Update chatMessage

Update a chatMessage object. Only the policyViolation property of a chatMessage can be updated.

Note: This API has licensing and payment requirements. It supports the model=A query parameter. If no model is specified, evaluation mode will be used.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Not supported.
Delegated (personal Microsoft account) Not supported.
Application Chat.UpdatePolicyViolation.All for a chat message.
ChannelMessage.UpdatePolicyViolation.All for a channel message.

HTTP request

PATCH /teams/(team-id)/channels/{channel-id}/messages/{message-id}
PATCH /teams/(team-id)/channels/{channel-id}/messages/{message-id}/replies/{reply-id}
PATCH /chats/{chatThread-id}/messages/{message-id}

Optional query parameters

You can use model query parameter, which only supports the value A, as shown in the following examples.

PATCH /teams/(team-id)/channels/{channel-id}/messages/{message-id}?model=A
PATCH /teams/(team-id)/channels/{channel-id}/messages/{message-id}/replies/{reply-id}?model=A
PATCH /chats/{chatThread-id}/messages/{message-id}?model=A

If no model is specified, evaluation mode will be used.

Request headers

Name Description
Authorization Bearer {token}. Required.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation of a chatMessage object, specifying only the policyViolation property.


If successful, this method returns a 200 OK response.



The following is an example of the request to update the policyViolation property on a Microsoft Teams channel message.

PATCH https://graph.microsoft.com/v1.0/teams/e1234567-e123-4276-55555-6232b0e3a89a/channels/a7654321-e321-0000-0000-123b0e3a00a/messages/19%3Aa21b0b0c05194ebc9e30000000000f61%40thread.skype
Content-Type: application/json

  "policyViolation": {
    "policyTip": {
      "generalText" : "This item has been blocked by the administrator.",
      "complianceUrl" : "https://contoso.com/dlp-policy-page",
      "matchedConditionDescriptions" : ["Credit Card Number"]
    "verdictDetails" : "AllowOverrideWithoutJustification,AllowFalsePositiveOverride",
    "dlpAction" : "BlockAccess"


Here is an example of the response.

HTTP/1.1 200 OK