------------------------------------------------------------------ | +| [List openShifts](../api/openshift-list.md) | [openShift](openshift.md) collection | Get the list of **openShift** in a schedule. | +| [Create openShift](../api/openshift-post.md) | [openShift](openshift.md) | Create a new **openShift**. | +| [Get openShift](../api/openshift-get.md) | [openShift](openshift.md) | Get an **openShift** by ID. | +| [Update openShift](../api/openshift-update.md) | [openShift](openshift.md) | Update an **openShift**. | +| [Delete openShift](../api/openshift-delete.md) | None | Delete an **openShift** from the schedule. | +| [Get open shifts across all joined teams](../api/team-getopenshifts.md) | [openShift](openshift.md) collection | Get all **openShifts** across all teams a user is a direct member of. | +| [Stage for deletion](../api/changetrackedentity-stagefordeletion.md) | None | Stage the deletion of an [openShift](openshift.md) in a [schedule](schedule.md) in draft mode. | ## Properties -|Property|Type|Description| -|:---|:---|:---| -|createdBy|[identitySet](identityset.md)|Identity of the person who created the **openShift** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|createdDateTime|DateTimeOffset|Date and time when the **openShift** was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|draftOpenShift|[openShiftItem](../resources/openshiftitem.md)|Draft changes in the open shift which are only visible to managers until [shared](../api/schedule-share.md).| -|id|String| Unique identifier for the **openShift** object. Read-only. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|isStagedForDeletion|Boolean|The open shift is marked for deletion which are finalized when the schedule is [shared](../api/schedule-share.md).| -|lastModifiedBy|[identitySet](identityset.md)|Identity of the person who last modified the **openShift** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|lastModifiedDateTime|DateTimeOffset|Date and time when the **openShift** was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md).| -|schedulingGroupId|String|The ID of the scheduling group that contains the open shift.| -|schedulingGroupName|String|The name of the scheduling group that contains the open shift.| -|sharedOpenShift|[openShiftItem](../resources/openshiftitem.md)|Published changes in the open shift.| -|teamId|String|The ID of the team in which the open shift is located.| -|teamName|String|The name of the team in which the open shift is located.| +| Property | Type | Description | +|:----------------------|:----------------------------------|:--------------------------------------------------------------| +| createdBy | [identitySet](identityset.md) | Identity of the person who created the **openShift** object. Inherited from [changeTrackedEntity](changetrackedentity.md). | +| createdDateTime | DateTimeOffset | Date and time when the **openShift** was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](changetrackedentity.md). | +| draftOpenShift | [openShiftItem](openshiftitem.md) | Draft changes in the **openShift** are only visible to managers until they are [shared](../api/schedule-share.md). | +| id | String | Unique identifier for the **openShift** object. Read-only. Inherited from [changeTrackedEntity](changetrackedentity.md). | +| isStagedForDeletion | Boolean | The **openShift** is marked for deletion, a process that is finalized when the schedule is [shared](../api/schedule-share.md). | +| lastModifiedBy | [identitySet](identityset.md) | Identity of the person who last modified the **openShift** object. Inherited from [changeTrackedEntity](changetrackedentity.md).| +| lastModifiedDateTime | DateTimeOffset | Date and time when the **openShift** was last modified. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](changetrackedentity.md).| +| schedulingGroupId | String | The ID of the [schedulingGroup](schedulinggroup.md) that contains the **openShift**. | +| schedulingGroupName | String | The name of the [schedulingGroup](schedulinggroup.md) that contains the **openShift**.| +| sharedOpenShift | [openShiftItem](openshiftitem.md) | The shared version of this **openShift** that is viewable by both employees and managers. | +| teamId | String | The ID of the [team](team.md) in which the **openShift** is located. | +| teamName | String | The name of the [team](team.md) in which the **openShift** is located. | ## Relationships diff --git a/api-reference/beta/resources/shift.md b/api-reference/beta/resources/shift.md index 39a05f0cd61..dc868d568cf 100644 --- a/api-reference/beta/resources/shift.md +++ b/api-reference/beta/resources/shift.md @@ -19,24 +19,26 @@ The duration of a shift can't be less than 1 minute or longer than 24 hours. ## Methods -| Method | Return Type | Description | -| :--------------------------------------------- | :--------------------------- | :----------------------------------------- | -| [Create shift](../api/schedule-post-shifts.md) | [shift](shift.md) | Create a new **shift**. | -| [List shifts](../api/schedule-list-shifts.md) | [shift](shift.md) collection | Get the list of **shifts** in this schedule. | -| [Get shift](../api/shift-get.md) | [shift](shift.md) | Get a **shift** by ID. | -| [Replace shift](../api/shift-put.md) | [shift](shift.md) | Replace a **shift**. | -| [Delete shift](../api/shift-delete.md) | None | Delete a **shift** from the schedule. | +| Method | Return Type | Description | +| :------------------------------------------------------------------ | :--------------------------- | :----------------------------------------------------------------------------------------------------------- | +| [Create shift](../api/schedule-post-shifts.md) | [shift](shift.md) | Create a new **shift**. | +| [List shifts](../api/schedule-list-shifts.md) | [shift](shift.md) collection | Get the list of **shifts** in this schedule. | +| [Get shift](../api/shift-get.md) | [shift](shift.md) | Get a **shift** by ID. | +| [Replace shift](../api/shift-put.md) | [shift](shift.md) | Replace a **shift**. | +| [Delete shift](../api/shift-delete.md) | None | Delete a **shift** from the schedule. | +| [Stage for deletion](../api/changetrackedentity-stagefordeletion.md)| None | Stage the deletion of a [shift](shift.md) in this [schedule](../resources/schedule.md) in draft mode. | ## Properties | Property | Type | Description | | -------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | createdDateTime | DateTimeOffset | The timestamp on which this **shift** was first created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | -| draftShift | [shiftItem](shiftitem.md) | The draft version of this **shift** that is viewable by managers. Required. | +| draftShift | [shiftItem](shiftitem.md) | Draft changes in the **shift** are only visible to managers until they are [shared](../api/schedule-share.md). | | id | String | ID of the **shift**. | -| lastModifiedBy | [identitySet](identityset.md) | The identity that last updated this **shift**. | +| isStagedForDeletion | Boolean | The **shift** is marked for deletion, a process that is finalized when the schedule is [shared](../api/schedule-share.md). | +| lastModifiedBy | [identitySet](identityset.md) | The identity that last updated this **shift**. | | lastModifiedDateTime | DateTimeOffset | The timestamp on which this **shift** was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | -| sharedShift | [shiftItem](shiftitem.md) | The shared version of this **shift** that is viewable by both employees and managers. Required. | +| sharedShift | [shiftItem](shiftitem.md) | The shared version of this **shift** that is viewable by both employees and managers. | | schedulingGroupId | String | ID of the scheduling group the **shift** is part of. Required. | | userId | String | ID of the user assigned to the **shift**. Required. | @@ -47,7 +49,8 @@ Here's a JSON representation of the resource. ```json @@ -55,6 +58,7 @@ Here's a JSON representation of the resource. "createdDateTime": "DateTimeOffset", "draftShift": { "@odata.type": "microsoft.graph.shiftItem" }, "id": "String", + "isStagedForDeletion": "Boolean", "lastModifiedBy": { "@odata.type": "microsoft.graph.identitySet" }, "lastModifiedDateTime": "DateTimeOffset", "schedulingGroupId": "String", diff --git a/api-reference/beta/resources/team.md b/api-reference/beta/resources/team.md index 829e356e71d..b0d04107ceb 100644 --- a/api-reference/beta/resources/team.md +++ b/api-reference/beta/resources/team.md @@ -51,7 +51,7 @@ Every team is associated with a [Microsoft 365 group](../resources/group.md). Th |[Upgrade app installed in team](../api/team-teamsappinstallation-upgrade.md) | None | Upgrade the app installed in a team to the latest version.| |[Remove app from team](../api/team-delete-installedapps.md) | None | Remove (uninstall) an app from a team.| |[List permission grants](../api/team-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions that have been granted to apps to access the team.| -|[Get open shifts across all joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get a list of **openShift** objects from across all schedules the user has access to.| +|[Get open shifts across all joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get all open shifts across all teams a user is a direct member of.| ## Properties diff --git a/api-reference/beta/resources/timeoff.md b/api-reference/beta/resources/timeoff.md index d184497e9b5..d5615ee48e0 100644 --- a/api-reference/beta/resources/timeoff.md +++ b/api-reference/beta/resources/timeoff.md @@ -15,27 +15,31 @@ Namespace: microsoft.graph Represents a unit of non-work in a [schedule](../resources/schedule.md). +Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). + ## Methods | Method | Return type | Description | | :----------------------------------------- | :------------------------------- | :---------------------------------------------------- | -| [Create](../api/schedule-post-timesoff.md) | [timeOff](timeoff.md) | Create a new **timeOff** object. | -| [List](../api/schedule-list-timesoff.md) | [timeOff](timeoff.md) collection | Get the list of **timeOff** objects in this schedule. | -| [Get](../api/timeoff-get.md) | [timeOff](timeoff.md) | Get a **timeOff** object by ID. | -| [Replace](../api/timeoff-put.md) | [timeOff](timeoff.md) | Replace a **timeOff** object. | -| [Delete](../api/timeoff-delete.md) | None | Delete a **timeOff** object from the schedule. | +| [List timeOff](../api/schedule-list-timesoff.md) | [timeOff](timeoff.md) collection | Get the list of **timeOff** objects in a schedule. | +| [Create timeOff](../api/schedule-post-timesoff.md) | [timeOff](timeoff.md) | Create a new **timeOff** object. | +| [Get timeOff](../api/timeoff-get.md) | [timeOff](timeoff.md) | Get a **timeOff** object by ID. | +| [Replace timeOff](../api/timeoff-put.md) | [timeOff](timeoff.md) | Replace a **timeOff** object. | +| [Delete timeOff](../api/timeoff-delete.md) | None | Delete a **timeOff** object from the schedule. | +| [Stage for deletion](../api/changetrackedentity-stagefordeletion.md)| None |Stage the deletion of a **timeOff** instance in a [schedule](schedule.md) in draft mode.| ## Properties -| Property | Type | Description | -|:---------------------|:------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| +| Property | Type | Description | +|:---------------------|:------------------------------|:----------------------------| | createdDateTime | DateTimeOffset | The time stamp at which this **timeOff** was first created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | -| draftTimeOff | [timeOffItem](timeoffitem.md) | The draft version of this **timeOff** that is viewable by managers. Required. | -| id | String | ID of the **timeOff**. | -| lastModifiedBy | [identitySet](identityset.md) | The identity that last updated this **timeOff**. | +| draftTimeOff | [timeOffItem](timeoffitem.md) | Draft changes in the **timeOff** are only visible to managers until they are [shared](../api/schedule-share.md).| +| id | String | ID of the **timeOff**. | +| isStagedForDeletion | Boolean | The **timeOff** is marked for deletion, a process that is finalized when the schedule is [shared](../api/schedule-share.md). | +| lastModifiedBy | [identitySet](identityset.md) | The identity that last updated this **timeOff**. | | lastModifiedDateTime | DateTimeOffset | The time stamp at which this **timeOff** was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | -| sharedTimeOff | [timeOffItem](timeoffitem.md) | The shared version of this **timeOff** that is viewable by both employees and managers. Required. | -| userId | String | ID of the user assigned to the **timeOff**. Required. | +| sharedTimeOff | [timeOffItem](timeoffitem.md) | The shared version of this **timeOff** that is viewable by both employees and managers. | +| userId | String | ID of the user assigned to the **timeOff**. Required. | ## JSON representation @@ -50,9 +54,11 @@ The following is a JSON representation of the resource. ```json { + "@odata.type": "#microsoft.graph.timeOff", "createdDateTime": "String (timestamp)", "draftTimeOff": {"@odata.type": "microsoft.graph.timeOffItem"}, "id": "String (identifier)", + "isStagedForDeletion": "Boolean", "lastModifiedBy": {"@odata.type": "microsoft.graph.identitySet"}, "lastModifiedDateTime": "String (timestamp)", "sharedTimeOff": {"@odata.type": "microsoft.graph.timeOffItem"}, diff --git a/api-reference/beta/toc.yml b/api-reference/beta/toc.yml index e92e7b068d4..65509b49bfb 100644 --- a/api-reference/beta/toc.yml +++ b/api-reference/beta/toc.yml @@ -18847,7 +18847,7 @@ items: href: api/team-completemigration.md - name: List permission grants href: api/team-list-permissiongrants.md - - name: List for all joined teams + - name: Get open shifts across all joined teams href: api/team-getopenshifts.md - name: Team template items: @@ -18939,10 +18939,10 @@ items: href: api/openshift-update.md - name: Delete href: api/openshift-delete.md - - name: List for all joined teams - href: api/team-getopenshifts.md - name: Stage for deletion href: api/changetrackedentity-stagefordeletion.md + - name: Get open shifts across all joined teams + href: api/team-getopenshifts.md - name: Open shift change request href: resources/openshiftchangerequest.md items: @@ -18991,6 +18991,8 @@ items: href: api/shift-put.md - name: Delete href: api/shift-delete.md + - name: Stage for deletion + href: api/changetrackedentity-stagefordeletion.md - name: Shift preferences href: resources/shiftpreferences.md items: @@ -19047,6 +19049,8 @@ items: href: api/timeoff-put.md - name: Delete href: api/timeoff-delete.md + - name: Stage for deletion + href: api/changetrackedentity-stagefordeletion.md - name: Time off reason href: resources/timeoffreason.md items: diff --git a/changelog/Microsoft.Teams.Shifts.json b/changelog/Microsoft.Teams.Shifts.json index 4c26facfb1e..34a1a35bb1b 100644 --- a/changelog/Microsoft.Teams.Shifts.json +++ b/changelog/Microsoft.Teams.Shifts.json @@ -327,7 +327,7 @@ "ApiChange": "Property", "ChangedApiName": "isStagedForDeletion", "ChangeType": "Addition", - "Description": "Added the **isStagedForDeletion** property to the [openShift](https://learn.microsoft.com/en-us/graph/api/resources/openShift?view=graph-rest-beta) resource.", + "Description": "Added the **isStagedForDeletion** property to the [shift](https://learn.microsoft.com/en-us/graph/api/resources/shift?view=graph-rest-beta), [openShift](https://learn.microsoft.com/en-us/graph/api/resources/openShift?view=graph-rest-beta), and [timeOff](https://learn.microsoft.com/en-us/graph/api/resources/timeOff?view=graph-rest-beta) resource.", "Target": "openShift" }, { From 7723bb840463a8ec65eb4e97016595cbf1755cee Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 06:27:16 +0100 Subject: [PATCH 116/156] Update shift.md Edit. --- api-reference/beta/resources/shift.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/api-reference/beta/resources/shift.md b/api-reference/beta/resources/shift.md index dc868d568cf..44301b55508 100644 --- a/api-reference/beta/resources/shift.md +++ b/api-reference/beta/resources/shift.md @@ -1,6 +1,6 @@ --- title: "shift resource type" -description: "A shift is a unit of scheduled work in the schedule." +description: "Represents a unit of scheduled work in a schedule." author: "aaku" ms.localizationpriority: medium ms.prod: "microsoft-teams" @@ -13,10 +13,12 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -A unit of scheduled work in a [schedule](schedule.md). +Represents a unit of scheduled work in a [schedule](schedule.md). The duration of a shift can't be less than 1 minute or longer than 24 hours. +Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). + ## Methods | Method | Return Type | Description | @@ -26,25 +28,26 @@ The duration of a shift can't be less than 1 minute or longer than 24 hours. | [Get shift](../api/shift-get.md) | [shift](shift.md) | Get a **shift** by ID. | | [Replace shift](../api/shift-put.md) | [shift](shift.md) | Replace a **shift**. | | [Delete shift](../api/shift-delete.md) | None | Delete a **shift** from the schedule. | -| [Stage for deletion](../api/changetrackedentity-stagefordeletion.md)| None | Stage the deletion of a [shift](shift.md) in this [schedule](../resources/schedule.md) in draft mode. | +| [Stage for deletion](../api/changetrackedentity-stagefordeletion.md)| None | Stage the deletion of a [shift](../resources/shift.md) instance in a [schedule](../resources/schedule.md) in draft mode. | ## Properties | Property | Type | Description | | -------------------- | ----------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| createdDateTime | DateTimeOffset | The timestamp on which this **shift** was first created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | +| createdBy | [identitySet](identityset.md) | Identity of the user who created the **shift** object. Inherited from [changeTrackedEntity](changetrackedentity.md). | +| createdDateTime | DateTimeOffset | The timestamp on which this **shift** was first created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | | draftShift | [shiftItem](shiftitem.md) | Draft changes in the **shift** are only visible to managers until they are [shared](../api/schedule-share.md). | | id | String | ID of the **shift**. | | isStagedForDeletion | Boolean | The **shift** is marked for deletion, a process that is finalized when the schedule is [shared](../api/schedule-share.md). | -| lastModifiedBy | [identitySet](identityset.md) | The identity that last updated this **shift**. | -| lastModifiedDateTime | DateTimeOffset | The timestamp on which this **shift** was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. | +| lastModifiedBy | [identitySet](identityset.md) | The identity of the user who last updated this **shift**. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | +| lastModifiedDateTime | DateTimeOffset | The timestamp on which this **shift** was last updated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | | sharedShift | [shiftItem](shiftitem.md) | The shared version of this **shift** that is viewable by both employees and managers. | | schedulingGroupId | String | ID of the scheduling group the **shift** is part of. Required. | | userId | String | ID of the user assigned to the **shift**. Required. | ## JSON representation -Here's a JSON representation of the resource. +The following JSON representation shows the resource type. ``` http -POST /teams/{teamsId}/schedule/shifts/{shiftId}/stageForDeletion +POST /teams/{teamsId}/schedule/openShifts/{openShiftId}/stageForDeletion ``` +For a **shift**: ``` http -POST /teams/{teamsId}/schedule/openShifts/{openShiftId}/stageForDeletion +POST /teams/{teamsId}/schedule/shifts/{shiftId}/stageForDeletion ``` +For a **timesOff**: ``` http POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/shifts/SHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion ``` +#### Response + +The following example shows the response. + + +``` http +HTTP/1.1 204 No Content +``` + +### Example 2: Stage the deletion of a shift + +The following example shows how to stage the deletion of a **shift** in a **schedule** in draft mode. + +#### Request + +The following example shows a request. + +``` http +HTTP/1.1 204 No Content +``` + +### Example 3: Stage the deletion of a timesOff + +The following example shows how to stage the deletion of a **timesOff** in a **schedule** in draft mode. + +#### Request + +The following example shows a request. + ``` http @@ -136,9 +136,9 @@ The following example shows the response. HTTP/1.1 204 No Content ``` -### Example 3: Stage the deletion of a timesOff +### Example 3: Stage the deletion of a timeOff -The following example shows how to stage the deletion of a **timesOff** in a **schedule** in draft mode. +The following example shows how to stage the deletion of a **timeOff** in a **schedule** in draft mode. #### Request @@ -147,7 +147,7 @@ The following example shows a request. ``` http From 44add9acca8a902dd147f1342ca3c1aa32038149 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:10:40 +0100 Subject: [PATCH 126/156] Update changetrackedentity-stagefordeletion.md Edit. --- .../beta/api/changetrackedentity-stagefordeletion.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/api-reference/beta/api/changetrackedentity-stagefordeletion.md b/api-reference/beta/api/changetrackedentity-stagefordeletion.md index 23478e6c927..d89893b7750 100644 --- a/api-reference/beta/api/changetrackedentity-stagefordeletion.md +++ b/api-reference/beta/api/changetrackedentity-stagefordeletion.md @@ -84,12 +84,12 @@ The following example shows a request. ``` http -POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/shifts/SHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion +POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/openShifts/OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion ``` #### Response @@ -115,12 +115,12 @@ The following example shows a request. ``` http -POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/openShifts/OPNSHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion +POST https://graph.microsoft.com/beta/teams/3d88b7a2-f988-4f4b-bb34-d66df66af126/schedule/shifts/SHFT_577b75d2-a927-48c0-a5d1-dc984894e7b8/stageForDeletion ``` #### Response From ab0f47f67a3b1db12997a8e81b3a25c6b9ccbc16 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:17:05 +0100 Subject: [PATCH 127/156] Update team-getopenshifts.md Edit. --- api-reference/beta/api/team-getopenshifts.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api-reference/beta/api/team-getopenshifts.md b/api-reference/beta/api/team-getopenshifts.md index 46a9d391df1..401891b0894 100644 --- a/api-reference/beta/api/team-getopenshifts.md +++ b/api-reference/beta/api/team-getopenshifts.md @@ -1,6 +1,6 @@ --- title: "team: getOpenShifts" -description: "Get a list of openShift objects from across all schedules the user has access to." +description: "Get all openShift objects across all teams a user is a direct member of." author: "raulfernandes" ms.localizationpriority: medium ms.prod: "microsoft-teams" @@ -13,7 +13,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Get all [openShifts](../resources/openshift.md) across all teams a user is a direct member of. +Get all [openShift](../resources/openshift.md) objects across all teams a user is a direct member of. ## Permissions @@ -42,7 +42,7 @@ GET /users/{id | user-principal-name}/joinedTeams/getOpenShifts This method supports the `$top` and `$filter` [OData query parameters](/graph/query-parameters) to help customize the response. > [!NOTE] -> The `$filter` parameter supports the `sharedOpenShift/startDateTime`, `sharedOpenShift/endDateTime`, and `teamId` properties. It doesn't support the use of the same property more than once in a query. For example, the following query doesn't work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/startDateTime le 2024-05-09T23:59:59Z`; however, the following query works: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/endDateTime le 2024-05-09T23:59:59Z`. +> The `$filter` parameter supports the **sharedOpenShift/startDateTime**, **sharedOpenShift/endDateTime**, and **teamId** properties. It doesn't support the use of the same property more than once in a query. For example, the following query doesn't work: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/startDateTime le 2024-05-09T23:59:59Z`; however, the following query works: `sharedOpenShift/startDateTime ge 2024-05-09T00:00:00Z and sharedOpenShift/endDateTime le 2024-05-09T23:59:59Z`. ## Request headers @@ -52,6 +52,7 @@ This method supports the `$top` and `$filter` [OData query parameters](/graph/qu | MS-APP-ACTS-AS | A user ID (GUID). Required only if the authorization token is an application token; otherwise, optional. | ## Request body + Don't supply a request body for this method. ## Response @@ -73,7 +74,6 @@ The following example shows a request. GET https://graph.microsoft.com/beta/me/joinedTeams/getOpenShifts ``` - ### Response The following example shows the response. From d8e7daf999d553063b96e10d8f1f2432411641e2 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:21:17 +0100 Subject: [PATCH 128/156] Update changetrackedentity.md Edit. --- api-reference/beta/resources/changetrackedentity.md | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/api-reference/beta/resources/changetrackedentity.md b/api-reference/beta/resources/changetrackedentity.md index ef75eaf48a2..1fcad47921c 100644 --- a/api-reference/beta/resources/changetrackedentity.md +++ b/api-reference/beta/resources/changetrackedentity.md @@ -1,6 +1,6 @@ --- title: "changeTrackedEntity resource type" -description: "Represents an entity to track changes made to any supported Shifts resource." +description: "Represents an entity to track changes made to any supported schedule and associated resource." ms.localizationpriority: medium author: "akumar39" ms.prod: "microsoft-teams" @@ -15,19 +15,24 @@ Namespace: microsoft.graph Represents an entity to track changes made to any supported [schedule](schedule.md) and associated resource. +Base type of [openShift](../resources/openshift.md), [shift](../resources/shift.md), and [timeOff](../resources/timeoff.md). + +Inherits from [entity](../resources/entity.md). + ## Methods |Method|Return type|Description| |:---|:---|:---| -|[Stage for deletion](../api/changetrackedentity-stagefordeletion.md)|None|Stage the deletion of an [openShift](../resources/openshift.md) instance in a [schedule](../resources/schedule.md) in draft mode.| +|[Stage for deletion](../api/changetrackedentity-stagefordeletion.md)|None|Stage the deletion of an [openShift](../resources/openshift.md), [shift](../resources/shift.md), or [timeOff](../resources/timeoff.md) instance in a [schedule](../resources/schedule.md) in draft mode.| ## Properties | Property | Type | Description | |:-------------|:------------|:------------| +|createdBy|[identitySet](identityset.md)|Identity of the user who created the entity.| |createdDateTime|DateTimeOffset|The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.| |id|String| The unique identifier for the **changeTrackedEntity** object. Read-only.| -|lastModifiedBy|[identitySet](identityset.md)|Identity of the person who last modified the entity.| +|lastModifiedBy|[identitySet](identityset.md)|Identity of the user who last modified the entity.| |lastModifiedDateTime|DateTimeOffset|The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.| ## Relationships @@ -50,6 +55,7 @@ The following JSON representation shows the resource type. ```json { + "createdBy": {"@odata.type": "microsoft.graph.identitySet"}, "createdDateTime": "String (timestamp)", "id": "String (identifier)", "lastModifiedBy": {"@odata.type": "microsoft.graph.identitySet"}, From b61b06dbb6239faa9c4a53abadb712cfa17c5690 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:24:20 +0100 Subject: [PATCH 129/156] Update timeoff.md Edit. --- api-reference/beta/resources/timeoff.md | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/api-reference/beta/resources/timeoff.md b/api-reference/beta/resources/timeoff.md index a673675d3ab..36d291fe420 100644 --- a/api-reference/beta/resources/timeoff.md +++ b/api-reference/beta/resources/timeoff.md @@ -1,6 +1,6 @@ --- title: "timeOff resource type" -description: "Represents a unit of non-work in a schedule." +description: "Represents a unit of nonwork in a schedule." author: "aaku" ms.localizationpriority: medium ms.prod: "microsoft-teams" @@ -13,7 +13,7 @@ Namespace: microsoft.graph [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)] -Represents a unit of non-work in a [schedule](../resources/schedule.md). +Represents a unit of nonwork in a [schedule](../resources/schedule.md). Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). @@ -33,12 +33,12 @@ Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). | Property | Type | Description | |:---------------------|:------------------------------|:----------------------------| | createdBy | [identitySet](identityset.md) | Identity of the user who created the **timeOff** object. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | -| createdDateTime | DateTimeOffset | The timestamp at which this **timeOff** was first created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | -| draftTimeOff | [timeOffItem](timeoffitem.md) | Draft changes in the **timeOff** are only visible to managers until they are [shared](../api/schedule-share.md).| +| createdDateTime | DateTimeOffset | The date and time when this **timeOff** was first created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | +| draftTimeOff | [timeOffItem](timeoffitem.md) | Draft changes in the **timeOff** are only visible to managers until they're [shared](../api/schedule-share.md).| | id | String | The unique identifier for the **timeOff**. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | | isStagedForDeletion | Boolean | The **timeOff** is marked for deletion, a process that is finalized when the schedule is [shared](../api/schedule-share.md). | | lastModifiedBy | [identitySet](identityset.md) | The identity of the user who last updated this **timeOff**. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | -| lastModifiedDateTime | DateTimeOffset | The timestamp at which this **timeOff** was last updated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | +| lastModifiedDateTime | DateTimeOffset | The date and time when this **timeOff** was last updated. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [changeTrackedEntity](../resources/changetrackedentity.md). | | sharedTimeOff | [timeOffItem](timeoffitem.md) | The shared version of this **timeOff** that is viewable by both employees and managers. | | userId | String | ID of the user assigned to the **timeOff**. Required. | From 9aa55340aca9438432035c8eeb510818e593c969 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:26:44 +0100 Subject: [PATCH 130/156] Update openshift.md Edit. --- api-reference/beta/resources/openshift.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/beta/resources/openshift.md b/api-reference/beta/resources/openshift.md index 9f42634b0eb..de09482a405 100644 --- a/api-reference/beta/resources/openshift.md +++ b/api-reference/beta/resources/openshift.md @@ -26,7 +26,7 @@ Inherits from [changeTrackedEntity](../resources/changetrackedentity.md). | [Get openShift](../api/openshift-get.md) | [openShift](openshift.md) | Get an **openShift** by ID. | | [Update openShift](../api/openshift-update.md) | [openShift](openshift.md) | Update an **openShift**. | | [Delete openShift](../api/openshift-delete.md) | None | Delete an **openShift** from the schedule. | -| [Get open shifts across all joined teams](../api/team-getopenshifts.md) | [openShift](openshift.md) collection | Get all **openShifts** across all teams a user is a direct member of. | +| [Get open shifts across all joined teams](../api/team-getopenshifts.md) | [openShift](openshift.md) collection | Get all **openShift** objects across all teams a user is a direct member of. | | [Stage for deletion](../api/changetrackedentity-stagefordeletion.md) | None | Stage the deletion of an [openShift](../resources/openshift.md) instance in a [schedule](../resources/schedule.md) in draft mode. | ## Properties From 901e908b2cdbc02eee903dd610e21e5a2a67ed9e Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:27:21 +0100 Subject: [PATCH 131/156] Update team.md Edit. --- api-reference/beta/resources/team.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/beta/resources/team.md b/api-reference/beta/resources/team.md index b0d04107ceb..cf3b29938a8 100644 --- a/api-reference/beta/resources/team.md +++ b/api-reference/beta/resources/team.md @@ -51,7 +51,7 @@ Every team is associated with a [Microsoft 365 group](../resources/group.md). Th |[Upgrade app installed in team](../api/team-teamsappinstallation-upgrade.md) | None | Upgrade the app installed in a team to the latest version.| |[Remove app from team](../api/team-delete-installedapps.md) | None | Remove (uninstall) an app from a team.| |[List permission grants](../api/team-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions that have been granted to apps to access the team.| -|[Get open shifts across all joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get all open shifts across all teams a user is a direct member of.| +|[Get open shifts across all joined teams](../api/team-getopenshifts.md)|[openShift](../resources/openshift.md) collection|Get all [openShift](../resources/openshift.md) objects across all teams a user is a direct member of.| ## Properties From 21775e1e315da442803453fc0119fa388dca9777 Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 07:39:34 +0100 Subject: [PATCH 132/156] Update whats-new-overview.md Edit. --- concepts/whats-new-overview.md | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index d11e18ec2f3..bca75b952a4 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -19,14 +19,18 @@ In addition, find out about new documentation and learning resources for release ### Employee experience | Employee engagement Create and get a Viva Engage community that is a central place for conversations, files, events, and updates for people sharing a common interest or goal. Use the Viva Engage API for the following scenarios: -- [Create a community](/graph/api/employeeexperience-post-communities) -- [Poll for community creation status](/graph/api/engagementasyncoperation-get) -- [Get a community](/graph/api/community-get) +- [Create a community](/graph/api/employeeexperience-post-communities?view=graph-rest-beta&preserve-view=true) +- [Poll for community creation status](/graph/api/engagementasyncoperation-get?view=graph-rest-beta&preserve-view=true) +- [Get a community](/graph/api/community-get?view=graph-rest-beta&preserve-view=true) ### Teams Pricing update for the Teams meeting APIs starting January 1, 2024. For more information, see [Payment models and licensing requirements for Microsoft Teams APIs](/graph/teams-licenses#payment-requirements-for-meeting-apis). +### Teamwork and communications | Shift management +- Get all [openShift](../resources/openshift.md) objects across all teams a user is a direct member of, removing the need to specify a team ID in the request. For more information, see [team: getOpenShifts](/graph/api/team-getopenshifts?view=graph-rest-beta&preserve-view=true). +- [Stage the deletion](/graph/api/changetrackedentity-stagefordeletion?view=graph-rest-beta&preserve-view=true) of an [openShift](../resources/openshift.md), [shift](../resources/shift.md), or [timeOff](../resources/timeoff.md) instance in a [schedule](../resources/schedule.md) in draft mode. + ## November 2023: New and generally available ### Files @@ -56,7 +60,7 @@ Delete the [profile photo](/graph/api/resources/profilephoto) of a signed-in use ## November 2023: New in preview only ### Device and app management | Cloud PC -[Get the access state of a Frontline Cloud PC](/graph/api/cloudPC-getFrontlineCloudPcAccessState?view=graph-rest-beta&preserve-view=true) to determine whether the Frontline Cloud PC is accessible to a user. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=cc0c0a79-a691-485d-b47c-8b0ee543ae6c)_. +[Get the access state of a Frontline Cloud PC](/graph/api/cloudPC-getfrontlinecloudpcaccessstate?view=graph-rest-beta&preserve-view=true) to determine whether the Frontline Cloud PC is accessible to a user. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=cc0c0a79-a691-485d-b47c-8b0ee543ae6c)_. ### Reports | Identity and access reports As a [best practice recommended for a Microsoft Entra tenant](/graph/api/resources/recommendation?view=graph-rest-beta&preserve-view=true), [get](/graph/api/recommendation-tenantsecurescores?view=graph-rest-beta&preserve-view=true) historical [Secure Score data for the tenant](/graph/api/resources/tenantsecurescore?view=graph-rest-beta&preserve-view=true). _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=514fea21-1d51-46d0-847e-9c2cce1d6c58)_. From 8bf5997018983d477958c5bbaa3ff81d059a2033 Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 12:05:43 +0300 Subject: [PATCH 133/156] Add what's new for Entra --- concepts/whats-new-overview.md | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index d11e18ec2f3..2ae70f953be 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -14,6 +14,18 @@ In addition, find out about new documentation and learning resources for release > [!IMPORTANT] > Features, including APIs and tools, in _preview_ status may change without notice, and some may never be promoted to generally available (GA) status. Do not use preview features in production apps. +## December 2023: New and generally available + +### Identity and access | Directory management + +When a Microsoft service fails to provision a user, group, or organizational contact, and returns an error, you can now manually retry provisioning using the following APIs: + +- [Retry provisioning a user](/graph/api/user-retryserviceprovisioning) +- [Retry provisioning a group](/graph/api/user-retryserviceprovisioning) +- [Retry provisioning an organizational contact](/graph/api/orgcontact-retryserviceprovisioning) + +_See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=9bb64b16-cc35-474d-8036-e8d5d1534fa1)_. + ## December 2023: New in preview only ### Employee experience | Employee engagement @@ -23,6 +35,16 @@ Create and get a Viva Engage community that is a central place for conversations - [Poll for community creation status](/graph/api/engagementasyncoperation-get) - [Get a community](/graph/api/community-get) +### Identity and access | Identity and sign-in + +- Customize user authentication experiences in Microsoft Entra External ID for customers by configuring actions to run before or after you collect attributes from a user. You can configure the following Microsoft Graph entities: + - [onAttributeCollectionStartCustomExtension](/graph/api/resources/onattributecollectionstartcustomextension?view=graph-rest-beta&preserve-view=true) and [onAttributeCollectionSubmitCustomExtension](/graph/api/resources/onattributecollectionstartcustomextension?view=graph-rest-beta&preserve-view=true) objects to run custom code before or after you collect attributes from a user, respectively. + - [onAttributeCollectionStartListener](/graph/api/resources/onattributecollectionstartlistener?view=graph-rest-beta&preserve-view=true) and [onAttributeCollectionSubmitListener]((/graph/api/resources/onattributecollectionsubmitlistener?view=graph-rest-beta&preserve-view=true) objects to specify the event to invoke before or after you collect attributes from a user, respectively. + + _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=4badb014-c277-4c08-b593-8ed808b11baa)_. + +- We have refined how you can programmatically define the [tenant-wide policy for registering new devices](/graph/api/resources/deviceregistrationpolicy?view=graph-rest-beta&preserve-view=true) using Microsoft Entra join and Microsoft Entra register within your organization. This update introduces breaking changes that require you to update your app logic to ensure continued functionality. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=6bd09a97-53a9-401e-b0c5-266b9db06a1b)_. + ### Teams Pricing update for the Teams meeting APIs starting January 1, 2024. For more information, see [Payment models and licensing requirements for Microsoft Teams APIs](/graph/teams-licenses#payment-requirements-for-meeting-apis). From f965c08949c3ee3c3967a78b753b5680c130d022 Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 12:14:53 +0300 Subject: [PATCH 134/156] Update whats-new-overview.md --- concepts/whats-new-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index 2ae70f953be..142a90fbeb6 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -21,7 +21,7 @@ In addition, find out about new documentation and learning resources for release When a Microsoft service fails to provision a user, group, or organizational contact, and returns an error, you can now manually retry provisioning using the following APIs: - [Retry provisioning a user](/graph/api/user-retryserviceprovisioning) -- [Retry provisioning a group](/graph/api/user-retryserviceprovisioning) +- [Retry provisioning a group](/graph/api/group-retryserviceprovisioning) - [Retry provisioning an organizational contact](/graph/api/orgcontact-retryserviceprovisioning) _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=9bb64b16-cc35-474d-8036-e8d5d1534fa1)_. @@ -39,7 +39,7 @@ Create and get a Viva Engage community that is a central place for conversations - Customize user authentication experiences in Microsoft Entra External ID for customers by configuring actions to run before or after you collect attributes from a user. You can configure the following Microsoft Graph entities: - [onAttributeCollectionStartCustomExtension](/graph/api/resources/onattributecollectionstartcustomextension?view=graph-rest-beta&preserve-view=true) and [onAttributeCollectionSubmitCustomExtension](/graph/api/resources/onattributecollectionstartcustomextension?view=graph-rest-beta&preserve-view=true) objects to run custom code before or after you collect attributes from a user, respectively. - - [onAttributeCollectionStartListener](/graph/api/resources/onattributecollectionstartlistener?view=graph-rest-beta&preserve-view=true) and [onAttributeCollectionSubmitListener]((/graph/api/resources/onattributecollectionsubmitlistener?view=graph-rest-beta&preserve-view=true) objects to specify the event to invoke before or after you collect attributes from a user, respectively. + - [onAttributeCollectionStartListener](/graph/api/resources/onattributecollectionstartlistener?view=graph-rest-beta&preserve-view=true) and [onAttributeCollectionSubmitListener](/graph/api/resources/onattributecollectionsubmitlistener?view=graph-rest-beta&preserve-view=true) objects to specify the event to invoke before or after you collect attributes from a user, respectively. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=4badb014-c277-4c08-b593-8ed808b11baa)_. From c911a67e93436660b1cee177fbdcb2bd4b53b89d Mon Sep 17 00:00:00 2001 From: cubika Date: Thu, 21 Dec 2023 17:41:27 +0800 Subject: [PATCH 135/156] Revert --- .../includes/permissions/customappscope-delete-permissions.md | 4 ++-- .../includes/permissions/customappscope-get-permissions.md | 2 +- .../includes/permissions/customappscope-update-permissions.md | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/api-reference/beta/includes/permissions/customappscope-delete-permissions.md b/api-reference/beta/includes/permissions/customappscope-delete-permissions.md index 6cba929ec49..a23aa271472 100644 --- a/api-reference/beta/includes/permissions/customappscope-delete-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-delete-permissions.md @@ -1,5 +1,5 @@ |Permission type|Least privileged permissions|Higher privileged permissions| |:---|:---|:---| -|Delegated (work or school account)|RoleManagement.ReadWrite.Exchange|Not available.| +|Delegated (work or school account)|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|RoleManagement.ReadWrite.Exchange|Not available.| \ No newline at end of file +|Application|Not supported.|Not supported.| \ No newline at end of file diff --git a/api-reference/beta/includes/permissions/customappscope-get-permissions.md b/api-reference/beta/includes/permissions/customappscope-get-permissions.md index 2e34a86fee6..a23aa271472 100644 --- a/api-reference/beta/includes/permissions/customappscope-get-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-get-permissions.md @@ -2,4 +2,4 @@ |:---|:---|:---| |Delegated (work or school account)|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|RoleManagement.Read.Exchange|RoleManagement.Read.All, RoleManagement.ReadWrite.Exchange| \ No newline at end of file +|Application|Not supported.|Not supported.| \ No newline at end of file diff --git a/api-reference/beta/includes/permissions/customappscope-update-permissions.md b/api-reference/beta/includes/permissions/customappscope-update-permissions.md index 6cba929ec49..6d17ae3a0df 100644 --- a/api-reference/beta/includes/permissions/customappscope-update-permissions.md +++ b/api-reference/beta/includes/permissions/customappscope-update-permissions.md @@ -2,4 +2,4 @@ |:---|:---|:---| |Delegated (work or school account)|RoleManagement.ReadWrite.Exchange|Not available.| |Delegated (personal Microsoft account)|Not supported.|Not supported.| -|Application|RoleManagement.ReadWrite.Exchange|Not available.| \ No newline at end of file +|Application|Not supported.|Not supported.| \ No newline at end of file From 5ec5e20988d63b0169066dd75bd8207d6042818b Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 11:06:09 +0100 Subject: [PATCH 136/156] Update whats-new-overview.md Edit. --- concepts/whats-new-overview.md | 16 +++++++++------- 1 file changed, 9 insertions(+), 7 deletions(-) diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index bca75b952a4..04b1227ce3d 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -14,6 +14,12 @@ In addition, find out about new documentation and learning resources for release > [!IMPORTANT] > Features, including APIs and tools, in _preview_ status may change without notice, and some may never be promoted to generally available (GA) status. Do not use preview features in production apps. +## December 2023: New and generally available + +### Teams + +Pricing update for the Teams meeting APIs starting January 1, 2024. For more information, see [Payment models and licensing requirements for Microsoft Teams APIs](/graph/teams-licenses#payment-requirements-for-meeting-apis). + ## December 2023: New in preview only ### Employee experience | Employee engagement @@ -23,13 +29,9 @@ Create and get a Viva Engage community that is a central place for conversations - [Poll for community creation status](/graph/api/engagementasyncoperation-get?view=graph-rest-beta&preserve-view=true) - [Get a community](/graph/api/community-get?view=graph-rest-beta&preserve-view=true) -### Teams - -Pricing update for the Teams meeting APIs starting January 1, 2024. For more information, see [Payment models and licensing requirements for Microsoft Teams APIs](/graph/teams-licenses#payment-requirements-for-meeting-apis). - ### Teamwork and communications | Shift management -- Get all [openShift](../resources/openshift.md) objects across all teams a user is a direct member of, removing the need to specify a team ID in the request. For more information, see [team: getOpenShifts](/graph/api/team-getopenshifts?view=graph-rest-beta&preserve-view=true). -- [Stage the deletion](/graph/api/changetrackedentity-stagefordeletion?view=graph-rest-beta&preserve-view=true) of an [openShift](../resources/openshift.md), [shift](../resources/shift.md), or [timeOff](../resources/timeoff.md) instance in a [schedule](../resources/schedule.md) in draft mode. +- Get all [openShift](/graph/api/resources/openshift.md) objects across all teams a user is a direct member of, removing the need to specify a team ID in the request. For more information, see [team: getOpenShifts](/graph/api/team-getopenshifts?view=graph-rest-beta&preserve-view=true). +- [Stage the deletion](/graph/api/changetrackedentity-stagefordeletion?view=graph-rest-beta&preserve-view=true) of an [openShift](/graph/api/resources/openshift.md), [shift](/graph/api/resources/shift.md), or [timeOff](/graph/api/resources/timeoff.md) instance in a [schedule](../resources/schedule.md) in draft mode. ## November 2023: New and generally available @@ -45,7 +47,7 @@ _See the [related changelog section](https://developer.microsoft.com/en-us/graph Delete a group's [profile photo](/graph/api/resources/profilephoto). _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=14a780c1-d222-4476-acc0-3c5b6425f040)_. ### Identity and access | Directory management -Optionally define a [directory extension](/graph/api/resources/extensionProperty) as a multi-valued custom property that contains a collection of objects, instead of a single-valued property. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=3c89fe6e-3b38-4168-952d-d4291e651e5a)_. +Optionally define a [directory extension](/graph/api/resources/extensionproperty) as a multi-valued custom property that contains a collection of objects, instead of a single-valued property. _See the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=3c89fe6e-3b38-4168-952d-d4291e651e5a)_. ### Security | Alerts and incidents Get an [alert](/graph/api/resources/security-alert) that can indicate a more specific workload protection plan of Microsoft Defender for Cloud as the source that detected notable component or activity. Examples of more specific workload protection plans include Microsoft Defender for IoT, Microsoft Defender for Servers, Microsoft Defender for Storage. _For a list of the additional possible sources, see the [related changelog section](https://developer.microsoft.com/en-us/graph/changelog/?search=2ffb1cd0-70b3-4e55-b5f2-b7e6c7d62dc2)_. From 302df237359d540ad0ce3d4be63d3626b08f7d7a Mon Sep 17 00:00:00 2001 From: Jarbas Horst Date: Thu, 21 Dec 2023 11:14:57 +0100 Subject: [PATCH 137/156] Update whats-new-overview.md Edit. --- concepts/whats-new-overview.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md index 04b1227ce3d..f70ca7eb02f 100644 --- a/concepts/whats-new-overview.md +++ b/concepts/whats-new-overview.md @@ -30,8 +30,8 @@ Create and get a Viva Engage community that is a central place for conversations - [Get a community](/graph/api/community-get?view=graph-rest-beta&preserve-view=true) ### Teamwork and communications | Shift management -- Get all [openShift](/graph/api/resources/openshift.md) objects across all teams a user is a direct member of, removing the need to specify a team ID in the request. For more information, see [team: getOpenShifts](/graph/api/team-getopenshifts?view=graph-rest-beta&preserve-view=true). -- [Stage the deletion](/graph/api/changetrackedentity-stagefordeletion?view=graph-rest-beta&preserve-view=true) of an [openShift](/graph/api/resources/openshift.md), [shift](/graph/api/resources/shift.md), or [timeOff](/graph/api/resources/timeoff.md) instance in a [schedule](../resources/schedule.md) in draft mode. +- Get all [openShift](/graph/api/resources/openshift) objects across all teams a user is a direct member of, removing the need to specify a team ID in the request. For more information, see [team: getOpenShifts](/graph/api/team-getopenshifts?view=graph-rest-beta&preserve-view=true). +- [Stage the deletion](/graph/api/changetrackedentity-stagefordeletion?view=graph-rest-beta&preserve-view=true) of an [openShift](/graph/api/resources/openshift), [shift](/graph/api/resources/shift), or [timeOff](/graph/api/resources/timeoff) instance in a [schedule](/graph/api/resources/schedule) in draft mode. ## November 2023: New and generally available From 89827ee479956ff345c1fa1ab09315b1f36deb01 Mon Sep 17 00:00:00 2001 From: Jason Johnston Date: Thu, 21 Dec 2023 09:34:07 -0500 Subject: [PATCH 138/156] Removed CLI preview disclaimer Fixes https://github.com/microsoftgraph/microsoft-graph-docs-contrib/issues/8899 --- concepts/cli/app-only.md | 2 -- concepts/cli/get-started.md | 2 -- concepts/cli/installation.md | 2 -- concepts/cli/navigating.md | 2 -- concepts/cli/overview.md | 2 -- includes/cli-preview.md | 7 ------- 6 files changed, 17 deletions(-) delete mode 100644 includes/cli-preview.md diff --git a/concepts/cli/app-only.md b/concepts/cli/app-only.md index 35d2e664c96..2b86d8f4ba3 100644 --- a/concepts/cli/app-only.md +++ b/concepts/cli/app-only.md @@ -9,8 +9,6 @@ author: jasonjoh The Microsoft Graph command-line interface (CLI) supports two types of authentication: [delegated access](../auth-v2-user.md), and [app-only access](../auth-v2-service.md). This topic describes the configuration needed to enable app-only access. -[!INCLUDE [cli-preview](../../includes/cli-preview.md)] - > [!NOTE] > App-only access grants permissions directly to an application, and requires an administrator to consent to the required permission scopes. For more information, see [Microsoft identity platform and the OAuth 2.0 client credentials flow](/azure/active-directory/develop/v2-oauth2-client-creds-grant-flow). diff --git a/concepts/cli/get-started.md b/concepts/cli/get-started.md index 4876e4c9d24..23fcdfc0cfc 100644 --- a/concepts/cli/get-started.md +++ b/concepts/cli/get-started.md @@ -9,8 +9,6 @@ author: jasonjoh In this topic, you'll use the Microsoft Graph command-line interface (CLI) to perform some basic tasks. If you haven't already [installed the CLI](installation.md), do so before following this guide. -[!INCLUDE [cli-preview](../../includes/cli-preview.md)] - ## API version The Microsoft Graph CLI uses the [Microsoft Graph REST API v1.0](/graph/api/overview?view=graph-rest-1.0&preserve-view=true). diff --git a/concepts/cli/installation.md b/concepts/cli/installation.md index 768de38c960..0c2074378c6 100644 --- a/concepts/cli/installation.md +++ b/concepts/cli/installation.md @@ -11,8 +11,6 @@ author: jasonjoh The Microsoft Graph command-line interface (CLI) is published on [GitHub](https://github.com/microsoftgraph/msgraph-cli/releases/latest). -[!INCLUDE [cli-preview](../../includes/cli-preview.md)] - ## Installation ### [Windows](#tab/windows) diff --git a/concepts/cli/navigating.md b/concepts/cli/navigating.md index 44c7a9000f7..f0062a3e502 100644 --- a/concepts/cli/navigating.md +++ b/concepts/cli/navigating.md @@ -9,8 +9,6 @@ author: jasonjoh The Microsoft Graph API is huge, and it's growing all the time. Therefore, the number of commands in the Microsoft Graph command-line interface (CLI) is also large. Finding the right command for what you want to achieve can be challenging, especially if you're not already familiar with Microsoft Graph. This topic looks at some ways to help find a particular command. -[!INCLUDE [cli-preview](../../includes/cli-preview.md)] - [!INCLUDE [aad-advanced-queries-note](../../includes/aad-advanced-queries-note.md)] ## Command naming conventions diff --git a/concepts/cli/overview.md b/concepts/cli/overview.md index 2ba1968fb1d..a17abad75fe 100644 --- a/concepts/cli/overview.md +++ b/concepts/cli/overview.md @@ -9,8 +9,6 @@ author: jasonjoh The Microsoft Graph PowerShell command-line interface (CLI) acts as an API wrapper for the Microsoft Graph APIs, exposing the entire API set for use from the command line. -[!INCLUDE [cli-preview](../../includes/cli-preview.md)] - ## Microsoft Graph CLI features & benefits The Microsoft Graph CLI provides the following benefits: diff --git a/includes/cli-preview.md b/includes/cli-preview.md deleted file mode 100644 index c69e97450b7..00000000000 --- a/includes/cli-preview.md +++ /dev/null @@ -1,7 +0,0 @@ ---- -ms.localizationpriority: medium ---- - - -> [!IMPORTANT] -> The Microsoft Graph command-line interface (CLI) is currently in preview. Use of this CLI in production is not supported. From e5d3988b38f6f3951bb87772ac9ef6d7ff73e84b Mon Sep 17 00:00:00 2001 From: jagritee Date: Thu, 21 Dec 2023 20:57:32 +0530 Subject: [PATCH 139/156] updating the title of the page --- concepts/learningcourseactivity-error-codes.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/concepts/learningcourseactivity-error-codes.md b/concepts/learningcourseactivity-error-codes.md index 2bcbb54fa0a..e555834eb64 100644 --- a/concepts/learningcourseactivity-error-codes.md +++ b/concepts/learningcourseactivity-error-codes.md @@ -1,5 +1,5 @@ --- -title: "Error responses in the learningCourseActivity API" +title: "Error Codes in the learningCourseActivity API" description: "This article describes error codes returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails." author: "jprasad" ms.localizationpriority: medium @@ -7,7 +7,7 @@ ms.prod: "employee-learning" doc_type: conceptualPageType --- -# Error responses in the learningCourseActivity API +# Error Codes in the learningCourseActivity API Namespace: microsoft.graph From daf12383a95e176b3467739ae42d3345c07fe2da Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 09:30:50 -0600 Subject: [PATCH 140/156] Update concepts/learningcourseactivity-error-codes.md --- concepts/learningcourseactivity-error-codes.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/concepts/learningcourseactivity-error-codes.md b/concepts/learningcourseactivity-error-codes.md index e555834eb64..9b32338b1df 100644 --- a/concepts/learningcourseactivity-error-codes.md +++ b/concepts/learningcourseactivity-error-codes.md @@ -1,5 +1,5 @@ --- -title: "Error Codes in the learningCourseActivity API" +title: "Error codes in the learningCourseActivity API" description: "This article describes error codes returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails." author: "jprasad" ms.localizationpriority: medium From 44f70974f780407a8fc89afe8940446ccd4429c4 Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 18:49:09 +0300 Subject: [PATCH 141/156] Add customer intent statements - batch 3 --- concepts/auth/auth-concepts.md | 3 ++- concepts/group-directory-settings.md | 1 + concepts/group-set-options.md | 1 + concepts/how-to-pim-update-rules.md | 1 + concepts/identity-governance-pim-rules-overview.md | 5 +++-- ...identitygovernance-lifecycleworkflows-task-arguments.md | 7 ++++--- concepts/json-batching.md | 1 + concepts/migrate-azure-ad-graph-app-registration.md | 3 ++- concepts/migrate-azure-ad-graph-audit-api-use.md | 1 + concepts/migrate-azure-ad-graph-authentication-library.md | 3 ++- concepts/migrate-azure-ad-graph-client-libraries.md | 1 + concepts/migrate-azure-ad-graph-deploy-test-extend.md | 1 + concepts/migrate-azure-ad-graph-faq.md | 2 ++ concepts/migrate-azure-ad-graph-feature-differences.md | 1 + concepts/migrate-azure-ad-graph-method-differences.md | 1 + concepts/migrate-azure-ad-graph-permissions-differences.md | 1 + concepts/migrate-azure-ad-graph-planning-checklist.md | 1 + concepts/migrate-azure-ad-graph-property-differences.md | 1 + concepts/migrate-azure-ad-graph-request-differences.md | 7 ++++--- concepts/migrate-azure-ad-graph-resource-differences.md | 1 + concepts/paging.md | 1 + concepts/permissions-grant-via-msgraph.md | 1 + concepts/permissions-overview.md | 1 + concepts/permissions-reference.md | 1 + concepts/throttling-limits.md | 1 + concepts/throttling.md | 1 + concepts/tutorial-access-package-api.md | 1 + concepts/tutorial-accessreviews-M365group.md | 1 + concepts/tutorial-accessreviews-roleassignments.md | 1 + concepts/tutorial-accessreviews-securitygroup.md | 1 + concepts/tutorial-applications-basics.md | 1 + concepts/tutorial-assign-azureadroles.md | 2 ++ ...utorial-lifecycle-workflows-offboard-custom-workflow.md | 3 ++- ...tutorial-lifecycle-workflows-onboard-custom-workflow.md | 1 + concepts/tutorial-lifecycle-workflows-scheduled-leaver.md | 3 ++- ...torial-lifecycle-workflows-set-employeeleavedatetime.md | 1 + concepts/tutorial-riskdetection-api.md | 1 + 37 files changed, 52 insertions(+), 13 deletions(-) diff --git a/concepts/auth/auth-concepts.md b/concepts/auth/auth-concepts.md index fbb92fab318..9f56bb81ec3 100644 --- a/concepts/auth/auth-concepts.md +++ b/concepts/auth/auth-concepts.md @@ -7,7 +7,8 @@ ms.reviewer: jackson.woods ms.localizationpriority: high ms.prod: "applications" ms.custom: graphiamtop20 -ms.date: 05/25/2023 +ms.date: 12/21/2023 +#Customer intent: As a developer, I want to understand how to authenticate and authorize my app to call Microsoft Graph. --- # Authentication and authorization basics diff --git a/concepts/group-directory-settings.md b/concepts/group-directory-settings.md index d32d35c9492..cc731a555cd 100644 --- a/concepts/group-directory-settings.md +++ b/concepts/group-directory-settings.md @@ -6,6 +6,7 @@ ms.author: ombongifaith ms.reviewer: jodah ms.localizationpriority: high ms.date: 06/08/2022 +#Customer intent: As a developer, I want to learn how to use Microsoft Graph to configure tenant-wide and object-specific settings for Microsoft 365 groups, security groups, consent policies, password rules, and prohibited sames. --- # Overview of group settings diff --git a/concepts/group-set-options.md b/concepts/group-set-options.md index 689294ad2e9..487dc580558 100644 --- a/concepts/group-set-options.md +++ b/concepts/group-set-options.md @@ -6,6 +6,7 @@ ms.author: ombongifaith ms.reviewer: jodah ms.localizationpriority: high ms.date: 08/13/2022 +#Customer intent: As a developer, I want to learn how to use Microsoft Graph to set specific group behaviors and provision sepcific resources, so that I can tailor the group's functionality and capabilities to meet the needs of my organization. --- # Set Microsoft 365 group behaviors and provisioning options diff --git a/concepts/how-to-pim-update-rules.md b/concepts/how-to-pim-update-rules.md index 9ef4ed6210b..6d12654a6fb 100644 --- a/concepts/how-to-pim-update-rules.md +++ b/concepts/how-to-pim-update-rules.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.topic: how-to ms.prod: "governance" ms.date: 09/27/2023 +#Customer intent: As a developer, I want to update settings and rules in Privileged Identity Management (PIM) using Microsoft Graph APIs, so that I can manage the activation, approval, and expiration settings for different roles and groups in PIM. --- # Update rules in PIM using Microsoft Graph diff --git a/concepts/identity-governance-pim-rules-overview.md b/concepts/identity-governance-pim-rules-overview.md index f44202ea7f5..718eb87e69a 100644 --- a/concepts/identity-governance-pim-rules-overview.md +++ b/concepts/identity-governance-pim-rules-overview.md @@ -1,5 +1,5 @@ --- -title: "Working with rules in privileged identity management (PIM)" +title: "Rules in PIM - mapping guide" description: "Learn how rules in PIM are structured in Microsoft Graph and how they map with the descriptions on the Microsoft Entra admin center." author: "FaithOmbongi" ms.author: ombongifaith @@ -8,9 +8,10 @@ ms.localizationpriority: medium ms.topic: conceptual ms.prod: "governance" ms.date: 06/08/2023 +#Customer intent: As a developer, I want to understand how to map PIM settings in the Microsoft Entra admin center to the corresponding rules in Microsoft Graph, so that I can configure and update the rules effectively. --- -# Working with rules in PIM using Microsoft Graph +# Rules in PIM - mapping guide Privileged Identity Management (PIM) exposes role settings or rules for the resources that can be managed. In Microsoft Graph, these resources are Microsoft Entra roles and groups and they are managed through [PIM for Microsoft Entra roles](/graph/api/resources/privilegedidentitymanagementv3-overview) and [PIM for groups](/graph/api/resources/privilegedidentitymanagement-for-groups-api-overview) respectively. diff --git a/concepts/identitygovernance-lifecycleworkflows-task-arguments.md b/concepts/identitygovernance-lifecycleworkflows-task-arguments.md index dc1defcef43..9ada93fe87e 100644 --- a/concepts/identitygovernance-lifecycleworkflows-task-arguments.md +++ b/concepts/identitygovernance-lifecycleworkflows-task-arguments.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.prod: "governance" doc_type: conceptualPageType ms.date: 11/23/2022 +#Customer intent: As a developer automating user lifecycle processes, I want to learn how to use Microsoft Graph to configure the arguments property of built-in tasks in Lifecycle Workflows, so that I can automate basic lifecycle processes for my users. --- # Configure the arguments for built-in Lifecycle Workflow tasks @@ -53,12 +54,12 @@ This article provides guidance on the allowed configuration for the **arguments* The following example shows a task configuration to send the offboarding email to a user's manager after the user's last day of work. This task is identified by **taskDefinitionId** `6f22ddd4-b3a5-47a4-a846-0d7c201a49ce`. -```http +```json { "category": "leaver", "continueOnError": true, "displayName": "Send offboarding email to user's manager after the last day of work", - "description": "Send email after user’s last day", + "description": "Send email after user's last day", "isEnabled": true, "continueOnError": true, "taskDefinitionId": "6f22ddd4-b3a5-47a4-a846-0d7c201a49ce", @@ -70,7 +71,7 @@ The following example shows a task configuration to send the offboarding email t The following example shows a task configuration to add a user to a Teams team. This task is identified by **taskDefinitionId** `e440ed8d-25a1-4618-84ce-091ed5be5594`. -```http +```json { "category": "leaver", "description": "Add user to university alumni team", diff --git a/concepts/json-batching.md b/concepts/json-batching.md index a0ef3905755..889ef2414db 100644 --- a/concepts/json-batching.md +++ b/concepts/json-batching.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: high ms.custom: graphiamtop20 ms.date: 10/08/2022 +#Customer intent: As a developer, I want to learn how to use Microsoft Graph to combine multiple requests into a single JSON batch request, so that I can optimize my application. --- # Combine multiple requests in one HTTP call using JSON batching diff --git a/concepts/migrate-azure-ad-graph-app-registration.md b/concepts/migrate-azure-ad-graph-app-registration.md index 2949a0ae88d..d28a0acfaf9 100644 --- a/concepts/migrate-azure-ad-graph-app-registration.md +++ b/concepts/migrate-azure-ad-graph-app-registration.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to learn what to review in my app registration, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Review app registration, permissions, and consent @@ -17,7 +18,7 @@ For any app update, there are three areas to consider: - **App registration**: You can continue to use your existing app registration (`appId`) in your application code. - You do **not** have to re-register your app to migrate to Microsoft Graph. Simply update the code, test heavily, and then deploy your update. + You do **not** have to re-register your app to migrate to Microsoft Graph. Update the code, test heavily, and then deploy your update. - **Permissions**: You should change your configured permissions to the equivalent Microsoft Graph permissions. Delegated permissions which were granted for Azure Active Directory (Azure AD) Graph will be implicitly considered granted for Microsoft Graph also. Application permissions (app roles) will need to be granted again. diff --git a/concepts/migrate-azure-ad-graph-audit-api-use.md b/concepts/migrate-azure-ad-graph-audit-api-use.md index bf8353d7f58..6b3582b04c9 100644 --- a/concepts/migrate-azure-ad-graph-audit-api-use.md +++ b/concepts/migrate-azure-ad-graph-audit-api-use.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to learn what to investigate in my app code and logic, so that I can migrate my app from Azure AD Graph to Microsoft Graph. --- # Examine Azure AD Graph APIs app usage diff --git a/concepts/migrate-azure-ad-graph-authentication-library.md b/concepts/migrate-azure-ad-graph-authentication-library.md index 772a6cc5edc..9963169c863 100644 --- a/concepts/migrate-azure-ad-graph-authentication-library.md +++ b/concepts/migrate-azure-ad-graph-authentication-library.md @@ -7,13 +7,14 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to learn what authentication libraries to use, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Review app authentication library changes This article is part of *step 3: review app details* of the [process to migrate apps](migrate-azure-ad-graph-planning-checklist.md). -Most apps use an authentication library to acquire and manage access tokens to call Microsoft Graph. Microsoft offers two authentication libraries: +Most apps use an authentication library to acquire and manage access tokens to call Microsoft Graph. Microsoft offers two authentication libraries: - [Azure Active Directory Authentication Library](/azure/active-directory/develop/active-directory-authentication-libraries) (ADAL) - [Microsoft Authentication Library](/azure/active-directory/develop/reference-v2-libraries) (MSAL) diff --git a/concepts/migrate-azure-ad-graph-client-libraries.md b/concepts/migrate-azure-ad-graph-client-libraries.md index ca75bacde69..297dc54d2e5 100644 --- a/concepts/migrate-azure-ad-graph-client-libraries.md +++ b/concepts/migrate-azure-ad-graph-client-libraries.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer of an app currently using the Azure AD Graph .NET client library, I want to migrate my app to use the Microsoft Graph .NET client library, as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Migrate .NET client library use to Microsoft Graph diff --git a/concepts/migrate-azure-ad-graph-deploy-test-extend.md b/concepts/migrate-azure-ad-graph-deploy-test-extend.md index 9cfc75c2ca1..9bfc391862c 100644 --- a/concepts/migrate-azure-ad-graph-deploy-test-extend.md +++ b/concepts/migrate-azure-ad-graph-deploy-test-extend.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer migrating apps to Microsoft Graph, I want to understand some best practices for confidently deploying changes to my app, so that I can ensure a smooth transition from Azure AD Graph to Microsoft Graph. --- # Deploy, test, and extend diff --git a/concepts/migrate-azure-ad-graph-faq.md b/concepts/migrate-azure-ad-graph-faq.md index 60bdd845fca..4431129c2c2 100644 --- a/concepts/migrate-azure-ad-graph-faq.md +++ b/concepts/migrate-azure-ad-graph-faq.md @@ -6,7 +6,9 @@ ms.author: ombongifaith ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" +ms.topic: faq ms.date: 06/22/2023 +#Customer intent: As a developer, I want to understand more about why I should migrate my app from Azure AD Graph to Microsoft Graph. --- # Azure AD Graph to Microsoft Graph migration FAQ diff --git a/concepts/migrate-azure-ad-graph-feature-differences.md b/concepts/migrate-azure-ad-graph-feature-differences.md index b1e0ac4ba4f..dc0809e4525 100644 --- a/concepts/migrate-azure-ad-graph-feature-differences.md +++ b/concepts/migrate-azure-ad-graph-feature-differences.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to to understand how features differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Feature differences between Azure AD Graph and Microsoft Graph diff --git a/concepts/migrate-azure-ad-graph-method-differences.md b/concepts/migrate-azure-ad-graph-method-differences.md index 38b5b5fdbdd..2b2ec8058d4 100644 --- a/concepts/migrate-azure-ad-graph-method-differences.md +++ b/concepts/migrate-azure-ad-graph-method-differences.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to to understand how API methods that differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Method differences between Azure AD Graph and Microsoft Graph diff --git a/concepts/migrate-azure-ad-graph-permissions-differences.md b/concepts/migrate-azure-ad-graph-permissions-differences.md index 33a577b850f..d2715860907 100644 --- a/concepts/migrate-azure-ad-graph-permissions-differences.md +++ b/concepts/migrate-azure-ad-graph-permissions-differences.md @@ -7,6 +7,7 @@ ms.reviewer: jackson.woods ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer migrating apps from Azure AD Graph to Microsoft Graph, I want to understand the differences in permissions between the two APIs, so that I can grant the rightly scoped Microsoft Graph permissions to my app. --- # Permissions differences between Azure AD Graph and Microsoft Graph diff --git a/concepts/migrate-azure-ad-graph-planning-checklist.md b/concepts/migrate-azure-ad-graph-planning-checklist.md index cf443c5227a..87675ffceda 100644 --- a/concepts/migrate-azure-ad-graph-planning-checklist.md +++ b/concepts/migrate-azure-ad-graph-planning-checklist.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, what are some of the things I need to consider when migrating my app from Azure AD Graph to Microsoft Graph? --- # Azure AD Graph app migration planning checklist diff --git a/concepts/migrate-azure-ad-graph-property-differences.md b/concepts/migrate-azure-ad-graph-property-differences.md index 2c82e8d5ab3..e84028e3d0c 100644 --- a/concepts/migrate-azure-ad-graph-property-differences.md +++ b/concepts/migrate-azure-ad-graph-property-differences.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to to understand how properties differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Property differences between Azure AD Graph and Microsoft Graph diff --git a/concepts/migrate-azure-ad-graph-request-differences.md b/concepts/migrate-azure-ad-graph-request-differences.md index ad11fdb558b..287bfd08afc 100644 --- a/concepts/migrate-azure-ad-graph-request-differences.md +++ b/concepts/migrate-azure-ad-graph-request-differences.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to understand how REST API endpoints differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Request differences between Azure AD Graph and Microsoft Graph @@ -112,11 +113,11 @@ Azure AD Graph requests use `$links` to indicate relationships between resources The following table shows several examples: -| Task | Azure AD Graph | Microsoft Graph | -|------|----------------|-----------------| +| Task | Azure AD Graph | Microsoft Graph | +|-------------------|-------------------------------------------|-----------------------------------------| | Add member | `POST /groups/{id}/$links/members` | `POST /groups/{id}/members/$ref` | | List member links | `GET /groups/{id}/$links/members` | `GET /groups/{id}/members/$ref` | -| List members | `GET /groups/{id}/members` | `GET /groups/{id}/members` | +| List members | `GET /groups/{id}/members` | `GET /groups/{id}/members` | | Remove member | `DELETE /groups/{id}/$links/members/{id}` | `DELETE /groups/{id}/members/{id}/$ref` | When migrating your apps to Microsoft Graph, look for requests that use `$links` to associate resources; change these to use `$ref` instead. diff --git a/concepts/migrate-azure-ad-graph-resource-differences.md b/concepts/migrate-azure-ad-graph-resource-differences.md index 80ebae64999..1fa552147eb 100644 --- a/concepts/migrate-azure-ad-graph-resource-differences.md +++ b/concepts/migrate-azure-ad-graph-resource-differences.md @@ -7,6 +7,7 @@ ms.reviewer: dkershaw ms.localizationpriority: medium ms.prod: "applications" ms.date: 11/11/2022 +#Customer intent: As a developer, I want to understand how resources differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph. --- # Resource type differences between Azure AD Graph and Microsoft Graph diff --git a/concepts/paging.md b/concepts/paging.md index 936830ab364..0a4e5dcd823 100644 --- a/concepts/paging.md +++ b/concepts/paging.md @@ -4,6 +4,7 @@ description: "Use data in the odata.nextLink property in the response to retriev ms.reviewer: dkershaw ms.localizationpriority: high ms.custom: graphiamtop20, scenarios:getting-started +#Customer intent: As a developer, I want to learn how to effeciently apply both server-side and client-side paging to my Microsoft Graph queries. --- # Paging Microsoft Graph data in your app diff --git a/concepts/permissions-grant-via-msgraph.md b/concepts/permissions-grant-via-msgraph.md index dc70103358c..20cc2cea365 100644 --- a/concepts/permissions-grant-via-msgraph.md +++ b/concepts/permissions-grant-via-msgraph.md @@ -9,6 +9,7 @@ ms.prod: "applications" zone_pivot_groups: grant-api-permissions ms.custom: template-how-to ms.date: 07/25/2023 +#Customer intent: As a developer, I want to learn how to grant and revoke API permissions for an app using Microsoft Graph, and bypass the interactive consent prompt available on the Microsoft Entra portal. --- # Grant or revoke API permissions programmatically diff --git a/concepts/permissions-overview.md b/concepts/permissions-overview.md index 962efaa1395..ab8fdf942a1 100644 --- a/concepts/permissions-overview.md +++ b/concepts/permissions-overview.md @@ -8,6 +8,7 @@ ms.localizationpriority: high ms.prod: "applications" ms.date: 10/26/2023 ms.custom: graphiamtop20, scenarios:getting-started +#Customer-intent: As a developer integrating with Microsoft Graph, I want to learn about using Microsoft Graph permissions, so that I can properly request and manage permissions for my app. --- # Overview of Microsoft Graph permissions diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index b59019a4413..87fb6556663 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -9,6 +9,7 @@ ms.topic: reference ms.prod: "applications" ms.custom: graphiamtop20, scenarios:getting-started ms.date: 12/11/2023 +#Customer intent: As a developer, I want to learn more about the permissions that Microsoft Graph exposes, so that I understand the impact of granting specific permissions to my app. --- # Microsoft Graph permissions reference diff --git a/concepts/throttling-limits.md b/concepts/throttling-limits.md index 3194610ccd0..5803e8a2ea8 100644 --- a/concepts/throttling-limits.md +++ b/concepts/throttling-limits.md @@ -3,6 +3,7 @@ title: "Microsoft Graph service-specific throttling limits" description: "Identify the throttling limits for each Microsoft Graph service to apply best practices to manage throttling in your application." ms.localizationpriority: high ms.custom: graphiamtop20 +#Customer intent: As a developer using Microsoft Graph to access multiple services, I want to understand the throttling limits imposed by each service, so that I can ensure my application stays within the allowed limits and avoids being throttled. --- # Microsoft Graph service-specific throttling limits diff --git a/concepts/throttling.md b/concepts/throttling.md index c51df4a121d..2b393d87bb9 100644 --- a/concepts/throttling.md +++ b/concepts/throttling.md @@ -3,6 +3,7 @@ title: "Microsoft Graph throttling guidance" description: "Find best practices for maintaining optimal performance of the Microsoft Graph service if an overwhelming number of requests occurs." ms.localizationpriority: high ms.custom: graphiamtop20 +#Customer intent: As a developer integrating with Microsoft Graph, I want to understand how to avoid throttling and how to handle throttling when it occurs. --- # Microsoft Graph throttling guidance diff --git a/concepts/tutorial-access-package-api.md b/concepts/tutorial-access-package-api.md index f7c3f260897..9b93b53a933 100644 --- a/concepts/tutorial-access-package-api.md +++ b/concepts/tutorial-access-package-api.md @@ -7,6 +7,7 @@ ms.reviewer: Mark.Wahl ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to understand how to use entitlement management APIs to manage access to resources. --- # Manage access to resources using the entitlement management APIs in Microsoft Graph diff --git a/concepts/tutorial-accessreviews-M365group.md b/concepts/tutorial-accessreviews-M365group.md index 78ba30af0aa..d2045b90e22 100644 --- a/concepts/tutorial-accessreviews-M365group.md +++ b/concepts/tutorial-accessreviews-M365group.md @@ -7,6 +7,7 @@ ms.reviewer: jgangadhar ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use the access reviews APIs to review and attest to the access that principals have to resources in my organization, so that I can ensure proper security and compliance in my organization. --- # Review guest access to your Microsoft 365 groups using the access reviews API in Microsoft Graph diff --git a/concepts/tutorial-accessreviews-roleassignments.md b/concepts/tutorial-accessreviews-roleassignments.md index 71c68c323fa..2b387052572 100644 --- a/concepts/tutorial-accessreviews-roleassignments.md +++ b/concepts/tutorial-accessreviews-roleassignments.md @@ -7,6 +7,7 @@ ms.reviewer: jgangadhar ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use the access reviews APIs to review and attest to the privileged admin roles that principals in my organization, so that I can ensure proper security and compliance in my organization. --- # Review access to privileged roles using the access reviews API in Microsoft Graph diff --git a/concepts/tutorial-accessreviews-securitygroup.md b/concepts/tutorial-accessreviews-securitygroup.md index 077204ebb97..8792b9ea119 100644 --- a/concepts/tutorial-accessreviews-securitygroup.md +++ b/concepts/tutorial-accessreviews-securitygroup.md @@ -7,6 +7,7 @@ ms.reviewer: jgangadhar ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use the access reviews APIs to review and attest to the access that principals have to resources in my organization, so that I can ensure proper security and compliance in my organization. --- # Review access to your security groups using the access reviews API in Microsoft Graph diff --git a/concepts/tutorial-applications-basics.md b/concepts/tutorial-applications-basics.md index 82525894624..b632e3ecd15 100644 --- a/concepts/tutorial-applications-basics.md +++ b/concepts/tutorial-applications-basics.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.topic: how-to ms.prod: "applications" ms.date: 08/14/2023 +#Customer intent: As a developer integrating with Microsoft Graph, I want to learn how to programmatically create and manage applications and service principals in my tenant. --- # Manage a Microsoft Entra application using Microsoft Graph diff --git a/concepts/tutorial-assign-azureadroles.md b/concepts/tutorial-assign-azureadroles.md index ef0ecdb7cfc..7e89b14bbc0 100644 --- a/concepts/tutorial-assign-azureadroles.md +++ b/concepts/tutorial-assign-azureadroles.md @@ -7,8 +7,10 @@ ms.reviewer: rianakarim ms.localizationpriority: medium ms.prod: "governance" ms.date: 12/20/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to learn how to integrate Privileged Identity Management (PIM) APIs for just in time access to Microsoft Entra roles, so that I can strengthen my organization's Zero Trust posture by enforcing the principle of least privilege. --- + # Assign Microsoft Entra roles through Privileged Identity Management (PIM) APIs in Microsoft Graph Microsoft Graph PIM API enables organizations to manage privileged access to resources in Microsoft Entra ID. It also helps to manage the risks of privileged access by limiting when access is active, managing the scope of access, and providing an auditable log of privileged access. diff --git a/concepts/tutorial-lifecycle-workflows-offboard-custom-workflow.md b/concepts/tutorial-lifecycle-workflows-offboard-custom-workflow.md index 1eb55f03d0c..7442bd34995 100644 --- a/concepts/tutorial-lifecycle-workflows-offboard-custom-workflow.md +++ b/concepts/tutorial-lifecycle-workflows-offboard-custom-workflow.md @@ -7,11 +7,12 @@ ms.reviewer: Alexander.Filipin ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/08/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use Lifecycle Workflows APIs to automate employee offboarding tasks, so that I can ensure proper security, efficient lifecycle management, and compliance in my organization. --- # Complete employee offboarding tasks in real-time on their last day of work using Lifecycle Workflows APIs -This tutorial provides step-by-step guidance for completing a real-time employee termination with Lifecycle Workflows using Microsoft Graph. +This tutorial provides step-by-step guidance for completing a real-time employee termination with Lifecycle Workflows using Microsoft Graph. In this scenario, the emplyee termination isn't scheduled. See [Schedule employee offboarding tasks with Lifecycle Workflows APIs](/graph/tutorial-lifecycle-workflows-scheduled-leaver) for a scheduled scenario. This post off-boarding scenario will run a workflow on-demand and accomplish the following tasks: diff --git a/concepts/tutorial-lifecycle-workflows-onboard-custom-workflow.md b/concepts/tutorial-lifecycle-workflows-onboard-custom-workflow.md index 3193154b94a..8aca4bdbcbe 100644 --- a/concepts/tutorial-lifecycle-workflows-onboard-custom-workflow.md +++ b/concepts/tutorial-lifecycle-workflows-onboard-custom-workflow.md @@ -7,6 +7,7 @@ ms.reviewer: Alexander.Filipin ms.localizationpriority: medium ms.prod: "governance" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use Lifecycle Workflows APIs to automate employee onboarding tasks, so that I can ensure proper security, efficient lifecycle management, and compliance in my organization. --- # Automate employee onboarding tasks before their first day of work using Lifecycle Workflows APIs diff --git a/concepts/tutorial-lifecycle-workflows-scheduled-leaver.md b/concepts/tutorial-lifecycle-workflows-scheduled-leaver.md index 85add9a9163..b8eb1afd4b7 100644 --- a/concepts/tutorial-lifecycle-workflows-scheduled-leaver.md +++ b/concepts/tutorial-lifecycle-workflows-scheduled-leaver.md @@ -8,11 +8,12 @@ ms.localizationpriority: medium ms.prod: "governance" doc_type: conceptualPageType ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use Lifecycle Workflows APIs to automate employee offboarding tasks, so that I can ensure proper security, efficient lifecycle management, and compliance in my organization. --- # Automate employee offboarding tasks after their last day of work using Lifecycle Workflows APIs -This tutorial provides step-by-step guidance for configuring offboarding tasks for employees after their last day of work using Lifecycle workflows APIs in Microsoft Graph. +This tutorial provides step-by-step guidance for configuring offboarding tasks for employees after their last day of work using Lifecycle workflows APIs in Microsoft Graph. In this scenario, the employee termination is scheduled, possibly including a notice period. See [Complete employee offboarding tasks in real-time on their last day of work using Lifecycle Workflows APIs](/graph/tutorial-lifecycle-workflows-offboard-custom-workflow) for an unscheduled, real-time termination scenario. This post off-boarding scenario will run a scheduled workflow and accomplish the following tasks: diff --git a/concepts/tutorial-lifecycle-workflows-set-employeeleavedatetime.md b/concepts/tutorial-lifecycle-workflows-set-employeeleavedatetime.md index a38d421d2ae..fdc690fbb2b 100644 --- a/concepts/tutorial-lifecycle-workflows-set-employeeleavedatetime.md +++ b/concepts/tutorial-lifecycle-workflows-set-employeeleavedatetime.md @@ -8,6 +8,7 @@ ms.localizationpriority: medium ms.prod: "governance" doc_type: conceptualPageType ms.date: 12/08/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want programmatically configure the employeeLeaveDateTime property for a user, so that I can trigger scheduled "leaver" workflows using Lifecycle Workflows. --- # Configure the employeeLeaveDateTime property for a user diff --git a/concepts/tutorial-riskdetection-api.md b/concepts/tutorial-riskdetection-api.md index 543d8d35e58..63fea8984be 100644 --- a/concepts/tutorial-riskdetection-api.md +++ b/concepts/tutorial-riskdetection-api.md @@ -7,6 +7,7 @@ ms.reviewer: Etan.Basseri ms.localizationpriority: medium ms.prod: "identity-and-sign-in" ms.date: 11/01/2022 +#Customer intent: As a developer integrating with Microsoft Graph, I want to use Microsoft Entra ID Protection to identify and remediate identity-based risks, so that I can ensure the security of user accounts and protect against unauthorized access. --- # Identify and remediate risks using Microsoft Graph From fb2fd5dd1fa8cac1e83c1bead3c6c1a18c134b4c Mon Sep 17 00:00:00 2001 From: jagritee Date: Thu, 21 Dec 2023 21:23:43 +0530 Subject: [PATCH 142/156] updating the error codes in respective responsed --- ...ienceuser-post-learningcourseactivities.md | 16 +++- .../v1.0/api/learningcourseactivity-delete.md | 15 +++- .../v1.0/api/learningcourseactivity-get.md | 16 +++- .../v1.0/api/learningcourseactivity-update.md | 20 ++++- .../learningcourseactivity-error-codes.md | 75 ------------------- concepts/toc.yml | 4 +- 6 files changed, 64 insertions(+), 82 deletions(-) delete mode 100644 concepts/learningcourseactivity-error-codes.md diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index f4d4043589d..57a6cab4a8a 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -73,7 +73,21 @@ In the request body, use @odata.type to specify the type of [learningCourseActiv ## Response If successful, this method returns a `201 Created` response code and a [learningCourseActivity](../resources/learningcourseactivity.md) object of type [learningAssignment](../resources/learningassignment.md) or [learningSelfInitiated](../resources/learningselfinitiatedcourse.md) in the response body. -For more information about errors, see [Error codes and messages](../../../concepts/learningcourseactivity-error-codes.md). + +Below are the error codes returned in case of failure + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| +|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| +|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| +|Internal server error|500|internalServerError|Internal server error.| +|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| +|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| +|Multiple field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}.| +|Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match the provider with which the learningContent is created.| +|Forbidden|403|The user license isn't valid to perform the operation|When the user for which the assignment is being created doesn't have a premium license.| + ## Examples diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index e2f992184e3..5d63597719a 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -48,7 +48,20 @@ Don't supply a request body for this method. ## Response If successful, this method returns a `204 No Content` response code. -For more information about errors, see [Error codes and messages](../../../concepts/learningcourseactivity-error-codes.md). + +Below are the error codes returned in case of failure + +|Scenario|HTTP code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| +|User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| +|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| +|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| +|Bad request|404|notFound|The requested assignment ID doesn’t exist.| +|Internal server error|500|internalServerError|Internal server error.| +|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| +|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| ## Examples diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index d23034e2fda..7884ad6b2b5 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -76,7 +76,21 @@ Don't supply a request body for this method. ## Response If successful, this method returns a `200 OK` response code and a [learningCourseActivity](../resources/learningcourseactivity.md) object in the response body. -For more information about errors returned, see [Error codes and messages](../../../concepts/learningcourseactivity-error-codes.md). + +Below are the error codes returned in case of failure + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| +|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| +|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| +|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| +|Bad request|404|notFound|The requested assignment ID doesn’t exist.| +|Internal server error|500|internalServerError|Internal server error.| +|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| +|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| + ## Examples diff --git a/api-reference/v1.0/api/learningcourseactivity-update.md b/api-reference/v1.0/api/learningcourseactivity-update.md index 748c94635fa..5df95a7de2e 100644 --- a/api-reference/v1.0/api/learningcourseactivity-update.md +++ b/api-reference/v1.0/api/learningcourseactivity-update.md @@ -68,7 +68,25 @@ The following table lists the properties you can change for a self-initiated lea ## Response If successful, this method returns a `204 No Content` response code. -For more information about errors returned, see [Error codes and messages](../../../concepts/learningcourseactivity-error-codes.md). + +Below are error codes returned in case of failure + +|Scenario|HTTP Code|Code|Message|Details| +|:---|:---|:---|:---|:---| +|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| +|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| +|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| +|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| +|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|404|notFound|The assignment ID requested doesn’t exist.| +|Internal server error|500|internalServerError|Internal server error| +|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| +|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| +|Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| +|Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| +|Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| +|Forbidden|403|Forbidden|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| +|Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| ## Examples diff --git a/concepts/learningcourseactivity-error-codes.md b/concepts/learningcourseactivity-error-codes.md deleted file mode 100644 index 9b32338b1df..00000000000 --- a/concepts/learningcourseactivity-error-codes.md +++ /dev/null @@ -1,75 +0,0 @@ ---- -title: "Error codes in the learningCourseActivity API" -description: "This article describes error codes returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails." -author: "jprasad" -ms.localizationpriority: medium -ms.prod: "employee-learning" -doc_type: conceptualPageType ---- - -# Error Codes in the learningCourseActivity API - -Namespace: microsoft.graph - -This article describes error codes returned by the learningCourseActivity API in Microsoft Graph whenever a request that is sent through the API fails. - -## Error codes and messages for failed create requests - -|Scenario|HTTP Code|Code|Message|Details| -|:---|:---|:---|:---|:---| -|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| -|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| -|Internal server error|500|Internal server error|Internal server error.| -|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| -|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| -|Multiple field validations fail|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName}shouldn't be empty"}, {"code": "badRequest","message": "Input field {fieldName} is required"}, {"code": "badRequest","message": "Input field {fieldName}length exceeded than {expectedLength}"}.| -|Forbidden|403|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match the provider with which the learningContent is created.| -|Forbidden|403|The user license isn't valid to perform the operation|When the user for which the assignment is being created doesn't have a premium license.| - -## Error codes and messages for failed delete requests - -|Scenario|HTTP code|Code|Message|Details| -|:---|:---|:---|:---|:---| -|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| -|User doesn't have the appropriate permissions scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| -|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| -|Bad request|404|notFound|The requested assignment ID doesn’t exist.| -|Internal server error|500|internalServerError|Internal server error.| -|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| -|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| - -## Error codes and messages for failed get requests - -|Scenario|HTTP Code|Code|Message|Details| -|:---|:---|:---|:---|:---| -|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| -|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| -|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| -|Bad request|404|notFound|The requested assignment ID doesn’t exist.| -|Internal server error|500|internalServerError|Internal server error.| -|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes"}.| -|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| - -## Error codes and messages for failed update requests - -|Scenario|HTTP Code|Code|Message|Details| -|:---|:---|:---|:---|:---| -|Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| -|User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| -|Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| -|Bad request|400|badRequest|This provider isn't enabled for the given tenant.| -|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| -|Bad request|404|notFound|The assignment ID requested doesn’t exist.| -|Internal server error|500|internalServerError|Internal server error| -|Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| -|Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| -|Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| -|Bad request|400|badRequest|Input fields are invalid|{"code": "badRequest","message": "Input field {fieldName} is invalid"}.| -|Bad request|400|badRequest|badRequest|{"code": "badRequest","message": "Input field {fieldName} shouldn't be empty"}.| -|Forbidden|403|Forbidden|The provider isn't valid to create course activity for the given learning content|When the registrationId/learningProviderId doesn't match with the provider with which the learningContent is created.| -|Forbidden|403|Forbidden|The user license is not valid to perform the operation|When the user for which the assignment is being created does not have a premium license.| diff --git a/concepts/toc.yml b/concepts/toc.yml index 6ec7cdb204f..e5546df2d9c 100644 --- a/concepts/toc.yml +++ b/concepts/toc.yml @@ -1190,6 +1190,4 @@ items: displayName: Microsoft Graph REST API v1.0 reference - name: API beta reference href: /graph/api/overview?view=graph-rest-beta&preserve-view=true - displayName: Microsoft Graph beta endpoint reference, Microsoft Graph REST API Beta - - name: Error codes in the learning course activity API - href: learningcourseactivity-error-codes.md + displayName: Microsoft Graph beta endpoint reference, Microsoft Graph REST API Beta \ No newline at end of file From d90f5859fd4d4425149429ad32515d0152532cbb Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 09:54:46 -0600 Subject: [PATCH 143/156] Apply suggestions from code review --- concepts/permissions-reference.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index 55944479eb3..8b2a5a98b7f 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -1874,7 +1874,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | c0b0103b-c053-4b2e-9973-9f3a544ec9b8 -| DisplayText | - | Read users' class assignment information without reading any feedback or outcomes +| DisplayText | - | Read users' class assignment information without reading any feedback or outcomes. | Description | - | Allows the app to read assignment information on behalf of the user without reading any feedback or outcomes. | AdminConsentRequired | - | Yes @@ -1885,7 +1885,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 6e0a958b-b7fc-4348-b7c4-a6ab9fd3dd0e | - -| DisplayText | Read all class assignment information without reading any feedback or outcomes | - +| DisplayText | Read all class assignment information without reading any feedback or outcomes. | - | Description | Allows the app to read all class assignment information for all users without a signed-in user without reading any feedback or outcomes. | - | AdminConsentRequired | Yes | - @@ -1918,7 +1918,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | 2ef770a1-622a-47c4-93ee-28d6adbed3a0 -| DisplayText | - | Read and write users' class assignment information without impacting or reading any feedback or outcomes +| DisplayText | - | Read and write users' class assignment information without impacting or reading any feedback or outcomes. | Description | - | Allows the app to read and write assignment information on behalf of the user without affecting or reading any feedback or outcomes. | AdminConsentRequired | - | Yes @@ -1929,7 +1929,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | f431cc63-a2de-48c4-8054-a34bc093af84 | - -| DisplayText | Create, read, update, and delete all class assignment information without accessing or impacting any feedback or outcomes | - +| DisplayText | Create, read, update, and delete all class assignment information without accessing or impacting any feedback or outcomes. | - | Allows the app to read and write assignment information on behalf of the user without affecting or reading any feedback or outcomes. | - | AdminConsentRequired | Yes | - From ea61e21de3f367d6d739fed3a837eaea18d6aac8 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 10:11:59 -0600 Subject: [PATCH 144/156] Update permissions-reference.md --- concepts/permissions-reference.md | 122 +++++++++++++++--------------- 1 file changed, 61 insertions(+), 61 deletions(-) diff --git a/concepts/permissions-reference.md b/concepts/permissions-reference.md index 8b2a5a98b7f..35b8c418529 100644 --- a/concepts/permissions-reference.md +++ b/concepts/permissions-reference.md @@ -15,7 +15,7 @@ ms.date: 12/11/2023 For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists the delegated and application permissions exposed by Microsoft Graph. For guidance about how to use the permissions, see the [Overview of Microsoft Graph permissions](permissions-overview.md). -To read information about all Microsoft Graph permissions programmatically, sign-in to an API client such as Graph Explorer using an account that has at least the *Application.Read.All* permission and run the following request. +To read information about all Microsoft Graph permissions programmatically, sign in to an API client such as Graph Explorer using an account that has at least the *Application.Read.All* permission and run the following request. ```msgraph-interactive GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000-c000-000000000000')?$select=id,appId,displayName,appRoles,oauth2PermissionScopes,resourceSpecificApplicationPermissions @@ -33,7 +33,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | d07a8cc0-3d51-4b77-b3b0-32704d1f69fa | ebfcd32b-babb-40f4-a14b-42706e83bd28 -| DisplayText | Read all access reviews | Read all access reviews that user can access +| DisplayText | Read all access reviews | Read all access reviews that the user can access | Description | Allows the app to read access reviews, reviewers, decisions and settings in the organization, without a signed-in user. | Allows the app to read access reviews, reviewers, decisions and settings that the signed-in user has access to in the organization. | AdminConsentRequired | Yes | Yes @@ -243,7 +243,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 1bfefb4e-e0b5-418b-a88f-73c46d2cc8e9 | bdfbf15f-ee85-4955-8675-146e8e5296b5 | DisplayText | Read and write all applications | Read and write all applications -| Description | Allows the app to create, read, update and delete applications and service principals without a signed-in user. Does not allow management of consent grants. | Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. Does not allow management of consent grants. +| Description | Allows the app to create, read, update and delete applications and service principals without a signed-in user. It doesn't allow the management of consent grants. | Allows the app to create, read, update and delete applications and service principals on behalf of the signed-in user. It doesn't allow the management of consent grants. | AdminConsentRequired | Yes | Yes [!INCLUDE [Application.ReadWrite.All](../includes/permissions-notes/Application.ReadWrite.All.md)] @@ -447,7 +447,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | b27a61ec-b99c-4d6a-b126-c4375d08ae30 | DisplayText | - | Read BitLocker keys -| Description | - | Allows the app to read BitLocker keys on behalf of the signed-in user, for their owned devices. Allows read of the recovery key. +| Description | - | Allows the app to read BitLocker keys on behalf of the signed-in user, for their owned devices. Allows to read the recovery key. | AdminConsentRequired | - | Yes --- @@ -458,7 +458,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 5a107bfc-4f00-4e1a-b67e-66451267bc68 | DisplayText | - | Read BitLocker keys basic information -| Description | - | Allows the app to read basic BitLocker key properties on behalf of the signed-in user, for their owned devices. Does not allow read of the recovery key itself. +| Description | - | Allows the app to read basic BitLocker key properties on behalf of the signed-in user, for their owned devices. It doesn't allow to read the recovery key itself. | AdminConsentRequired | - | Yes --- @@ -491,7 +491,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 948eb538-f19d-4ec5-9ccc-f059e1ea4c72 | DisplayText | - | Read and write bookings information -| Description | - | Allows an app to read and write bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. Does not allow create, delete and publish of booking businesses. +| Description | - | Allows an app to read and write bookings appointments, businesses, customers, services, and staff on behalf of the signed-in user. It doesn't allow to create, delete and publish of booking businesses. | AdminConsentRequired | - | No --- @@ -612,7 +612,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 798ee544-9d2d-430c-a058-570e29e34338 | 465a38f9-76ea-45b9-9f34-9e8b0d4b0b42 | DisplayText | Read calendars in all mailboxes | Read user calendars -| Description | Allows the app to read events of all calendars without a signed-in user. | Allows the app to read events in user calendars . +| Description | Allows the app to read events of all calendars without a signed-in user. | Allows the app to read events in user calendars. | AdminConsentRequired | Yes | No [!INCLUDE [Calendars.Read](../includes/permissions-notes/Calendars.Read.md)] @@ -671,7 +671,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 12466101-c9b8-439a-8589-dd09ee67e8e9 | DisplayText | - | Read and write user and shared calendars -| Description | - | Allows the app to create, read, update and delete events in all calendars in the organization user has permissions to access. This includes delegate and shared calendars. +| Description | - | Allows the app to create, read, update and delete events in all calendars in the organization the user has permission to access. This includes delegate and shared calendars. | AdminConsentRequired | - | No --- @@ -682,7 +682,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 1abb026f-7572-49f6-9ddd-ad61cbba181e | - | DisplayText | Read all call events | - -| Description | Allows the app to read call event information for all users in your organizatio, without a signed-in user. | - +| Description | Allows the app to read call event information for all users in your organization, without a signed-in user. | - | AdminConsentRequired | Yes | - --- @@ -1005,7 +1005,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 294ce7c9-31ba-490a-ad7d-97a7d075e4ed | 7e9a077b-3711-42b9-b7cb-5fa5f3f7fea7 | DisplayText | Read and write all chat messages | Read and write all chat messages -| Description | Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user. | Allows an app to read and write all one-to-one and group chats in Microsoft Teams, without a signed-in user. Does not allow sending messages. +| Description | Allows an app to read and write all chat messages in Microsoft Teams, without a signed-in user. | Allows an app to read and write all one-to-one and group chats in Microsoft Teams, without a signed-in user. It doesn't allow sending messages. | AdminConsentRequired | Yes | Yes --- @@ -1305,7 +1305,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 306785c5-c09b-4ba0-a4ee-023f3da165cb | 64dfa325-cbf8-48e3-938d-51224a0cac01 -| DisplayText | Read all shared cross-tenant user profiles and export or delete their data | Read all shared cross-tenant user profiles and export or delete their data +| DisplayText | Read all shared cross-tenant user-profiles and export or delete their data | Read all shared cross-tenant user-profiles and export or delete their data | Description | Allows the application to list and query any shared user profile information associated with the current tenant without a signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant without a signed-in user. | Allows the application to list and query any shared user profile information associated with the current tenant on behalf of the signed-in user.  It also permits the application to export and remove external user data (e.g. customer content or system-generated logs), for any user associated with the current tenant on behalf of the signed-in user. | AdminConsentRequired | Yes | Yes @@ -1316,7 +1316,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 88bb2658-5d9e-454f-aacd-a3933e079526 | b2052569-c98c-4f36-a5fb-43e5c111e6d0 -| DisplayText | Read all custom authentication extensions | Read your oganization's custom authentication extensions +| DisplayText | Read all custom authentication extensions | Read your organization's custom authentication extensions | Description | Allows the app to read your organization's custom authentication extensions without a signed-in user. | Allows the app to read your organization's custom authentication extensions on behalf of the signed-in user. | AdminConsentRequired | Yes | Yes @@ -1504,7 +1504,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 1138cb37-bd11-4084-a2b7-9f71582aeddb | - | DisplayText | Read and write devices | - -| Description | Allows the app to read and write all device properties without a signed in user. Does not allow device creation, device deletion or update of device alternative security identifiers. | - +| Description | Allows the app to read and write all device properties without a signed-in user. It doesn't allow device creation, device deletion or update of device alternative security identifiers. | - | AdminConsentRequired | Yes | - [!INCLUDE [Device.ReadWrite.All](../includes/permissions-notes/Device.ReadWrite.All.md)] @@ -1517,7 +1517,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 884b599e-4d48-43a5-ba94-15c414d00588 | 280b3b69-0437-44b1-bc20-3b2fca1ee3e9 | DisplayText | Read device local credential passwords | Read device local credential passwords -| Description | Allows the app to read device local credential properties including passwords, without a signed-in user. | Allows the app to read device local credential properties including passwords, on behalf of the signed-in user. +| Description | Allows the app to read device local credential properties including passwords, without a signed-in user. | Allows the app to read the device's local credential properties including passwords, on behalf of the signed-in user. | AdminConsentRequired | Yes | Yes --- @@ -1617,7 +1617,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 243333ab-4d21-40cb-a475-36241daa0842 | 44642bfe-8385-4adc-8fc6-fe3cb2c375c3 | DisplayText | Read and write Microsoft Intune devices | Read and write Microsoft Intune devices -| Description | Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. Does not allow high impact operations such as remote wipe and password reset on the device's owner | Allows the app to read and write the properties of devices managed by Microsoft Intune. Does not allow high impact operations such as remote wipe and password reset on the device's owner. +| Description | Allows the app to read and write the properties of devices managed by Microsoft Intune, without a signed-in user. It doesn't allow high-impact operations such as remote wipe and password reset on the device's owner | Allows the app to read and write the properties of devices managed by Microsoft Intune. It doesn't allow high-impact operations such as remote wipe and password reset on the device's owner. | AdminConsentRequired | Yes | Yes [!INCLUDE [DeviceManagementManagedDevices.ReadWrite.All](../includes/permissions-notes/DeviceManagementManagedDevices.ReadWrite.All.md)] @@ -1708,7 +1708,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 19dbc75e-c2e2-444c-a770-ec69d8559fc7 | c5366453-9fb0-48a5-a156-24f0c49a4b84 | DisplayText | Read and write directory data | Read and write directory data -| Description | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. Does not allow user or group deletion. | Allows the app to read and write data in your organization's directory, such as users, and groups. It does not allow the app to delete users or groups, or reset user passwords. +| Description | Allows the app to read and write data in your organization's directory, such as users, and groups, without a signed-in user. It doesn't allow user or group deletion. | Allows the app to read and write data in your organization's directory, such as users, and groups. It doesn't allow the app to delete users or groups, or reset user passwords. | AdminConsentRequired | Yes | Yes [!INCLUDE [Directory.ReadWrite.All](../includes/permissions-notes/Directory.ReadWrite.All.md)] @@ -2916,7 +2916,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | e2a3a72e-5f79-4c64-b1b1-878b674786c9 | 024d486e-b451-40bb-833d-3e66d98c5c73 | DisplayText | Read and write mail in all mailboxes | Read and write access to user mail -| Description | Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. Does not include permission to send mail. | Allows the app to create, read, update, and delete email in user mailboxes. Does not include permission to send mail. +| Description | Allows the app to create, read, update, and delete mail in all mailboxes without a signed-in user. It doesn't include permission to send mail. | Allows the app to create, read, update, and delete emails in user mailboxes. It doesn't include permission to send mail. | AdminConsentRequired | Yes | No [!INCLUDE [Mail.ReadWrite](../includes/permissions-notes/Mail.ReadWrite.md)] @@ -2929,7 +2929,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 5df07973-7d5d-46ed-9847-1271055cbd51 | DisplayText | - | Read and write user and shared mail -| Description | - | Allows the app to create, read, update, and delete mail a user has permission to access, including their own and shared mail. Does not include permission to send mail. +| Description | - | Allows the app to create, read, update, and delete mail a user has permission to access, including their own and shared mail. It doesn't include permission to send mail. | AdminConsentRequired | - | No [!INCLUDE [Mail.ReadWrite.Shared](../includes/permissions-notes/Mail.ReadWrite.Shared.md)] @@ -2968,7 +2968,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 40f97065-369a-49f4-947c-6a255697ae91 | 87f447af-9fa4-4c32-9dfa-4a57a73d18ce | DisplayText | Read all user mailbox settings | Read user mailbox settings -| Description | Allows the app to read user's mailbox settings without a signed-in user. Does not include permission to send mail. | Allows the app to the read user's mailbox settings. Does not include permission to send mail. +| Description | Allows the app to read user's mailbox settings without a signed-in user. It doesn't include permission to send mail. | Allows the app to the read user's mailbox settings. It doesn't include permission to send mail. | AdminConsentRequired | Yes | No [!INCLUDE [MailboxSettings.Read](../includes/permissions-notes/MailboxSettings.Read.md)] @@ -2981,7 +2981,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 6931bccd-447a-43d1-b442-00a195474933 | 818c620a-27a9-40bd-a6a5-d96f7d610b4b | DisplayText | Read and write all user mailbox settings | Read and write user mailbox settings -| Description | Allows the app to create, read, update, and delete user's mailbox settings without a signed-in user. Does not include permission to send mail. | Allows the app to create, read, update, and delete user's mailbox settings. Does not include permission to send mail. +| Description | Allows the app to create, read, update, and delete a user's mailbox settings without a signed-in user. It doesn't include permission to send mail. | Allows the app to create, read, update, and delete user's mailbox settings. It doesn't include permission to send mail. | AdminConsentRequired | Yes | No [!INCLUDE [MailboxSettings.ReadWrite](../includes/permissions-notes/MailboxSettings.ReadWrite.md)] @@ -3203,7 +3203,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 7427e0e9-2fba-42fe-b0c0-848c9e6a8182 | DisplayText | - | Maintain access to data you have given it access to -| Description | - | Allows the app to see and update the data you gave it access to, even when users are not currently using the app. This does not give the app any additional permissions. +| Description | - | Allows the app to see and update the data you gave it access to, even when users are not currently using the app. It doesn't give the app any additional permissions. | AdminConsentRequired | - | No [!INCLUDE [offline_access](../includes/permissions-notes/offline_access.md)] @@ -3932,7 +3932,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | f5b3f73d-6247-44df-a74c-866173fddab0 | 89f66824-725f-4b8f-928e-e1c5258dc565 | DisplayText | Read and update printers | Read and update printers -| Description | Allows the application to read and update printers without a signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. | Allows the application to read and update printers on behalf of the signed-in user. Does not allow creating (registering) or deleting (unregistering) printers. +| Description | Allows the application to read and update printers without a signed-in user. It doesn't allow creating (registering) or deleting (unregistering) printers. | Allows the application to read and update printers on behalf of the signed-in user.  It doesn't allow creating (registering) or deleting (unregistering) printers. | AdminConsentRequired | Yes | Yes --- @@ -3954,7 +3954,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 5fa075e9-b951-4165-947b-c63396ff0a37 | DisplayText | - | Read basic information about printer shares -| Description | - | Allows the application to read basic information about printer shares on behalf of the signed-in user. Does not allow reading access control information. +| Description | - | Allows the application to read basic information about printer shares on behalf of the signed-in user. It doesn't allow reading access to control information. | AdminConsentRequired | - | No --- @@ -4025,8 +4025,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | 6a71a747-280f-4670-9ca0-a9cbf882b274 -| DisplayText | - | Read basic information of user's print jobs -| Description | - | Allows the application to read the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. +| DisplayText | - | Read basic information of the user's print jobs +| Description | - | Allows the application to read the metadata of print jobs that the signed-in user created. It doesn't allow access to print job document content. | AdminConsentRequired | - | No [!INCLUDE [PrintJob.ReadBasic](../includes/permissions-notes/PrintJob.ReadBasic.md)] @@ -4039,7 +4039,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | fbf67eee-e074-4ef7-b965-ab5ce1c1f689 | 04ce8d60-72ce-4867-85cf-6d82f36922f3 | DisplayText | Read basic information for print jobs | Read basic information of print jobs -| Description | Allows the application to read the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Allows the application to read the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. +| Description | Allows the application to read the metadata of print jobs without a signed-in user.  It doesn't allow access to print job document content. | Allows the application to read the metadata of print jobs on behalf of the signed-in user.  It doesn't allow access to print job document content. | AdminConsentRequired | Yes | Yes [!INCLUDE [PrintJob.ReadBasic.All](../includes/permissions-notes/PrintJob.ReadBasic.All.md)] @@ -4078,7 +4078,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 6f2d22f2-1cb6-412c-a17c-3336817eaa82 | DisplayText | - | Read and write basic information of user's print jobs -| Description | - | Allows the application to read and update the metadata of print jobs that the signed-in user created. Does not allow access to print job document content. +| Description | - | Allows the application to read and update the metadata of print jobs that the signed-in user created. It doesn't allow access to print job document content. | AdminConsentRequired | - | No [!INCLUDE [PrintJob.ReadWriteBasic](../includes/permissions-notes/PrintJob.ReadWriteBasic.md)] @@ -4091,7 +4091,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 57878358-37f4-4d3a-8c20-4816e0d457b1 | 3a0db2f6-0d2a-4c19-971b-49109b19ad3d | DisplayText | Read and write basic information for print jobs | Read and write basic information of print jobs -| Description | Allows the application to read and update the metadata of print jobs without a signed-in user. Does not allow access to print job document content. | Allows the application to read and update the metadata of print jobs on behalf of the signed-in user. Does not allow access to print job document content. +| Description | Allows the application to read and update the metadata of print jobs without a signed-in user.  It doesn't allow access to print job document content. | Allows the application to read and update the metadata of print jobs on behalf of the signed-in user.  It doesn't allow access to print job document content. | AdminConsentRequired | Yes | Yes [!INCLUDE [PrintJob.ReadWriteBasic.All](../includes/permissions-notes/PrintJob.ReadWriteBasic.All.md)] @@ -4504,7 +4504,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 11059518-d6a6-4851-98ed-509268489c4a | 435644c6-a5b1-40bf-8f52-fe8e5b53e19c | DisplayText | Read all alert data, configure alerts, and take actions on all alerts for your company's directory | Read all alert data, configure alerts, and take actions on all alerts for your company's directory -| Description | Allows the app to read and manage all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Allows the app to read and manage the role-based access control (RBAC) alerts for your company's directory, on behalf of the signed-in user. This includes managing alert settings, initiating alert scans, dimissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. +| Description | Allows the app to read and manage all role-based access control (RBAC) alerts for your company's directory, without a signed-in user. This includes managing alert settings, initiating alert scans, dismissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | Allows the app to read and manage the role-based access control (RBAC) alerts for your company's directory, on behalf of the signed-in user. This includes managing alert settings, initiating alert scans, dismissing alerts, remediating alert incidents, and reading alert statuses, alert definitions, alert configurations and incidents that lead to an alert. | AdminConsentRequired | Yes | Yes --- @@ -5075,8 +5075,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 4437522e-9a86-4a41-a7da-e380edd4a97d | 2104a4db-3a2f-4ea0-9dba-143d457dc666 -| DisplayText | Add and remove members with non-owner role for all teams | Add and remove members with non-owner role for all teams -| Description | Add and remove members from all teams, without a signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role. | Add and remove members from all teams, on behalf of the signed-in user. Does not allow adding or removing a member with the owner role. Additionally, does not allow the app to elevate an existing member to the owner role. +| DisplayText | Add and remove members with non-owner roles for all teams | Add and remove members with non-owner roles for all teams +| Description | Add and remove members from all teams, without a signed-in user. It doesn't allow adding or removing a member with the owner role. Additionally, It doesn't allow the app to elevate an existing member to the owner role. | Add and remove members from all teams, on behalf of the signed-in user. It doesn't allow adding or removing a member with the owner role. Additionally, It doesn't allow the app to elevate an existing member to the owner role. | AdminConsentRequired | Yes | Yes --- @@ -5109,7 +5109,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | a267235f-af13-44dc-8385-c1dc93023186 | 7ab1d787-bae7-4d5d-8db6-37ea32df9186 | DisplayText | Send a teamwork activity to any user | Send a teamwork activity as the user -| Description | Allows the app to create new notifications in users' teamwork activity feeds without a signed in user. These notifications may not be discoverable or be held or governed by compliance policies. | Allows the app to create new notifications in users' teamwork activity feeds on behalf of the signed in user. These notifications may not be discoverable or be held or governed by compliance policies. +| Description | Allows the app to create new notifications in users' teamwork activity feeds without a signed-in user. These notifications may not be discoverable or be held or governed by compliance policies. | Allows the app to create new notifications in users' teamwork activity feeds on behalf of the signed-in user. These notifications may not be discoverable or be held or governed by compliance policies. | AdminConsentRequired | Yes | No --- @@ -5120,7 +5120,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | bf3fbf03-f35f-4e93-963e-47e4d874c37a | DisplayText | - | Read installed Teams apps in chats -| Description | - | Allows the app to read the Teams apps that are installed in chats the signed-in user can access. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read the Teams apps that are installed in chats the signed-in user can access. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | No --- @@ -5131,7 +5131,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | cc7e7635-2586-41d6-adaa-a8d3bcad5ee5 | - | DisplayText | Read installed Teams apps for all chats | - -| Description | Allows the app to read the Teams apps that are installed in any chat, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read the Teams apps that are installed in any chat, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5142,7 +5142,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 5248dcb1-f83b-4ec3-9f4d-a4428a961a72 | DisplayText | - | Read installed Teams apps in teams -| Description | - | Allows the app to read the Teams apps that are installed in teams the signed-in user can access. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read the Teams apps that are installed in teams the signed-in user can access. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | Yes --- @@ -5153,7 +5153,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 1f615aea-6bf9-4b05-84bd-46388e138537 | - | DisplayText | Read installed Teams apps for all teams | - -| Description | Allows the app to read the Teams apps that are installed in any team, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read the Teams apps that are installed in any team, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5164,7 +5164,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | c395395c-ff9a-4dba-bc1f-8372ba9dca84 | DisplayText | - | Read user's installed Teams apps -| Description | - | Allows the app to read the Teams apps that are installed for the signed-in user. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read the Teams apps that are installed for the signed-in user. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | No --- @@ -5175,7 +5175,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 9ce09611-f4f7-4abd-a629-a05450422a97 | - | DisplayText | Read installed Teams apps for all users | - -| Description | Allows the app to read the Teams apps that are installed for any user, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read the Teams apps that are installed for any user, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5229,7 +5229,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | 2da62c49-dfbd-40df-ba16-fef3529d391c -| DisplayText | - | Manage installation and permission grants of Teams apps in users' personal scope +| DisplayText | - | Manage installation and permission grants of Teams apps in users' personal scope. | Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in user accounts, on behalf of the signed-in user. Gives the ability to manage permission grants for accessing those specific users' data. | AdminConsentRequired | - | Yes @@ -5240,7 +5240,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 32ca478f-f89e-41d0-aaf8-101deb7da510 | - -| DisplayText | Manage installation and permission grants of Teams apps in a user account | - +| DisplayText | Manage installation and permission grants of Teams apps in a user account. | - | Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any user account, without a signed-in user. Gives the ability to manage permission grants for accessing those specific users' data. | - | AdminConsentRequired | Yes | - @@ -5318,7 +5318,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | aa85bf13-d771-4d5d-a9e6-bca04ce44edf | DisplayText | - | Manage installed Teams apps in chats -| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in chats the signed-in user can access. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | Yes --- @@ -5329,7 +5329,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 9e19bae1-2623-4c4f-ab6e-2664615ff9a0 | - | DisplayText | Manage Teams apps for all chats | - -| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any chat, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5340,7 +5340,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 2e25a044-2580-450d-8859-42eeb6e996c0 | DisplayText | - | Manage installed Teams apps in teams -| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps in teams the signed-in user can access. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | Yes --- @@ -5351,7 +5351,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 5dad17ba-f6cc-4954-a5a2-a0dcc95154f0 | - | DisplayText | Manage Teams apps for all teams | - -| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps in any team, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5362,7 +5362,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 093f8818-d05f-49b8-95bc-9d2a73e9a43c | DisplayText | - | Manage user's installed Teams apps -| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps installed for the signed-in user. Does not give the ability to read application-specific settings. +| Description | - | Allows the app to read, install, upgrade, and uninstall Teams apps installed for the signed-in user. It doesn't give the ability to read application-specific settings. | AdminConsentRequired | - | Yes --- @@ -5373,7 +5373,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 74ef0291-ca83-4d02-8c7e-d2391e6a444f | - | DisplayText | Manage Teams apps for all users | - -| Description | Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. Does not give the ability to read application-specific settings. | - +| Description | Allows the app to read, install, upgrade, and uninstall Teams apps for any user, without a signed-in user. It doesn't give the ability to read application-specific settings. | - | AdminConsentRequired | Yes | - --- @@ -5472,7 +5472,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 49981c42-fd7b-4530-be03-e77b21aed25e | a9ff19c2-f369-4a95-9a25-ba9d460efc8e | DisplayText | Create tabs in Microsoft Teams. | Create tabs in Microsoft Teams. -| Description | Allows the app to create tabs in any team in Microsoft Teams, without a signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. +| Description | Allows the app to create tabs in any team in Microsoft Teams, without a signed-in user. It doesn't grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | Allows the app to create tabs in any team in Microsoft Teams, on behalf of the signed-in user. It doesn't grant the ability to read, modify or delete tabs after they are created, or give access to the content inside the tabs. | AdminConsentRequired | Yes | Yes --- @@ -5483,7 +5483,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 46890524-499a-4bb2-ad64-1476b4f3e1cf | 59dacb05-e88d-4c13-a684-59f1afc8cc98 | DisplayText | Read tabs in Microsoft Teams. | Read tabs in Microsoft Teams. -| Description | Read the names and settings of tabs inside any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Read the names and settings of tabs inside any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs. +| Description | Read the names and settings of tabs inside any team in Microsoft Teams, without a signed-in user. It doesn't give access to the content inside the tabs. | Read the names and settings of tabs inside any team in Microsoft Teams, on behalf of the signed-in user. It doesn't give access to the content inside the tabs. | AdminConsentRequired | Yes | Yes --- @@ -5494,7 +5494,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | a96d855f-016b-47d7-b51c-1218a98d791c | b98bfd41-87c6-45cc-b104-e2de4f0dafb9 | DisplayText | Read and write tabs in Microsoft Teams. | Read and write tabs in Microsoft Teams. -| Description | Read and write tabs in any team in Microsoft Teams, without a signed-in user. This does not give access to the content inside the tabs. | Read and write tabs in any team in Microsoft Teams, on behalf of the signed-in user. This does not give access to the content inside the tabs. +| Description | Read and write tabs in any team in Microsoft Teams, without a signed-in user. It doesn't give access to the content inside the tabs. | Read and write tabs in any team in Microsoft Teams, on behalf of the signed-in user. It doesn't give access to the content inside the tabs. | AdminConsentRequired | Yes | Yes --- @@ -5835,7 +5835,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 21792b6c-c986-4ffc-85de-df9da54b52fa | 91e7d36d-022a-490f-a748-f8e011357b42 | DisplayText | Manage threat indicators this app creates or owns | Manage threat indicators this app creates or owns -| Description | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user.  It cannot update any threat indicators it does not own. | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), on behalf of the signed-in user.  It cannot update any threat indicators it does not own. +| Description | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), without a signed-in user.  It cannot update any threat indicators it doesn't own. | Allows the app to create threat indicators, and fully manage those threat indicators (read, update and delete), on behalf of the signed-in user.  It cannot update any threat indicators it doesn't own. | AdminConsentRequired | Yes | Yes --- @@ -5846,7 +5846,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | e0b77adb-e790-44a3-b0a0-257d06303687 | f266d9c0-ccb9-4fb8-a228-01ac0d8d6627 | DisplayText | Read all Threat Intelligence Information | Read all threat intelligence information -| Description | Allows the app to read threat intellgence information, such as indicators, observations, and and articles, without a signed in user. | Allows the app to read threat intelligence information, such as indicators, observations, and articles, on behalf of the signed-in user. +| Description | Allows the app to read threat intelligence information, such as indicators, observations, and articles, without a signed-in user. | Allows the app to read threat intelligence information, such as indicators, observations, and articles, on behalf of the signed-in user. | AdminConsentRequired | Yes | Yes --- @@ -5901,7 +5901,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 926a6798-b100-4a20-a22f-a4918f13951d | 059e5840-5353-4c68-b1da-666a033fc5e8 | DisplayText | Read and write all of the organization's threat submission policies | Read and write all threat submission policies -| Description | Allows the app to read your organization's threat submission policies without a signed-in user. Also allows the app to create new threat submission polices without a signed-in user. | Allows the app to read your organization's threat submission policies on behalf of the signed-in user. Also allows the app to create new threat submission policies on behalf of the signed-in user. +| Description | Allows the app to read your organization's threat submission policies without a signed-in user. Also allows the app to create new threat submission policies without a signed-in user. | Allows the app to read your organization's threat submission policies on behalf of the signed-in user. Also allows the app to create new threat submission policies on behalf of the signed-in user. | AdminConsentRequired | Yes | Yes --- @@ -6055,7 +6055,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 1f6b61c5-2f65-4135-9c9f-31c0f8d32b52 | DisplayText | - | Read user authentication methods. -| Description | - | Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. +| Description | - | Allows the app to read the signed-in user's authentication methods, including phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. | AdminConsentRequired | - | Yes --- @@ -6066,7 +6066,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 38d9df27-64da-44fd-b7c5-a6fbac20248f | aec28ec7-4d02-4e8c-b864-50163aea77eb | DisplayText | Read all users' authentication methods | Read all users' authentication methods -| Description | Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. | Allows the app to read authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. +| Description | Allows the app to read authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like passwords, or sign in or otherwise use the authentication methods. | Allows the app to read authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. | AdminConsentRequired | Yes | Yes --- @@ -6077,7 +6077,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | - | 48971fc1-70d7-4245-af77-0beb29b53ee2 | DisplayText | - | Read and write user authentication methods -| Description | - | Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. This does not allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. +| Description | - | Allows the app to read and write the signed-in user's authentication methods, including phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like the signed-in user's passwords, or to sign-in or otherwise use the signed-in user's authentication methods. | AdminConsentRequired | - | Yes --- @@ -6088,7 +6088,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 |--|--|--| | Identifier | 50483e42-d915-4231-9639-7fdb7fd190e5 | b7887744-6746-4312-813d-72daeaee7e2d | DisplayText | Read and write all users' authentication methods | Read and write all users' authentication methods. -| Description | Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods | Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. This does not allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. +| Description | Allows the application to read and write authentication methods of all users in your organization, without a signed-in user. Authentication methods include things like a user's phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods | Allows the app to read and write authentication methods of all users in your organization that the signed-in user has access to. Authentication methods include things like a user's phone numbers and Authenticator app settings. It doesn't allow the app to see secret information like passwords, or to sign-in or otherwise use the authentication methods. | AdminConsentRequired | Yes | Yes --- @@ -6230,8 +6230,8 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | - | 6b616635-ae58-433a-a918-8c45e4f304dc -| DisplayText | - | Read your virtual events -| Description | - | Allows the app to read virtual events created by the you +| DisplayText | - | Read your virtual events. +| Description | - | Allows the app to read virtual events created by you. | AdminConsentRequired | - | Yes --- @@ -6241,7 +6241,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Category | Application | Delegated | |--|--|--| | Identifier | 1dccb351-c4e4-4e09-a8d1-7a9ecbf027cc | - -| DisplayText | Read all users' virtual events | - +| DisplayText | Read all users' virtual events.| - | Description | Allows the app to read all virtual events without a signed-in user. | - | AdminConsentRequired | Yes | - @@ -6296,7 +6296,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Channel.Delete.Group | 4432e57d-0983-4c17-881c-235c529f96dc | Delete this team's channels | Allows the app to delete this team's channels, without a signed-in user. | ChannelMeeting.ReadBasic.Group | 6c13459c-facc-4b0a-93cb-63f0dff28046 | Read basic properties of the channel meetings in this team | Allows the app to read basic properties, such as name, schedule, organizer, join link, and start or end notifications, of channel meetings in this team, without a signed-in user. | ChannelMeetingNotification.Send.Group | bbb12bdb-71e6-4602-9f5e-b1172c505746 | Send notifications in all the channel meetings associated with this team | Allows the app to send notifications inside all the channel meetings associated with this team, without a signed-in user. -| ChannelMeetingParticipant.Read.Group | bd118236-e8f5-4bec-a62d-89a623717e05 | Read the participants of this team's channel meetings | Allows the app to read participant information, including name, role, id, joined and left times, of channel meetings associated with this team, without a signed-in user. +| ChannelMeetingParticipant.Read.Group | bd118236-e8f5-4bec-a62d-89a623717e05 | Read the participants of this team's channel meetings | Allows the app to read participant information, including name, role, ID, joined and left times, of channel meetings associated with this team, without a signed-in user. | ChannelMeetingRecording.Read.Group | 30a40618-9b50-4764-b62e-b04023a8f5f3 | Read the recordings of all channel meetings associated with this team | Allows the app to read recordings of all the channel meetings associated with this team, without a signed-in user. | ChannelMeetingTranscript.Read.Group | 37e59e88-1a46-482b-b623-0a4aa6abdf67 | Read the transcripts of all channel meetings associated with this team | Allows the app to read transcripts of all the channel meetings associated with this team, without a signed-in user. | ChannelMessage.Read.Group | 19103a54-c397-4bcd-be5a-ef111e0406fa | Read this team's channel messages | Allows the app to read this team's channel's messages, without a signed-in user. @@ -6310,7 +6310,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000 | Member.Read.Group | 0a8ce3c7-89dd-46cf-b2c3-5ef0064437a8 | Read this group's members | Allows the app to read the basic profile of this group's members, without a signed-in user. | OnlineMeeting.ReadBasic.Chat | eda8d262-4e6e-4ff6-a7ba-a2fb50535165 | Read basic properties of meetings associated with this chat | Allows the app to read basic properties, such as name, schedule, organizer, join link, and start or end notifications, of meetings associated with this chat, without a signed-in user. | OnlineMeetingNotification.Send.Chat | d9837fe0-9c31-4faa-8acb-b10874560161 | Send notifications in the meetings associated with this chat | Allows the app to send notifications inside meetings associated with this chat, without a signed-in user. -| OnlineMeetingParticipant.Read.Chat | 6324a770-185c-4b4f-be13-2d9a1668e6eb | Read the participants of the meetings associated with this chat | Allows the app to read participant information, including name, role, id, joined and left times, of meetings associated with this chat, without a signed-in user. +| OnlineMeetingParticipant.Read.Chat | 6324a770-185c-4b4f-be13-2d9a1668e6eb | Read the participants of the meetings associated with this chat | Allows the app to read participant information, including name, role, ID, joined and left times, of meetings associated with this chat, without a signed-in user. | OnlineMeetingRecording.Read.Chat | d20f0153-08ff-48a9-b299-96a8d1131d1d | Read the recordings of the meetings associated with this chat  | Allows the app to read recordings of the meetings associated with this chat, without a signed-in user. | OnlineMeetingTranscript.Read.Chat | 8c477e19-f0f7-45f9-ae72-604f77a599e3 | Read the transcripts of the meetings associated with this chat | Allows the app to read transcripts of the meetings associated with this chat, without a signed-in user.  | Owner.Read.Group | 70d5316c-9b27-4057-a650-3b0fe49002ab | Read this group's owners | Allows the app to read the basic profile of this group's owners, without a signed-in user. From 3bd11d7d91ec1c8e0e3f05440c6ac07bc1fe722e Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 19:15:30 +0300 Subject: [PATCH 145/156] Local Acrolinx vs PR Acrolix are showing different results --- ...grate-azure-ad-graph-feature-differences.md | 18 +++++++++--------- ...igrate-azure-ad-graph-method-differences.md | 2 +- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/concepts/migrate-azure-ad-graph-feature-differences.md b/concepts/migrate-azure-ad-graph-feature-differences.md index dc0809e4525..bdd1da6df07 100644 --- a/concepts/migrate-azure-ad-graph-feature-differences.md +++ b/concepts/migrate-azure-ad-graph-feature-differences.md @@ -14,7 +14,7 @@ ms.date: 11/11/2022 This article is part of *step 1: review API differences* of the [process to migrate apps](migrate-azure-ad-graph-planning-checklist.md). -Many features in Microsoft Graph work similarly to their Azure Active Directory (Azure AD) Graph counterparts. However, a few have been changed or improved. Here, you'll learn how to adapt your apps to take advantage of these differences. Frequently, the changes are minor, but well worth the effort. +Many features in Microsoft Graph work similarly to their Azure Active Directory (Azure AD) Graph counterparts. However, a few have changed or improved. Here, you learn how to adapt your apps to take advantage of these differences. Frequently, the changes are minor, but well worth the effort. This article explores how Microsoft Graph handles: @@ -33,15 +33,15 @@ If your app uses Azure AD Graph directory extensions, you can continue to use th - Update extension values using PATCH - Remove extension values using PATCH (set to **null**) -Microsoft Graph provides an enhanced schema extensions developer experience, which today is not backwards compatible with Azure AD Graph directory extensions. To learn more, see [Choose an extension type for your application](extensibility-overview.md#comparison-of-extension-types). +Microsoft Graph provides an enhanced schema extensions developer experience, which today isn't backwards compatible with Azure AD Graph directory extensions. To learn more, see [Choose an extension type for your application](extensibility-overview.md#comparison-of-extension-types). ### Recommended migration approach If your Azure AD Graph app uses directory extensions, take an incremental approach to migrate the app to Microsoft Graph. -First, switch your app to using Microsoft Graph API calls, but let the app continue to leverage Azure AD Graph directory extensions. +First, switch your app to using Microsoft Graph API calls, but let the app continue to use Azure AD Graph directory extensions. -Then, you can switch to using Microsoft Graph schema extensions. In some cases, switching will not be appropriate. Do not switch if: +Then, you can switch to using Microsoft Graph schema extensions. In some cases, switching isn't appropriate. Don't switch if: - Your app uses directory extensions created through AD Connect - Your app sets directory extension values that are used in token claims by other apps @@ -49,17 +49,17 @@ Then, you can switch to using Microsoft Graph schema extensions. In some cases, >**NOTE**: Using Microsoft Graph schema extension properties as claims in a token using optional claims or in a dynamic membership rule is not yet supported. -To switch to the newer Microsoft Graph schema extension model, you'll need to: +To switch to the newer Microsoft Graph schema extension model, you need to: - Define new schema extension definitions using Microsoft Graph. - Update the app to support the new schema extension definitions. -- Migrate the data from the Microsoft Entra ID schema extension properties to the new Microsoft Graph schema extension properties. Automatic migration of data is not supported. +- Migrate the data from the Microsoft Entra ID schema extension properties to the new Microsoft Graph schema extension properties. Automatic migration of data isn't supported. ## Differential queries Azure AD Graph and Microsoft Graph let you track changes using queries. The high-level approach is similar between the two APIs, but the syntax is different. -Azure AD Graph calls these differential queries. In Microsoft Graph, they're [delta queries](./delta-query-overview.md). +Azure AD Graph calls these differential queries while Microsoft Graph calls them [delta queries](./delta-query-overview.md). The following table highlights key similarities and differences: @@ -71,13 +71,13 @@ The following table highlights key similarities and differences: | _Track changes for directoryObjects_ | Gets changes for multiple resource (user and group) in the same operation:  
    `GET /directoryObject?$filter=isof('User') or isof('Group')&deltaLink=` | Uses separate queries with Microsoft Graph, one for each resource. | | _Get resource and relationship changes_ | All requests return resource and relationship changes, if the resource has relationships. | `GET /groups/delta?$expand=members` | | _Response indicating new and changed items_ |

    • Represents newly created instances using their standard representation.

    • Updated instances are represented by their id with *at least* the properties that have been updated. Other properties may be included.

    • Relationships are represented as the `directoryLinkChange` type.

    |

    • Represents newly created instances using their standard representation.

    • Updated instances are represented by their id with *at least* the properties that have been updated. Other properties may be included.

    • Relationships are represented as annotations on the standard resource representation. These annotations use the format `propertyName@delta`, for example `members@delta` for a group's membership changes.

    | -| _Response indicating deleted items_| Indicates a deleted item with an additional property of *aad.isDeleted* set to true. | Indicates a deleted item with the \@removed annotation. It may also contain a reason code, which indicates if the item is deleted, but can be restored, or is permanently deleted. | +| _Response indicating deleted items_| Indicates a deleted item with an additional property of *aad.isDeleted* set to true. | Indicates a deleted item with the \@removed annotation. It might also contain a reason code, which indicates if the item is deleted, but can be restored, or is permanently deleted. | If your app is already storing state data, consider using the "sync from now" shown earlier to help manage the transition to delta queries. ## Batching -Azure AD Graph used a system called multi-part MIME messages to manage batching. Microsoft Graph uses [JSON batching](json-batching.md) to permit up to 20 requests in a single batch operation. The JSON batching mechanism is significantly simpler to use, especially together with JSON parsing libraries. It also allows for sequencing batch operations. However, it is not backwards compatible with the Azure AD Graph batching approach. +Azure AD Graph used a system called multi-part MIME messages to manage batching. Microsoft Graph uses [JSON batching](json-batching.md) to permit up to 20 requests in a single batch operation. The JSON batching mechanism is simpler to use, especially together with JSON parsing libraries. It also allows for sequencing batch operations. However, it isn't backwards compatible with the Azure AD Graph batching approach. ## Next Steps diff --git a/concepts/migrate-azure-ad-graph-method-differences.md b/concepts/migrate-azure-ad-graph-method-differences.md index 2b2ec8058d4..bd33dc7d248 100644 --- a/concepts/migrate-azure-ad-graph-method-differences.md +++ b/concepts/migrate-azure-ad-graph-method-differences.md @@ -14,7 +14,7 @@ ms.date: 11/11/2022 This article is part of *step 1: review API differences* of the [process to migrate apps](migrate-azure-ad-graph-planning-checklist.md). -A handful of Azure Active Directory (Azure AD) Graph methods have also changed. If a method is **not** shown in this list, it is already available in the [v1.0 version](/graph/api/overview) of Microsoft Graph, with exactly the same name as in Azure AD Graph. +A handful of Azure Active Directory (Azure AD) Graph methods have changed. If a method is **not** shown in this list, it's already available in the [v1.0 version](/graph/api/overview) of Microsoft Graph, with exactly the same name as in Azure AD Graph. |Azure AD Graph
    (v1.6) method |Microsoft Graph
    (resource/method)|Comments| |---|---|---| From 849642b693d563833d4283ae6878932dbc9fc699 Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 19:26:45 +0300 Subject: [PATCH 146/156] Acrolinx pass 2 --- ...ate-azure-ad-graph-property-differences.md | 24 +++++++++---------- 1 file changed, 12 insertions(+), 12 deletions(-) diff --git a/concepts/migrate-azure-ad-graph-property-differences.md b/concepts/migrate-azure-ad-graph-property-differences.md index e84028e3d0c..056f7258e3e 100644 --- a/concepts/migrate-azure-ad-graph-property-differences.md +++ b/concepts/migrate-azure-ad-graph-property-differences.md @@ -26,7 +26,7 @@ Because the [user](#user-property-differences) and [group](#group-property-diffe ## User property differences -The Azure AD Graph **User** resource inherits from **DirectoryObject**; it has been renamed to **user** in Microsoft Graph and inherits from **directoryObject**. +The Azure AD Graph **User** resource inherits from **DirectoryObject**; it's been renamed to **user** in Microsoft Graph and inherits from **directoryObject**. The Microsoft Graph v1.0 endpoint returns a limited set of user properties by default, while Azure AD Graph returns all properties. To read other properties that aren't returned by default, specify them in a `$select` query. For more information, see the [user resource type](/graph/api/resources/user). @@ -54,7 +54,7 @@ The following table lists the more property differences. ## Group property differences -The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it has been renamed to **group** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's been renamed to **group** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -64,7 +64,7 @@ The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it has ## Application property differences -The Azure AD Graph **Application** resource inherits from **DirectoryObject**; it has been renamed to **application** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Application** resource inherits from **DirectoryObject**; it's been renamed to **application** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: | Azure AD Graph
    (v1.6) property | Microsoft Graph
    property | Comments | @@ -90,7 +90,7 @@ The Azure AD Graph **Application** resource inherits from **DirectoryObject**; i ## AppRoleAssignment differences -The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; it has been renamed to **appRoleAssignment** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; it's been renamed to **appRoleAssignment** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -100,7 +100,7 @@ The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObjec ## Contact property differences -The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it has been renamed to **orgContact** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's been renamed to **orgContact** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -119,7 +119,7 @@ The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it ha ## Contract property differences -The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it has been renamed to **contract** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's been renamed to **contract** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -128,7 +128,7 @@ The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it h ## Device property differences -The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it has been renamed to **device** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it's been renamed to **device** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -155,7 +155,7 @@ The Azure AD Graph **DirectoryObject** resource has been renamed to **directoryO ## DirectoryObjectReference property differences -The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; it has been renamed to **directoryObjectPartnerReference** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; it's been renamed to **directoryObjectPartnerReference** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -186,7 +186,7 @@ In Microsoft Graph, there are named policy types (such as **tokenIssuancePolicy* ## ServiceEndpoint property differences -The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; it has been renamed to **endpoint** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; it's been renamed to **endpoint** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -196,7 +196,7 @@ The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject* ## ServicePrincipal property differences -The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; it has been renamed to **servicePrincipal** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; it's been renamed to **servicePrincipal** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -209,7 +209,7 @@ The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject ## TenantDetails property differences -The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; it has been renamed to **organization** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; it's been renamed to **organization** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -228,7 +228,7 @@ The Azure AD Graph **CertificateAuthorityInformation** has been renamed to **cer |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| -| **authorityType** | beta - **isRootAuthority**
    v1.0  - **isRootAuthority** | This property's type has also changed into a Boolean. Previously this property had to be set to either "RootAuthority" or "IntermediateAuthority". Setting the new property to **true** is equivalent to "RootAuthority". | +| **authorityType** | beta - **isRootAuthority**
    v1.0  - **isRootAuthority** | This property's is now a Boolean. Previously this property had to be set to either "RootAuthority" or "IntermediateAuthority". Setting the new property to **true** is equivalent to "RootAuthority". | | **crlDistributionPoint** | beta - **certificateRevocationListUrl**
    v1.0 - **certificateRevocationListUrl** | | | **deltaCrlDistributionPoint** | beta - **deltaCertificateRevocationListUrl**
    v1.0 - **deltaCertificateRevocationListUrl** | | | **trustedCertificate** | beta - **certificate**
    v1.0 - **deltaCertificateRevocationListUrl** | | From 9d94cc97e88797526adaa41f4703221b29d5b7e0 Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 19:35:27 +0300 Subject: [PATCH 147/156] API Doctor try 4 --- ...ate-azure-ad-graph-property-differences.md | 28 +++++++++---------- 1 file changed, 14 insertions(+), 14 deletions(-) diff --git a/concepts/migrate-azure-ad-graph-property-differences.md b/concepts/migrate-azure-ad-graph-property-differences.md index 056f7258e3e..b873310add1 100644 --- a/concepts/migrate-azure-ad-graph-property-differences.md +++ b/concepts/migrate-azure-ad-graph-property-differences.md @@ -26,7 +26,7 @@ Because the [user](#user-property-differences) and [group](#group-property-diffe ## User property differences -The Azure AD Graph **User** resource inherits from **DirectoryObject**; it's been renamed to **user** in Microsoft Graph and inherits from **directoryObject**. +The Azure AD Graph **User** resource inherits from **DirectoryObject**; it's named **user** in Microsoft Graph and inherits from **directoryObject**. The Microsoft Graph v1.0 endpoint returns a limited set of user properties by default, while Azure AD Graph returns all properties. To read other properties that aren't returned by default, specify them in a `$select` query. For more information, see the [user resource type](/graph/api/resources/user). @@ -48,13 +48,13 @@ The following table lists the more property differences. | **signinNames** | beta  -  **identities/signInType**
    v1.0  -  **identities/signInType** | This property is now part of the [objectIdentity](/graph/api/resources/objectIdentity) resource.| | **telephoneNumber** | beta  -  **businessPhones**
    v1.0  -  **businessPhones** | | | **thumbnailPhoto** | beta  -  **photo**, photos
    v1.0  -  **photo**, photos | The Microsoft Entra thumbnail photo isn't available through Microsoft Graph. Use the [photo API](/graph/api/resources/profilephoto) instead. | -| **userIdentities** | beta  -  **identities**
    v1.0  -  **identities** | See [objectIdentity](/graph/api/resources/objectIdentity) resource type for more details.| +| **userIdentities** | beta  -  **identities**
    v1.0  -  **identities** | For more information, see [objectIdentity](/graph/api/resources/objectIdentity) resource type.| | **userState** | beta  -  **externalUserState**
    v1.0  -  **externalUserState** | | | **userStateChangedOn** | beta - **externalUserStateChangeDateTime**
    v1.0 - **externalUserStateChangeDateTime** | | ## Group property differences -The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's been renamed to **group** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's named **group** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -64,7 +64,7 @@ The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's be ## Application property differences -The Azure AD Graph **Application** resource inherits from **DirectoryObject**; it's been renamed to **application** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Application** resource inherits from **DirectoryObject**; it's named **application** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: | Azure AD Graph
    (v1.6) property | Microsoft Graph
    property | Comments | @@ -74,14 +74,14 @@ The Azure AD Graph **Application** resource inherits from **DirectoryObject**; i | **errorUrl** | beta  - _not available_
    v1.0  -  _not available_ | This property is deprecated. | | **homepage** | beta  - **web/homePageUrl**
    v1.0  -  **web/homePageUrl** | homepage is now part of the new web resource. | | **informationalUrls** | beta  - **info**
    v1.0  -  **info** | | -| **knownClientApplications** | beta - **api/knownClientApplications**
    v1.0  - **api/knownClientApplications** | knownClientApplications are now part of the new api resource. | +| **knownClientApplications** | beta - **api/knownClientApplications**
    v1.0  - **api/knownClientApplications** | knownClientApplications are now part of the new [apiApplication](/graph/api/resources/apiapplication) resource. | | **logoutUrl** | beta  - **web/logoutUrl**
    v1.0  -  **web/logoutUrl** | logoutUrl is now part of the web resource. | | **logoUrl** | beta  - **info/logoUrl**
    v1.0  -  **info/logoUrl** | logoUrl is now part of the new info resource. | | **mainLogo** | beta  - **logo**
    v1.0  -  **logo** | | | **oauth2AllowIdTokenImplicitFlow** | beta - **web/implicitGrantSettings/enableIdTokenIssuance**
    v1.0  - **web/implicitGrantSettings/enableIdTokenIssuance** | Renamed, and now part of the new implicitGrantSettings resource. | | **oauth2AllowImplicitFlow** | beta - **web/implicitGrantSettings/enableAccessTokenIssuance**
    v1.0  - **web/implicitGrantSettings/enableAccessTokenIssuance** | Renamed, and now part of the new implicitGrantSettings resource. | | **oauth2AllowUrlPathMatching** | beta  - _not available_
    v1.0  -  _not available_ | This property is deprecated. | -| **oauth2Permissions** | beta - **api/oauth2PermissionScopes**
    v1.0  - **api/oauth2PermissionScopes** | Renamed and now part of the new api resource. | +| **oauth2Permissions** | beta - **api/oauth2PermissionScopes**
    v1.0  - **api/oauth2PermissionScopes** | Renamed and now part of the new [apiApplication](/graph/api/resources/apiapplication) resource. | | **publicClient** | beta  -  **isFallbackPublicClient**
    v1.0  -  **isFallbackPublicClient** | This property now has a new meaning  -  it contains the public client settings like redirectUris. Determining whether the app is a public or confidential client or not is now done automatically, with the isFallbackPublicClient property handling the one special case that can't be determined automatically. | | **recordConsentConditions** | beta  - _not available_
    v1.0  -  _not available_ | This property is deprecated. | | **replyUrls** | beta - **web/redirectUris**, **publicClient/redirectUris**
    v1.0  - **web/redirectUris**, **publicClient/redirectUris** | And being renamed, redirectUris is now part of the new web and publicClient resources. This allows developers to use specific URIs for their web and public clients (such as an installed application on a desktop device). | @@ -90,7 +90,7 @@ The Azure AD Graph **Application** resource inherits from **DirectoryObject**; i ## AppRoleAssignment differences -The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; it's been renamed to **appRoleAssignment** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; it's named **appRoleAssignment** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -100,7 +100,7 @@ The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObjec ## Contact property differences -The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's been renamed to **orgContact** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's named **orgContact** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -119,7 +119,7 @@ The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's ## Contract property differences -The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's been renamed to **contract** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's named **contract** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -128,7 +128,7 @@ The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's ## Device property differences -The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it's been renamed to **device** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it's named **device** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -155,7 +155,7 @@ The Azure AD Graph **DirectoryObject** resource has been renamed to **directoryO ## DirectoryObjectReference property differences -The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; it's been renamed to **directoryObjectPartnerReference** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; it's named **directoryObjectPartnerReference** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -186,7 +186,7 @@ In Microsoft Graph, there are named policy types (such as **tokenIssuancePolicy* ## ServiceEndpoint property differences -The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; it's been renamed to **endpoint** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; it's named **endpoint** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -196,7 +196,7 @@ The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject* ## ServicePrincipal property differences -The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; it's been renamed to **servicePrincipal** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; it's named **servicePrincipal** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -209,7 +209,7 @@ The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject ## TenantDetails property differences -The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; it's been renamed to **organization** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; it's named **organization** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| From ee635323ed30ac420c4ce03e651fcc31233cd1cc Mon Sep 17 00:00:00 2001 From: Faith Moraa Ombongi Date: Thu, 21 Dec 2023 19:50:45 +0300 Subject: [PATCH 148/156] Acrolinx pass 6 --- ...ate-azure-ad-graph-property-differences.md | 38 +++++++++---------- 1 file changed, 19 insertions(+), 19 deletions(-) diff --git a/concepts/migrate-azure-ad-graph-property-differences.md b/concepts/migrate-azure-ad-graph-property-differences.md index b873310add1..0e1de79574d 100644 --- a/concepts/migrate-azure-ad-graph-property-differences.md +++ b/concepts/migrate-azure-ad-graph-property-differences.md @@ -26,7 +26,7 @@ Because the [user](#user-property-differences) and [group](#group-property-diffe ## User property differences -The Azure AD Graph **User** resource inherits from **DirectoryObject**; it's named **user** in Microsoft Graph and inherits from **directoryObject**. +The Azure AD Graph **User** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **user** and inherits from **directoryObject**. The Microsoft Graph v1.0 endpoint returns a limited set of user properties by default, while Azure AD Graph returns all properties. To read other properties that aren't returned by default, specify them in a `$select` query. For more information, see the [user resource type](/graph/api/resources/user). @@ -54,7 +54,7 @@ The following table lists the more property differences. ## Group property differences -The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's named **group** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Group** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **group** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -64,7 +64,7 @@ The Azure AD Graph **Group** resource inherits from **DirectoryObject**; it's na ## Application property differences -The Azure AD Graph **Application** resource inherits from **DirectoryObject**; it's named **application** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Application** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **application** and inherits from **directoryObject**. The properties differ as follows: | Azure AD Graph
    (v1.6) property | Microsoft Graph
    property | Comments | @@ -90,7 +90,7 @@ The Azure AD Graph **Application** resource inherits from **DirectoryObject**; i ## AppRoleAssignment differences -The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; it's named **appRoleAssignment** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **appRoleAssignment** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -100,7 +100,7 @@ The Azure AD Graph **AppRoleAssignment** resource inherits from **DirectoryObjec ## Contact property differences -The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's named **orgContact** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; iIn Microsoft Graph, it's **orgContact** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -110,7 +110,7 @@ The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's | **facsimileTelephoneNumber** | beta - **phones/businessFax**
    v1.0  - **phones/businessFax** | Now part of the **phones** collection that supports various phone types. | | **physicalDeliveryOfficeName** | beta  - **officeLocation**
    v1.0  -  **officeLocation** | | | **postalCode** | beta - **addresses/postalCode**
    v1.0  - **addresses/postalCode** | The **postalCode** property is part of the **addresses** resource collection. | -| **provisioningErrors** | beta  -  not available
    v1.0  -  not available | This property and its information are deprecated. However, a new property describing any AD Connect related provisioning errors can be found in **onPremisesProvisioningErrors**. Currently this is only available in `beta`. | +| **provisioningErrors** | beta  -  not available
    v1.0  -  not available | This property and its information are deprecated. However, a new property describing any AD Connect related provisioning errors can be found in **onPremisesProvisioningErrors**.| | **sipProxyAddress** | beta  - **imAddresses**
    v1.0  - **imAddresses** | | | **state** | beta  - **addresses/state**
    v1.0  -  **addresses/state** | The **state** property is part of the **addresses** resource collection. | | **streetAddress** | beta  - **addresses/street**
    v1.0  - **addresses/street** | The **street** property is part of the **addresses** resource collection. | @@ -119,7 +119,7 @@ The Azure AD Graph **Contact** resource inherits from **DirectoryObject**; it's ## Contract property differences -The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's named **contract** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **contract** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -128,7 +128,7 @@ The Azure AD Graph **Contract** resource inherits from **DirectoryObject**; it's ## Device property differences -The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it's named **device** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **Device** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **device** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| @@ -145,7 +145,7 @@ The Azure AD Graph **Device** resource inherits from **DirectoryObject**; it's n ## DirectoryObject property differences -The Azure AD Graph **DirectoryObject** resource has been renamed to **directoryObject** in Microsoft Graph. The changes to its properties are seen in other resources that inherit from **DirectoryObject**. Here are the property differences: +The Azure AD Graph **DirectoryObject** resource is **directoryObject** in Microsoft Graph. The changes to its properties are seen in other resources that inherit from **DirectoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -155,7 +155,7 @@ The Azure AD Graph **DirectoryObject** resource has been renamed to **directoryO ## DirectoryObjectReference property differences -The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; it's named **directoryObjectPartnerReference** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **DirectoryObjectReference** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **directoryObjectPartnerReference** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -163,17 +163,17 @@ The Azure AD Graph **DirectoryObjectReference** resource inherits from **Directo ## Domain property differences -The Azure AD Graph **Domain** resource has been renamed to **domain** in Microsoft Graph. Here are the property differences: +The Azure AD Graph **Domain** resource is **domain** in Microsoft Graph. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| | **name** | beta - **id**
    v1.0  -  **id** | In Microsoft Graph, the unique identifier (ID) contains the domain name; the `name` property doesn't exist. | -| **forceDeleteState** | beta - **state**
    v1.0  -  **state** | In Azure AD Graph, there are separate forceDelete and domain state properties. In Microsoft Graph, all domain states are handled by the state property. | +| **forceDeleteState** | beta - **state**
    v1.0  -  **state** | In Azure AD Graph, there are separate forceDelete and domain state properties. In Microsoft Graph, the **state** property handles all domain states. | | **isDefaultForCloudRedirections** | beta - _Not yet available_ 
    v1.0  -  _Not yet available_ | | ## OAuth2PermissionsGrant property differences -The Azure AD Graph **OAuth2PermissionsGrant** resource has been renamed to **oAuth2PermissionsGrant** in Microsoft Graph. Here are the property differences: +The Azure AD Graph **OAuth2PermissionsGrant** resource is **oAuth2PermissionsGrant** in Microsoft Graph. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -186,7 +186,7 @@ In Microsoft Graph, there are named policy types (such as **tokenIssuancePolicy* ## ServiceEndpoint property differences -The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; it's named **endpoint** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **endpoint** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -196,7 +196,7 @@ The Azure AD Graph **ServiceEndpoint** resource inherits from **DirectoryObject* ## ServicePrincipal property differences -The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; it's named **servicePrincipal** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **servicePrincipal** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -209,7 +209,7 @@ The Azure AD Graph **ServicePrincipal** resource inherits from **DirectoryObject ## TenantDetails property differences -The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; it's named **organization** in Microsoft Graph and inherits from **directoryObject**. Here are the property differences: +The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; In Microsoft Graph, it's **organization** and inherits from **directoryObject**. The properties differ as follows: |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| @@ -220,15 +220,15 @@ The Azure AD Graph **TenantDetail** resource inherits from **DirectoryObject**; ## TrustedCasForPasswordlessAuth property differences -The Azure AD Graph **TrustedCasForPasswordlessAuth** resource has been renamed to [certificateBasedAuthConfiguration](/graph/api/resources/certificatebasedauthconfiguration). There are no property differences; however, there are differences in the **certificateAuthority** resource type used by the **certificateAuthorities** property. +The Azure AD Graph **TrustedCasForPasswordlessAuth** resource is [certificateBasedAuthConfiguration](/graph/api/resources/certificatebasedauthconfiguration). There are no property differences; however, there are differences in the **certificateAuthority** resource type used by the **certificateAuthorities** property. ### CertificateAuthorityInformation property differences -The Azure AD Graph **CertificateAuthorityInformation** has been renamed to **certificateAuthority** in Microsoft Graph. The following are the property differences. +The Azure AD Graph **CertificateAuthorityInformation** is **certificateAuthority** in Microsoft Graph. The following are the property differences. |Azure AD Graph
    (v1.6) property |Microsoft Graph
    property|Comments| |---|---|---| -| **authorityType** | beta - **isRootAuthority**
    v1.0  - **isRootAuthority** | This property's is now a Boolean. Previously this property had to be set to either "RootAuthority" or "IntermediateAuthority". Setting the new property to **true** is equivalent to "RootAuthority". | +| **authorityType** | beta - **isRootAuthority**
    v1.0  - **isRootAuthority** | This property's is now a Boolean. In Azure AD Graph, this property had to be set to either `RootAuthority` or `IntermediateAuthority`. In Microsoft Graph, setting the new property to `true` is equivalent to `RootAuthority`. | | **crlDistributionPoint** | beta - **certificateRevocationListUrl**
    v1.0 - **certificateRevocationListUrl** | | | **deltaCrlDistributionPoint** | beta - **deltaCertificateRevocationListUrl**
    v1.0 - **deltaCertificateRevocationListUrl** | | | **trustedCertificate** | beta - **certificate**
    v1.0 - **deltaCertificateRevocationListUrl** | | From 63f88f55593dc752e63bd8338e226ecf2c9ab15c Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:44:09 -0600 Subject: [PATCH 149/156] Update learningcourseactivity-update.md --- api-reference/v1.0/api/learningcourseactivity-update.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api-reference/v1.0/api/learningcourseactivity-update.md b/api-reference/v1.0/api/learningcourseactivity-update.md index 5df95a7de2e..b7f22e5fd15 100644 --- a/api-reference/v1.0/api/learningcourseactivity-update.md +++ b/api-reference/v1.0/api/learningcourseactivity-update.md @@ -69,17 +69,17 @@ The following table lists the properties you can change for a self-initiated lea If successful, this method returns a `204 No Content` response code. -Below are error codes returned in case of failure +If unsuccessful, this method returns one of the responses below: -|Scenario|HTTP Code|Code|Message|Details| +|Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| |Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|badRequest|This provider isn't enabled for the given tenant.| -|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant| +|Bad request|400|badRequest|There was an issue with your request. Make sure the registrationId you entered is valid or registered for your tenant.| |Bad request|404|notFound|The assignment ID requested doesn’t exist.| -|Internal server error|500|internalServerError|Internal server error| +|Internal server error|500|internalServerError|Internal server error.| |Request throttled|429|tooManyRequests|{"code": "tooManyRequests","message": "Retry after {noOfMinutes} minutes".}| |Service unavailable|503|serviceUnavailable|{"code": "serviceUnavailable","message": "Retry after {noOfMinutes} minutes"}.| |Bad request|400|badRequest|Required fields are missing|{"code": "badRequest","message": "Input field {fieldName} is required"}.| From 1b39775ed541b3bdc62ec862ad147dcc41839913 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:45:25 -0600 Subject: [PATCH 150/156] Update employeeexperienceuser-post-learningcourseactivities.md --- .../employeeexperienceuser-post-learningcourseactivities.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index 57a6cab4a8a..4c88f9cf2b5 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -74,9 +74,9 @@ In the request body, use @odata.type to specify the type of [learningCourseActiv If successful, this method returns a `201 Created` response code and a [learningCourseActivity](../resources/learningcourseactivity.md) object of type [learningAssignment](../resources/learningassignment.md) or [learningSelfInitiated](../resources/learningselfinitiatedcourse.md) in the response body. -Below are the error codes returned in case of failure +If unsuccessful, this method returns one of the responses below: -|Scenario|HTTP Code|Code|Message|Details| +|Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| |Forbidden|403|Forbidden|You don't have an adequate service plan for this request.| |Bad request|400|badRequest|This provider isn't enabled for the given tenant.| @@ -288,4 +288,4 @@ Content-Type: application/json "startedDateTime": "2021-05-21T22:57:17+00:00", "status": "inProgress" } -``` \ No newline at end of file +``` From a9b684f753042c50f80a01ff69649a8c265c540b Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:46:24 -0600 Subject: [PATCH 151/156] Update learningcourseactivity-delete.md --- api-reference/v1.0/api/learningcourseactivity-delete.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/api-reference/v1.0/api/learningcourseactivity-delete.md b/api-reference/v1.0/api/learningcourseactivity-delete.md index 5d63597719a..a92de3f4bd0 100644 --- a/api-reference/v1.0/api/learningcourseactivity-delete.md +++ b/api-reference/v1.0/api/learningcourseactivity-delete.md @@ -49,7 +49,7 @@ Don't supply a request body for this method. If successful, this method returns a `204 No Content` response code. -Below are the error codes returned in case of failure +If unsuccessful, this method returns one of the responses below: |Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| From 175c9240bc1253251147b58c332787815d781f96 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:47:30 -0600 Subject: [PATCH 152/156] Update learningcourseactivity-get.md --- api-reference/v1.0/api/learningcourseactivity-get.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api-reference/v1.0/api/learningcourseactivity-get.md b/api-reference/v1.0/api/learningcourseactivity-get.md index 7884ad6b2b5..7b6d088df0c 100644 --- a/api-reference/v1.0/api/learningcourseactivity-get.md +++ b/api-reference/v1.0/api/learningcourseactivity-get.md @@ -77,9 +77,9 @@ Don't supply a request body for this method. If successful, this method returns a `200 OK` response code and a [learningCourseActivity](../resources/learningcourseactivity.md) object in the response body. -Below are the error codes returned in case of failure +If unsuccessful, this method returns one of the responses below: -|Scenario|HTTP Code|Code|Message|Details| +|Scenario|HTTP code|Code|Message|Details| |:---|:---|:---|:---|:---| |Method not supported for entity|405|methodNotAllowed|This method isn't supported for this entity type. See the Microsoft Graph documentation for the methods applicable to this entity.| |User doesn't have appropriate permission scope|403|Forbidden|Your account doesn't have access to this report or data. Contact your global administrator to request access.| From 224ca815d0d751c1f987185a8f9cc5e0c2336ea5 Mon Sep 17 00:00:00 2001 From: Daniela Bonilla Montero <92937694+Danielabom@users.noreply.github.com> Date: Thu, 21 Dec 2023 11:52:53 -0600 Subject: [PATCH 153/156] Update employeeexperienceuser-post-learningcourseactivities.md --- .../employeeexperienceuser-post-learningcourseactivities.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md index 4c88f9cf2b5..19042371b56 100644 --- a/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md +++ b/api-reference/v1.0/api/employeeexperienceuser-post-learningcourseactivities.md @@ -96,7 +96,7 @@ If unsuccessful, this method returns one of the responses below: The following example shows how to create a [learningAssignment](../resources/learningassignment.md) activity. #### Request -The following example shows the request. +The following example shows a request. # [HTTP](#tab/http)