Update user

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Update the properties of a user object.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) User.ReadWrite, User.ReadWrite.All, Directory.ReadWrite.All
Delegated (personal Microsoft account) User.ReadWrite
Application User.ReadWrite.All, Directory.ReadWrite.All

Note

  • When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.
  • Updating another user's businessPhones, mobilePhone, or otherMails property is only allowed on users who are non-administrators or assigned one of the following roles: Directory Readers, Guest Inviter, Message Center Reader, and Reports Reader. For more details, see Helpdesk (Password) Administrator in Azure AD available roles. This is the case for apps granted either the User.ReadWrite.All or Directory.ReadWrite.All delegated or application permissions.

Note

Updating the identities property requires the User.ManageIdentities.All permission. Also, adding a B2C local account to an existing user object is not allowed, unless the user object already contains a local account identity.

HTTP request

PATCH /users/{id | userPrincipalName}

Request headers

Header Value
Authorization Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, supply the values for relevant fields that should be updated. Existing properties that are not included in the request body will maintain their previous values or be recalculated based on changes to other property values. For best performance you shouldn't include existing values that haven't changed.

Property Type Description
aboutMe String A freeform text entry field for the user to describe themselves.
accountEnabled Boolean true if the account is enabled; otherwise, false. This property is required when a user is created.
assignedLicenses assignedLicense collection The licenses that are assigned to the user. Not nullable.
birthday DateTimeOffset The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'
businessPhones String collection The telephone numbers for the user. NOTE: Although this is a string collection, only one number can be set for this property.
city String The city in which the user is located.
country String The country/region in which the user is located; for example, “US” or “UK”.
department String The name for the department in which the user works.
displayName String The name displayed in the address book for the user. This is usually the combination of the user's first name, middle initial and last name. This property is required when a user is created and it cannot be cleared during updates. Supports $filter and $orderby.
employeeId String The employee identifier assigned to the user by the organization.
givenName String The given name (first name) of the user.
hireDate DateTimeOffset The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'
identities objectIdentity collection Represents the identities that can be used to sign in to this user account. An identity can be provided by Microsoft, by organizations, or by social identity providers such as Facebook, Google, and Microsoft, and tied to a user account. Any update to identities will replace the entire collection and you must supply the userPrincipalName signInType identity in the collection.
interests String collection A list for the user to describe their interests.
jobTitle String The user’s job title.
mailNickname String The mail alias for the user. This property must be specified when a user is created.
mobilePhone String The primary cellular telephone number for the user.
mySite String The URL for the user's personal site.
officeLocation String The office location in the user's place of business.
onPremisesImmutableId String This property is used to associate an on-premises Active Directory user account to their Azure AD user object. This property must be specified when creating a new user account in the Graph if you are using a federated domain for the user’s userPrincipalName (UPN) property. Important: The $ and _ characters cannot be used when specifying this property.
otherMails String A list of additional email addresses for the user; for example: ["bob@contoso.com", "Robert@fabrikam.com"].
passwordPolicies String Specifies password policies for the user. This value is an enumeration with one possible value being “DisableStrongPassword”, which allows weaker passwords than the default policy to be specified. “DisablePasswordExpiration” can also be specified. The two may be specified together; for example: "DisablePasswordExpiration, DisableStrongPassword".
passwordProfile PasswordProfile Specifies the password profile for the user. The profile contains the user’s password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the passwordPolicies property. By default, a strong password is required.
pastProjects String collection A list for the user to enumerate their past projects.
postalCode String The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code.
preferredLanguage String The preferred language for the user. Should follow ISO 639-1 Code; for example "en-US".
responsibilities String collection A list for the user to enumerate their responsibilities.
schools String collection A list for the user to enumerate the schools they have attended.
skills String collection A list for the user to enumerate their skills.
state String The state or province in the user's address.
streetAddress String The street address of the user's place of business.
surname String The user's surname (family name or last name).
usageLocation String A two letter country code (ISO standard 3166). Required for users that will be assigned licenses due to legal requirement to check for availability of services in countries. Examples include: "US", "JP", and "GB". Not nullable.
userPrincipalName String The user principal name (UPN) of the user. The UPN is an Internet-style login name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where domain must be present in the tenant’s collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization. Supports $filter and $orderby.
userType String A string value that can be used to classify user types in your directory, such as “Member” and “Guest”.

Because the user resource supports extensions, you can use the PATCH operation to add, update, or delete your own app-specific data in custom properties of an extension in an existing user instance.

Response

If successful, this method returns a 204 No Content response code.

Example

Example 1: Update properties of the signed-in user

Request

The following example shows a request.

PATCH https://graph.microsoft.com/beta/me
Content-type: application/json

{
  "businessPhones": [
    "businessPhones-value"
  ],
  "officeLocation": "city-value"
}

Response

The following example shows the response.

HTTP/1.1 204 No Content

Example 2: Update properties of the specified user

Request

The following example shows a request.

PATCH https://graph.microsoft.com/beta/users/{id}
Content-type: application/json

{
  "businessPhones": [
    "businessPhones-value"
  ],
  "officeLocation": "city-value"
}

Response

The following example shows the response.

HTTP/1.1 204 No Content

See also