Maklum balas Edit

Highlights of earlier releases

  • Artikel
  • 104 minit untuk dibaca

March 2022: New and generally available

Files

Use a bundle resource to share multiple files at once, much like other driveItem resources. You can apply CRUD operations on a bundle, and add an item to or remove an item from a bundle.

Identity and access | Directory management

Use resource-specific permission to authorize a Teams app direct access to the data of a specific instance of a chat or team. For example, the resource-specific permission ChannelMessage.Read.Group allows a Teams app to read the channel messages of a single team.

Identity and access | Governance

Identity and access | Identity and sign-in

Specify the inclusion or exclusion of client applications as among a set of conditions to apply a conditional access policy.

Use the toolkit

Celebrate real teamwork with community contributions and try new features in Microsoft Graph Toolkit v2.4.0:

  • Optimize refreshing of people's images in the person component by using the disable-image-fetch attribute to control unnecessary fetching.
  • Avoid unncessary loading of people's images in the people picker component by using the disable-images attribute.
  • Filter for available users, groups, and list of people in the people picker component by using the user-filters, group-filters, and people-filters attributes.

March 2022: New in preview only

Cloud communications | Online meeting

Specify one or more meeting participants as co-organizer.

Compliance | eDiscovery

Purge data and permanently delete Microsoft Teams messages from an eDiscovery source collection.

Device and app management | Cloud PC

Device and app management | Corporate management

  • Intune March updates for the beta version.

Device and app management | Multi-tenant management

List and get audit events for managed tenants in Microsoft 365 Lighthouse.

Identity and access | Directory management

  • List or update settings that specify access from Microsoft applications to Microsoft 365 data belonging to users in an organization. For example, given the proper authorization, whether only Microsoft 365 apps (such as Word and Excel) can access users' Microsoft 365 data, or whether other Microsoft apps (such as Windows) can access the data as well. By default, all users in an organization can access in a Microsoft app any Microsoft 365 data that the user has been authorized to access.
  • Following the Zero Trust cybersecurity model, Microsoft partners can use granular delegated admin privileges (GDAP) to carry out administrative tasks with least-privileged access to their customer tenants, to avoid potential security exposures. Instead of requesting Global Administrator role as in the past, partners request specific roles for customer tenant administration for a definite amount of time, and their customers must explicitly grant the least-privileged access to them.

Security | Attack simulation and training

  • Specify in a search request whether to trim away the duplicate SharePoint files from search results. The default is false.
  • Qualify a search query string with a template, which supports KQL and query variables.

Sites and lists

  • For a column that contains taxonomy data, specify the parent term and term set for which the child terms can be selected as column values.
  • Get the settings for a site, including its language and time zone.

Tasks and plans

Identify if a Planner plan intended for experiences outside of Planner (such as Microsoft Teams) can track work in that context, by checking the details relationship of the corresponding plannerPlan resource.

Teamwork

February 2022: New and generally available

Teamwork

Get details about an online meeting that is associated with a chat through the onlineMeetingInfo property.

February 2022: New in preview only

Applications

  • Use a new policy option for application authentication methods to restrict a custom password secret on an application or service principal.
  • Specify settings for apps running Windows and published in the Microsoft Store or Xbox games store.

Change notifications

Subscribe to changes of Outlook contacts, events, or messages to receive notifications that include resource data in the payload. For more information, see Change notifications for Outlook resources in Microsoft Graph.

Device and app management | Cloud PC

  • Define restore point settings, which include the frequency to create a restore point, and whether users can restore their own Cloud PC based on a restore point backup.
  • Restore a Cloud PC based on a previous snapshot.
  • Restore multiple Cloud PCs in a single request by specifying their managed device IDs and a date/time range (e.g., before, after) of a restore point.

Identity and access | Directory management

Use application permissions CustomSecAttributeAssignment.Read.All to read custom security attribute definitions for an organization without a signed-in user.

Identity and access | Governance

Identity and access | Identity and sign-in

  • Use a number of new properties to configure an organization's branding. For example, a banner version of a company logo for the sign-in page, a custom favicon with a CDN-based URL, and a few other custom properties for users to manage accounts.
  • Include or exclude Linux as one of the platform conditions in a conditional access policy.
  • Identify at-risk service principals in an organization with Azure AD, which continually detects and evaluates risks based on various signals and machine learning. You can confirm if an at-risk service principal is indeed compromised, upon which Microsoft would disable that service principal object. You can dismiss the risk of an at-risk service principal. And, you can list the risk history of a service principal.
  • Use cross-tenant access settings to control and manage collaboration between users in your organization and other organizations. They are granular to let you determine the users, groups, and apps, both in your organization and in external organizations, that can participate in Azure AD B2B collaboration and Azure AD B2B direct connect.
  • Enable or disable users and groups in an organization to use the Azure AD native Certificate-Based Authentication (CBA).

Search

Set up acronym, bookmark, and QnA resources as administrative search answers for users in an organization.

January 2022: New and generally available

Devices and apps | Service health and communications

Get a service announcement attachment added to a service update message.

Identity and access | Governance

Identity and access | Identity and sign-in

Enforce a session control (by setting the disableResilienceDefaults property) to determine whether Azure AD should extend existing sessions based on information collected prior to an outage.

Teamwork

Create a chat using application permissions.

January 2022: New in preview only

Compliance | eDiscovery

Get the URL of a custodian's OneDrive for Business site (siteWebUrl property of userSource.

Devices and apps | Cloud PC

Identity and access | Governance

Reports | Identity and access reports

  • Get details of the authentication methods registered for a user, such as multi-factor authentication, self-service password reset, and passwordless authentication.
  • Get the following properties for a sign-in event of a user or application in an organization:
    • Any conditional access authentication context.
    • Any conditional access session lifetime policy.
    • The ID of an Azure resource accessed during sign-in.
    • The identifier of an application's federated identity credential if that was used to sign in.
    • The identifier of the service principal representing the target resource in the sign-in event.

Reports | Microsoft 365 usage reports

Get usage reports for Outlook, OneDrive, and SharePoint for Microsoft Cloud for US Government. See summary for cloud deployments.

Sites and lists

  • Add or synchronize a content type from the content type hub to a site or list, by using the addCopyFromContentTypeHub action. This makes a content type or its update available to a specific site or list where it is needed. This is an improvement from the legacy sync infrastructure which pushes the content type to all sites across an organization, reducing wait times for the publishing to propagate.
  • Get one or more rich, long-running operations occurring on a site or list, which can happen when adding a content type synchronously.
  • Get a collection of content type resources from the content type hub that are compatible by using the getCompatibleHubContentTypes action.

Teamwork

December 2021: New and generally available

Cloud communications | Presence

Subscribe to notifications of changes in a specified user's presence status. Always specify an encryption certificate in the subscription request as these are rich notifications that include encrypted resource data.

Compliance | Subject rights requests

As part of privacy management in Microsoft 365, the subject rights requests API debuts in both v1 and beta endpoints of Microsoft Graph. The API lets users make requests to review or manage their personal data in their organizations. It also lets organizations automate and scale managing these requests, helping them to meet industry regulations more efficiently.

Customer booking

Use the API for Microsoft Bookings in production apps, and take advantage of the following new features and updates:

  • Notify your customers in the US or Canada by SMS for an appointment or specific service associated with an appointment.
  • Enable meeting online for a service and auto-generate a Microsoft Teams meeting link for the appointment.
  • Allow one or more customers in a group appointment, setting a maximum attendee count for a service and for an appointment, and tracking the actual attendee count in an appointment.
  • Create a custom question for a business, associate a question with an option to specify it as mandatory for a service, and track questions and answers in an appointment.
  • Get or set the time zone for a customer in an appointment or staff member.
  • Get or set the location and phone number for a customer.
  • Access the v1 API from the new endpoint https://graph.microsoft.com/v1.0/solutions/. Note that the beta API remains in the https://graph.microsoft.com/beta endpoint.

Education

Identity and access | Governance

Update the reviewers and fall-back reviewers for an instance of an access review.

Teamwork

  • Identify a chat in Microsoft Teams by its web URL (via the webUrl property).
  • Get details of an event that happened in a chat, channel or team by accessing eventMessageDetail from a chatMessage or chat. For example, members added to a channel or chat, and team description updated.

December 2021: New in preview only

Cloud communications | Online meetings

Enable registration for an online meeting using an external registration system.

Cloud communications | Presence

Devices and apps | Cloud PC

Education

Identity and access | Directory management

Search | Index

Use the update operation to update properties for items in a connection schema, including their aliases and labels.

Teamwork

  • List all teams in an organization.

To-do tasks

  • To anticipate being able to manage in a single place all the tasks from multiple sources (such as Outlook messages, Teams chats, OneDrive documents):
    • Use the latest To Do API and access it from the new endpoint https://graph.microsoft.com/beta/me/tasks/.
    • Use the segment allTasks to get all the tasks for a user: https://graph.microsoft.com/beta/me/tasks/alltasks.
    • Differentiate between a built-in task list (such as Flagged Email or Tasks) and a user-defined task list. A built-in task list is represented by the wellKnownTaskList resource, and a user-defined task list is represented by the taskList resource.
    • Differentiate between the currently defined type of tasks, task, from a base type baseTask.
  • Break down a more complex task into smaller, more actionable subtasks. Each subtask is represented by a checklistItem resource.
  • Move a task across lists.
  • Refer to this blog post for more details and migrate any existing apps that use the earlier To Do API to the latest To Do API.

November 2021: New and generally available

Files

Get the state of a drive as of a specific time by specifying the corresponding URL-encoded timestamp. See an example.

Identity and access | Identity and sign-in

November 2021: New in preview only

Cloud communications | Online meeting

Automatically admit new types of participants in an online meeting and bypass the meeting lobby:

  • Only people the organizer invites.
  • Only the participants from the same company.

Devices and apps | Cloud PC

  • Define a configuration of how a provisioned Cloud PC device can join Azure Active Directory (Azure AD): either cloud-only and join only to Azure AD, or hybrid and join on-premises Active Directory and Azure AD.
  • Get the gallery image resource of the current organization which can be used to provision a Cloud PC.

Devices and apps | Device updates

  • Use safeguard settings to opt-out of safeguards against likely issues in a deployment.
  • Support for a deployment state where a deployment is faulted due to the content no longer being deployable, for example, at the end of service.

Identity and access | Directory management

Reports | Microsoft 365 usage reports

Microsoft 365 usage reports in JSON output type are no longer strongly typed and are of the type Edm.Stream. For more information, see OData property changes to Microsoft 365 usage reports API in Microsoft Graph.

Teamwork

Mark a chat as read, or unread for a user.

October 2021: New and generally available

Cloud communications | Calls

  • Transfer an active peer-to-peer call.
  • Transfer a group call to a specified participant (transferee).

Cloud communications | Online meetings

Support multiple toll and toll-free numbers for dial-in phone access (audio conferencing) of an online meeting.

Education

Support a media file or some other external generic resource as an assignment resource.

Identity and access | Applications

  • To drive the consent experience for an application, specify the resources that the app needs to access, including the set of OAuth 2.0 delegated permissions and application roles that the application requires.
  • Limit the number of required APIS to 50, and required permissions to 400 per application.

Identity and access | Directory management

Identity and access | Governance

Specify a list of additional users or group members to be notified of the access review progress, in the additionalNotificationRecipients property of an accessReviewScheduleDefinition.

Identity and access | Identity and sign-in

Specify the devices in a conditional access policy, as part of the conditions that govern when the policy applies.

Personal contacts

Enable support for delegated permissions (Contacts.Read or Contacts.ReadWrite) for profilePhoto resources in personal Microsoft accounts.

Teamwork

Users

User licenses for Azure Active Directory (Azure AD) services now support a timestamp for when the state of the license assignment is last updated.

October 2021: New in preview only

Applications

Use federated identity credentials to manage an application's credentials and allow an organization's cloud applications to access Azure AD without using secrets and certificates.

Cloud communications | Calls

Identify a call participant, by using the participantId property of the participantInfo resource type.

Cloud communications | Online meetings

Enable meeting registration and organize online meetings as a webinar. Associate the meeting with a registration page, and choose to enroll everyone or only organization members as meeting registrants.

Customer booking

  • Support the following attributes for a booking service:
    • Enable sending SMS notifications to customers for their appointments (smsNotificationsEnabled property).
    • The URL that customers can use to access the service (webUrl property).
  • Book an appointment with one or more of the following attributes:
    • Specify the customer's time zone (customerTimeZone property).
    • Specify the URL for an online appointment (joinWebUrl property).
    • Enable SMS notifications to the customer for the appointment (smsNotificationsEnabled property).
  • Specify one or more addresses and phone numbers for a customer.
  • Specify the time zone for a staff member.

Devices and apps | Cloud PC

List the Windows 365 service plans that an organization subscribes to for their Cloud PCs. Under each service plan type (business or enterprise), an organization can choose to subscribe from a range of plan configurations that vary by attributes like vCPU, RAM, and storage.

Identity and access | Directory management

Specify key credential configuration settings that can be configured to enable restrictions to an application or service principal.

Identity and access | Governance

Enable the following additional settings to review an access package assignment policy:

  • Default behavior if request is not reviewed in a specified duration (accessReviewTimeoutBehavior property).
  • Display recommendations to reviewer (isAccessRecommendationEnabled property).
  • Require reviewer to provide justification for approval (isApprovalJustificationRequired property).

Identity and access | Identity and sign-in

Search | Index

  • Specify settings for the search experience of content in an external connection. For example, a display template for search results, and a rule to select the display template.
  • Relate one or more external groups to an external connection. For example, an external group such as a business unit or work team can determine permissions to the content in the data source represented by the external connection.
  • Can optionally specify the ID of a Teams app in an external connection in the connectorId property.

Users

Validate a password in real time against an organization's password validation policy, as a user types the password. Get detailed information from the validation against rules in the policy.

September 2021: New and generally available

Cloud communications | Calls

  • Put a participant on hold and play music in the background, by using the startHoldMusic action.
  • Reincorporate a participant previously put on hold to a call, by using the stopHoldMusic action.

Cloud communications | Online meetings

  • Get the content stream of an attendee report of a Teams live event.
  • Get or set the option to automatically record an online meeting.
  • Use OnlineMeetingArtifact.Read.All as delegated or application permission to read artifacts of online meetings. For more information, see online meetings permissions.

Devices and apps | Cloud printing

Cloud printer status includes all the standard values in Internet Printing Protocol (IPP).

Devices and apps | Corporate management

Intune monthly updates for the v1.0 version. In the changelog, set the Date filter for September, 2021, and look for a section with this same heading.

Files

  • Get the details of any virus detected in a driveItem through a malware property.
  • Use the delta function to track changes on not only the root folder but also other folders within a drive.

Identity and access | Directory management

Providers of role-based access control (RBAC) can manage roles in Azure Active Directory, by defining role actions that can be performed on specific resources, and assigning roles to users based on such role definitions, giving them the corresponding access to those resources.

Search | Query

Teamwork

Use a single action provisionEmail to get the email address of a channel if one exists, or create one otherwise. Use the removeEmail action to remove the email address.

Workbooks and charts

Create table rows asynchronously. For better performance, a good practice to create multiple table rows is to batch them in one create tableRow operation and carry out the operation asynchronously. Follow with the GET workbookOperation operation and tableRowOperationResult function to get the new workbookTableRow resource.

September 2021: New in preview only

Applications

Applications that use Security Assertion Markup Language (SAML) single sign-on flows can specify a default redirect URI (defaultRedirectUri property of application), or identify a specific redirect URI where users are sent to sign in (redirectUriSettings property of webApplication).

Cloud communications | Online meetings

Get the total participant count in a meeting attendance report of an online meeting.

Compliance | eDiscovery

The create case operation always creates cases in large format. This expands the case size limit to accommodate a higher total data volume and total number of items. For details, see benefits of large cases.

Devices and apps | Cloud PC

Devices and apps | Corporate management

Intune monthly updates for the beta version. In the changelog, set the Date filter for September, 2021, and look for a section with this same heading.

Education

Identity and access | Governance

Delete an accessPackageAssignmentRequest to remove a denied or completed request.

Identity and access | Identity and sign-in

Security | Attack simulation and training

Debut of the API for attack simulation and training, which is a service available as part of Microsoft Defender for Office 365. The API enables tenant administrators to list launched simulation exercises and trainings, and get reports on derived insights into online behaviors of users in the phishing simulations.

August 2021: New and generally available

Cloud communications | Calls

A participant can include metadata as a blob of data in the roster for a call.

Cloud communications | Online meetings

  • Create an online meeting as a live event, configuring broadcast settings and meeting participant info with the role of producer. See an example.
  • Enable, disable, or limit duration of chat for an online meeting by using the allowMeetingChat property.
  • Enable or disable reactions for an online meeting, by using the allowTeamworkReactions property.
  • Allow an attendee to turn on their camera or microphones by using the allowAttendeeToEnableCamera or allowAttendeeToEnableMic property respectively.

Cloud communications | Presence

Devices and apps | Corporate management

Intune monthly updates for the v1.0 version. Set the Date filter for August, 2021, and look for a section with this same heading.

Devices and apps | Service health and communications

GA of the service communications API in Microsoft Graph to access the health status and message center posts about Microsoft cloud services.

Identity and access | Governance

Get a collection of access review scopes that is used to define reviewers and fallback reviewers for an instance of access reviews.

Sites and lists | Taxonomy

Access the SharePoint term store taxonomy, the hierarchy that consists of group, set, and term resources, and relation resources between terms.

Teamwork

List chats that a user is part of, in a delegated context.

August 2021: New in preview only

Cloud communications | Calls

  • Put a participant on hold and play music in the background, by using the startHoldMusic action.
  • Reincorporate a participant previously put on hold to a call, by using the stopHoldMusic action.

Cloud communications | Online meetings

Set an online meeting to record automatically.

Devices and apps | Cloud PC

End the grace period for a Cloud PC. The grace period lets users access Cloud PCs up to seven days before de-provisioning occurs. Ending the grace period immediately deprovisions the Cloud PC without waiting the seven days.

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for August, 2021, and look for a section with this same heading.

Identity and access | Governance

Identity and access | Identity and sign-in

Teamwork

Users

Use the last interactive and non-interactive sign-in date/time values of users' signInActivity to manage inactive accounts.

July 2021: New and generally available

Cloud communications | Calls

Support for a capacity limit for the number of participants that an application can handle when answering a call, in organizations that adopt Teams policy-based recording.

Identity and access | Identity and sign-in

  • GA of identity providers that share a common base type identityProviderBase:
    • Built-in identity providers for Azure AD B2B scenarios in an Azure AD tenant. These providers can support Azure AD, Microsoft account (MSA), or email one-time passcodes.
    • Social identity providers in an Azure AD B2C tenant to allow users to sign up and sign in for the service using a social media account, such as Microsoft, Google, Facebook, Amazon, LinkedIn, or Twitter.
  • Deprecation of the earlier identity provider API.

Users

Let a user change their own password without requiring an administrator role.

July 2021: New in preview only

Devices and apps | Cloud PC

An on-premises connection health check can identify a few more possible health check error types:

  • Cloud PC computer account is not found in the organizational unit (adJoinCheckComputerObjectAlreadyExists).
  • Cloud PC object is not found in Azure AD (azureAdDeviceSyncCheckDeviceNotFound).
  • Timeout from checking if a cloud PC object has been synchronized to Azure AD (azureAdDeviceSyncCheckLongSyncCircle).

See the reference for details and recommended remedial actions.

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for July, 2021, and look for a section with this same heading.

Devices and apps | Multi-tenant management

Debut of the Microsoft 365 Lighthouse API that lets Managed Service Providers (MSPs) remotely manage multiple customer tenants at scale for compliance and threat detection, and help get tenant devices in a healthy and secure state.

Education

Identity and access | Governance

Get a collection of errors in the lifecycle of an access review instance.

Search

Teamwork

June 2021: New and generally available

Applications

Get or set the status of an application or servicePrincipal to identify if Microsoft has disabled the application through the disabledByMicrosoftStatus property. Disabling reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement.

Change notifications

Extended the maximum length of a subscription before expiring for the following resources:

  • OneDrive driveItem and SharePoint list from 3 to 30 days.
  • group, user, or other directory resources from 3 to 29 days.

Change tracking

Removed limitation for tracking changes in non-root folders in OneDrive for Business and SharePoint.

Education

The APIs for the education assignments service are now generally available.

Identity and access | Governance

GA of the access review API. Check out the overview and tutorials to review access to security groups and access to Microsoft 365 groups. Note that the legacy access review API is being deprecated and will stop returning data in May 2023.

June 2021: New in preview only

Cloud communications | Online meetings

Customize audio and video control in an onlineMeeting by enabling or disabling attendees from turning on their cameras and microphones, through the allowAttendeeToEnableCamera and allowAttendeeToEnableMic respectively.

Devices and apps | Cloud PC

  • Assign and manage cloudPcUserSetting to enable local admin or self-service option for a user on a cloud PC. Currently assignments can be made at a group level (users belonging to a Microsoft 365 group or security group).
  • Get a few new properties of a cloudPC: the names of the provisioning policy and of the on-premises connection used during provisioning, and the end date/time of the grace period by which reprovisioning or deprovisioning happens.
  • Support for more status and error types upon a health check on an on-premises connection.

Education

  • Teachers can now select the default behavior for a calendar when they publish assignments. Teachers can control the assignment calendar behavior by using the addToCalendarAction property of the educationAssignment resource.
  • Teachers can now also set a default behavior for a calendar when they publish assignments. Teachers can control the assignment default calendar behavior by using the addToCalendarAction property of the educationAssignmentDefaults resource.

Groups

Allow a group to be assigned to an Azure AD role on creation by setting the isAssignableToRole property. If set, this property makes it convenient to manage roles for individuals - instead of having to assign a role to each individual person, eligible persons can join a group, and assigning the role to the group would by default assign the role to each new person joining the group.

Identity and access | Governance

Set users or group members to be notified of the progress of an access review, by using the additionalNotificationRecipients property of the schedule definition.

Identity and access | Identity and sign-in

Define a filter to dynamically include or exclude devices, using the deviceFilter property of conditionalAccessDevices.

Sites and lists

Create or get an existing sharingLink for a listItem by calling createLink.

Teamwork

Teamwork | Shifts

May 2021: New and generally available

Devices and apps | Cloud printing

Find out when a printer last interacted with Universal Print, by using the lastSeenDateTime property of printer.

Identity and access | Identity and sign-in

Get or update the role of a guest user by using the guestUserRoleId property of authorizationPolicy.

Mail

Microsoft Graph Toolkit

Try the following new features in the Microsoft Graph Toolkit 2.2:

Reports | Azure AD activity reports

GA of the reporting API to list actions performed by the Azure AD provisioning service and its associated properties. Aligned the prior beta version to the v1.0 version of the API.

May 2021: New in preview only

Connecting external content

Devices and apps | Cloud PC

Request the least privileged application permissions, CloudPC.Read.All or CloudPC.ReadWrite.All, to access methods of the following resources:

Devices and apps | Corporate management

Intune monthly updates for the beta version. Set the Date filter for June, 2021, and look for a section with this same heading.

Education

Identity and access | Governance

Use SDKs

Try the preview version of Microsoft Graph .NET SDK v4, and take advantage of the following improvements:

  • Use a single API to authenticate against Microsoft Graph and Azure .NET clients.
  • New support for JSON serialization and deserialization.
  • Easy access to response information.
  • Better experience upgrading dependencies.

April 2021: New and generally available

Identity and access | Identity and sign-in

  • Manage an authentication policy at a tenant level, to enable or disable self-service sign-up of external users.
  • Administrators can associate user flows with apps that are shared with external users and enable self-service sign-up on those apps. They can customize a self-service sign-up user flow and create a personalized sign-up experience. Once an application is associated with the user flow, users who go to that application will be able to initiate a sign-up flow that provisions a guest account.
  • Configure user flow attributes in your Azure AD tenant allows you to collect information about a user during sign-up. You can collect a built-in set of attributes, or configure custom user flow attributes to collect information from a user that is not built in to the directory.
  • In an Azure Active Directory user flow, you can manage language defaults and customize the language and strings displayed to users in the user flow.
  • Use an API connector in user flows for Azure AD self-service sign-up and Azure AD B2C sign-up, to call an API at a specific step to affect the execution of the user flow.

Teamwork

Use the Toolkit

New to the Microsoft Graph Toolkit? Try the new Toolkit learning path, use the Toolkit set of web components and authentication providers to connect a web app to Microsoft Graph, and load data from Microsoft 365.

April 2021: New in preview only

Cloud communications | Online meetings

  • Get a report of each attendee's attendance in a scheduled online meeting, through the meetingAttendanceReport property of the onlineMeeting.
  • Enable, disable, or limit duration of chat for an online meeting by using the allowMeetingChat property.
  • Enable or disable reactions for an online meeting, by using the allowTeamworkReactions property.

Compliance

Get, update, or reset to default the following settings for an eDiscovery case:

These settings provide analytics functionality that culls data intelligently in the end-to-end workflow of Advanced eDiscovery.

Devices and apps | Device updates

Debut of APIs for the Windows Update for Business deployment service. The service supports deploying Windows 10 feature updates and expediting Windows 10 security updates on devices. To learn more, start with the Windows updates API overview.

Education

  • Associate a folder with an educationAssignment to store all the related file resources, through the resourcesFolderUrl property.
  • Deep link into an educationAssignment through the webUrl property.

Identity and access | Governance

Administrators can get or update policies at the directory-level to review access, by using the accessReviewPolicy resource. For example, administrators can use an access review policy to enable or disable group owners reviewing access on groups that they own.

Search

Enable spelling suggestions or corrections for a user query. This is useful when a user query contains typing errors, or when the errors render no search results.

Teamwork

Use SDKs

March 2021: New and generally available

Applications

  • GA of the applicationTemplate resource which supports listing applications in the Azure AD application gallery, and adding an instance of such an application to a directory.
  • Use app-only permission Application.ReadWrite.OwnedBy when adding such an instance.
  • Use the signInAudience property of servicePrincipal to get the user accounts supported by the current application.

Devices and apps | Cloud printing

Identity and access | Governance

  • Use Azure Active Directory (Azure AD) consent requests to manage the request workflow for users attempting to access apps that require admin approval. The API makes use of the following resources:
    • The adminConsentRequestPolicy resource for creating and managing requests for app access for the organization.
    • The appConsentRequest resource for aggregating and managing user requests to access a specific app.
    • The userConsentRequest resource for users requesting access to an app which requires admin authorization.
    • The accessReviewReviewerScope resource defines who is specified in the adminConsentRequestPolicy to review appConsentRequest and userConsentRequest objects.
    • The approval resource represents an approval decision for a request.
  • GA of the Terms of Use API which supports a tenant's customizable Terms of Use agreement in Azure AD.

Identity and access | Identity and sign-in

Tasks and plans

  • Use the delegated permission of Tasks.Read to read operations of all Planner resources.
  • Use the delegated permission of Tasks.ReadWrite to read and write operations of all Planner resources.

Teamwork

March 2021: New in preview only

Applications

Create and add self-signed certificates to your SAML applications. Use this to help enable single sign-on for Azure AD gallery apps in your tenant by allowing Azure AD to sign SAML responses.

Devices and apps | Cloud PC

Added to the cloudPcDeviceImage resource two more reasons for failure to upload a device source image: operating system not supported (osVersionNotSupported), or an invalid source image to provision a Windows VM (sourceImageInvalid).

Devices and apps | Cloud printing

Get the most recent date/time (lastSeenDateTime property) when a printer interacted with Universal Print.

Devices and apps | Corporate management

Intune March updates for the beta version.

Identity and access | Governance

Apply the new model of access reviews to group memberships and all other supported resource types. Deprecate the legacy model of access reviews.

Sites and lists

Sites and lists | Taxonomy

  • Navigate from a site to a taxonomy term store using the termStore relationship.
  • In the reverse direction, get the ID of the parent site of a term store using the parentSiteId property.

Users

February 2021: New and generally available

Cloud communications | Online meeting

Use policy-based application permissions of OnlineMeetings.Read.All or OnlineMeetings.ReadWrite.All on operations and methods of the onlineMeeting resource. This means administrators can configure application access policy to allow apps to access online meetings on behalf of a user.

Sites and lists

Use the permission resource and its CRUD operations to manage sharing permission granted for a driveItem. Permissions with a link facet represent sharing links created on the item. Permissions with an invitation facet represent permissions added by inviting specific users or groups to have access to the file.

February 2021: New in preview only

Applications

Use application permissions for the synchronization APIs that automate provisioning (creation, maintenance) and de-provisioning (removal) of identities in Azure AD.

Cloud communications | Calls

Support for policy-based recording for calls where using administrative policy, calls are automatically recorded for subsequent processing and retention as required by relevant corporate or regulatory policy. Before a policy-based participant joins a call, policy stipulates sending a participantJoiningNotification to the bot associated with the policy that has available capacity to handle the new participant. The bot responds with one of acceptJoinResponse, rejectJoinResponse, or inviteNewBotResponse in its response payload.

Compliance | eDiscovery

  • Use the legalHold resource and its APIs to protect content indefinitely from deletion, for the purpose of litigation, internal investigation, or other legal actions.
  • Use the sourceCollection resource and its APIs to search for and identify relevant documents from custodial and non-custodial locations in Microsoft 365.
  • Use the tag resource and APIs to mark documents during review to separate responsive and non-responsive content.
  • Export documents from a review set.
  • Use the addToReviewSet action to add documents in a sourceCollection to a reviewSet.
  • Apply tags to documents based on a review set query.
  • Defined all eDiscovery API in the microsoft.graph.ediscovery namespace.
  • Changed delegated permissions model from User.Read to eDiscovery.Read.All and eDiscovery.ReadWrite.All.

Devices and apps | Corporate management

  • Intune February updates for the beta version.
  • New properties set by Intune on the device resource: deviceCategory, deviceOwnership, domainName, enrollmentProfileName, enrollmentType, isRooted, managementType, and registrationDateTime.

Education

Use educationAssignmentDefaults to specify default practices on an assignment for a class, for example, assignment due time, channel URL for notifications on an assignment. You can still customize values when creating an assignment.

Identity and access | Identity and sign-in

Identity and access | Governance

Reports | Microsoft 365 usage reports

Get more properties included in detail reports for SharePoint site usage: anonymousLinkCount, companyLinkCount, externalSharing, geolocation, secureLinkForGuestCount, secureLinkForMemberCount, siteSensitivityLabelId, and unmanagedDevicePolicy.

Tasks and plans

  • Define up to 25 categories in a plan details object for a plan. For each category, specify a descriptive label and associate tasks in a plan with one or more of these categories.
  • Use a roster to represent a collection of users collaborating on a plan. Use the rosterPlans relationship to get the rosters of which the user is a member.
  • For plans that are surfaced in experiences outside of Planner, such as Microsoft Teams, specify in the plan context details how to display the link to the plan context.

Use SDKs

Try the preview release of the Microsoft Graph Java SDK v3! For more information, see the related blog post.

January 2021: New in preview only

Cloud communications

Devices and apps | Cloud PC

Devices and apps | Cloud printing

  • Subscribe to change notifications of cloud printing - when a print job is started, and when the print job is ready to be downloaded by a printer.
  • Get a fuller range of possible values for the status of a printer.
  • Use delegated permissions in apps on behalf of the signed-in user:
    • PrinterShare.ReadBasic.All to read basic information about printer shares, excluding access control information.
    • PrintConnector.Read.All to read print connectors.
    • PrintConnector.ReadWrite.All to read or write print connectors.
    • PrintJob.Create to create print jobs and upload content to print jobs.
    • PrintSettings.Read.All to read tenant-wide print settings.
    • PrintSettings.ReadWrite.All to read or write tenant-wide print settings.
    • Reports.Read.All to read print usage summary per specified user or per printer.

Education

Use class-level assignment settings to enable or disable animation to celebrate turning in an assignment.

Groups

Get the processing status of a rule-based dynamic group by using the membershipRuleProcessingStatus property. This is useful when an attribute of a user changes, the user's membership in a rule-based Microsoft 365 group is re-evaluated based on the group membership rules set for the organization.

Identity and access | Directory management

Get the usage right that a user or device has over third-party software built on Power Apps or, usage right of a device over a subscription. Usage right includes identifiers for the corresponding service or product, and the current state of the usage right such as active, inactive, in warning, or suspended.

Identity and access | Identity and sign-in

Reports | Identity and access reports

December 2020: New and generally available

Calendar

  • Meeting organizers can use the hideAttendees property of an event to control whether attendees can see one another in the meeting Tracking list.
  • GA of the isDraft property and cancel method that are available to organizers, and the forward method available to organizers and attendees to better manage event resources in a calendar.
  • GA of the hexColor and isDefault properties of a calendar to better manage calandars.

Cloud communications

GA of the presence resource, allowing getting presence information of one or more users, such as their availability and user activity.

Identity and access | Identity and sign-in

Try a new tutorial to learn how to use the identity protection API to identify risk and configure a workflow to confirm compromise or enable remediation.

Teamwork

Use the Toolkit

GA of Microsoft Graph Toolkit 2.0 - this release includes a new component for Microsoft Graph To-Do tasks, distinct from thePlanner tasks component, and an enhanced person card component. See the related blog post for more information.

December 2020: New in preview only

Compliance | eDiscovery

Continuing to fulfill the pipeline of Microsoft 365 compliance APIs are the custodian resource and its related operations and methods to release or activate a custodian. Use the custodian resource to access the custodian's data (userSource) in an Exchange Online mailbox and OneDrive for Business, SharePoint sites (siteSource), and Microsoft 365 groups (unifiedGroupSource).

Devices and apps | Cloud PC

Identify the failure status of a cloud-managed virtual desktop collectively as failed, in the status property of the cloudPC resource.

Devices and apps | Cloud printing

Education

  • If students are added after publishing the assignment, teachers can control the assignment behavior by using the addedStudentAction property of the educationAssignment resource.
  • Teachers can post assignment publish notification through the notificationChannelUrl property of the educationAssignment resource.

Identity and access

Get or set the version and creation metadata for an Azure AD terms of use agreement, agreement file, and agreementfilelocalization.

Identity and access | Governance

As part of Azure Active Directory entitlement management, when users wishing to access groups, applications, or SharePoint Online sites request an assignment to an access package, they can now respond to questions represented in localized content in the access package assignment request.

Identity and access | Identity and sign-in

Teamwork

To-do tasks

Subscribe to change notifications of a To Do task.

November 2020: New and generally available

Cloud communications

  • GA of the role property of the meetingParticipantInfo type, that distinguishes the role of a participant in an online meeting as an attendee or presenter.
  • GA of the lobbyBypassSettings property and its values to admit users to an online meeting.
  • GA of the isEntryExitAnnounced property to customize settings for announcing callers joining or leaving an online meeting.
  • GA of the allowedPresenters property to allow specific presenters in the meeting.

Search

Teamwork

  • GA of resource-specific consent (RSC) permissions. RSC permissions allow team owners to grant granular consent to a production app to access and/or modify specific data of a team, for example, reading the team's settings, or modifying channel names, descriptions, and other settings.
  • GA of APIs that apply to a channel or messages within a channel. The APIs include:

November 2020: New in preview only

Devices and apps | Cloud PC

Debut of the cloud PC API that lets organizations provision and manage virtual desktops for employees. Use it in conjunction with the Intune API to manage physical and virtual endpoints.

Devices and apps | Cloud printing

Subscribe to change notifications on a print task definition.

Devices and apps | Corporate management

Intune November updates for the beta version.

Identity and access

  • Specify URLs for sending sign-in user tokens, and URIs for authorization codes and access tokens, in the spa property of application.
  • Customize the look and feel of Azure Active Directory sign-in screens through the organization branding properties. Organizations can customize based on locale for specific users.

Identity and access | Governance

Debut of access review API for group membership to review user access regularly, make sure only the right people have continued access, and efficiently manage group memberships.

Search

You can aggregate numeric or string type search results that are imported by Microsoft Graph connectors and that are set to be refinable in the schema. See more information about refining search results using aggregations.

October 2020: New and generally available

Application

Change notifications

Production apps can now subscribe to lifecycle notifications of Outlook message, event, and contact, and Teams chatMessage, in order to reduce missing subscriptions and change notifications.

Identity and access

  • GA of advanced OData system query options ($count, $search, and $filter) on directory objects.
  • Check out examples that show OData cast on directory objects.
  • See the Identity and access section of the October updates in the changelog for the lists of enhanced APIs.

Teamwork

To-do tasks

GA of the Microsoft To Do API - use the to-do API in a production app to create and manage tasks that are part of a user's workflow, such as creating a task off an email.

Users

Get new properties applicable to a user who is corporate employee: hire date, organizational association such as division and cost center, and employee type such as consultant, contractor, or vendor. These properties require specifying the $select OData query parameter in the GET operation.

October 2020: New in preview only

Cloud communications | Online meeting

Devices and apps | Cloud printing

  • Deprecate the uploadData action in favor of creating an upload session to upload a document to a printer or printer share.
  • Deprecate the configuration property on printDocument in favor of a similar configuration property on printJob.
  • Get the source or destination job URL for a printJob that is being redirected, by using the redirectedFrom or redirectedTo property.
  • Get the current status of a printJob by using the state property and new details property.
  • Get the collection of printer shares associated with a printer by using the shares relationship.
  • Deprecate the processingStateReasons property of printer in favor of the status property. The status property is of the type printer status and exposes a details property. Use the details property to identify the reason for a printer to be in the current state.
  • Deprecate the feedDirections property on printerCapabilities in favor of the feedOrientations property, to get feed orientations supported by a printer.
  • See the cloud printing section of the October updates in the changelog for a few renaming of API and properties, and a few other deprecations.

Devices and apps | Corporate management

Intune October updates for the beta version.

Files

Revoke access to a listItem or driveItem granted via a sharing link.

Identity and access | Identity and sign-in

  • Manage authentication method policies to identify users who can use specific multi-factor authentication methods to sign into Azure Active Directory. Configure policies to define the following:
    • The types of FIDO2 security keys that can be used in the Azure AD tenant.
    • The users or groups of users who are allowed to use FIDO2 Security Keys or Passwordless Phone Sign-in to sign in to Azure AD.
  • Configure an email authentication method for users to self-serve password resets.
  • Use Azure AD B2C and choose a mechanism to configure and let end users authenticate via local accounts.
  • Use Policy.ReadWrite.AuthenticationMethod to read or write an organization's authentication method policies, as a delegated permission on behalf of a signed-in user, or as an application permission without a signed-in user present.
  • Specify in an authorization policy if and who can invite external users to an organization.

People and workplace intelligence | Insights

Administrators can see examples of using PowerShell cmdlets to customize item insight settings for an organization.

Teamwork

  • Use the instance attribute channelCreationMode to indicate that a channel is being created to serve migration of data. Use the completeMigration to indicate migration is over, such that members can post and read messages.
  • Use the instance attribute teamCreationMode to indicate that a team is being created to serve migration. Use the completeMigration to indicate migration is over, such that member operations can happen, and members can post messages.

September 2020: New and generally available

Calendar

GA of the transactionId property of the event resource, which is optionally set by a client app to avoid redundant POST operations in case of client retries to create the same event. This is useful when low network connectivity causes the client to time out before receiving a response from the server for the client's prior create-event request.

Cloud communications

Delete a participant from a call. You can use this operation even in situations where it's necessary to delete a participant from an active call.

Devices and apps | Corporate management

Intune September updates for the v1.0 version.

Identity and access | Directory management

GA of the administrative units API that allow organizations to subdivide their Azure Active Directory, manage and delegate administrative duties to these subdivisions. These subdivisions can represent regions, departments, cost centers, and so on.

Reports

Get a report that includes the count of unique users for Outlook 2019 and for Outlook on Microsoft 365.

Teamwork

Use the SDKs

GA of the Microsoft Graph PowerShell SDK which enables access to the entire surface of Microsoft Graph in a straightforward and consistent way.

Use the Toolkit

Try the new step-by-step getting-started tutorials for Microsoft Graph Toolkit and experience the convenience the toolkit brings:

Users

Aside from getting the SMTP address of a user through the mail property, you can now set that property and update the user's email address.

September 2020: New in preview only

Application

Create, list, or delete classifications of delegated permissions that a service principal exposes. Use delegated permission classifications in combination with user consent settings to set limits on when end-users are allowed to grant consent to apps.

Cloud communications

  • Deprecation of the autoAdmittedUsers property of onlineMeeting. Instead, use the new lobbyBypassSettings property and its values.
  • Use additional settings about announcing callers joining or leaving an online meeting (isEntryExitAnnounced property), and allowing specific presenters in the meeting (allowedPresenters property).

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune September updates for the beta version.

Identity and access | Directory management

Identity and access | Governance

Be able to include a schedule when requesting or removing an assignment of a user to an access package, that specifies access to groups, applications, or SharePoint sites.

Identity and access | Identity and sign-in

Organizations can get or update a continuous access evaluation policy to manage authentication sessions in real time.

Search

Teamwork

  • Get the date/time at which a Teams channel or team is created.

August 2020: New and generally available

Change notifications

Track changes of supported resources in the Microsoft Graph for US Government national cloud.

Cloud communications

Teamwork

  • Use an alternative way to create a team directly without first creating a group.
  • Use the members navigation property to add members to a team with increased reliability and lower latency.
  • Get the publishing status of a Microsoft Teams app through the publishingState property of the app definition. The possible status values are submitted, published, and rejected. See an example.
  • Use the AppCatalog.Submit delegated permission to allow a user to submit an app and request administrator review. Use the same permission for a user to cancel an app submitted in the past that has not been published.

August 2020: New in preview only

Applications

Support password-based single-sign-on in service principal application resources and specify such settings in the passwordSingleSignOnSettings property. For information about password-based single sign-on in Azure AD, see configure password-based single-sign-on.

Calendar

Enhance programmatic support for scenarios involving a recurring event:

  • Reliably identify any occurrence in a recurring series, including a modified or cancelled occurrence, by using the occurrenceId property.
  • Get any exceptions in a recurring series by using the exceptionOccurrences property.
  • Get any cancellations in a series using the cancelledOccurrences property.

Change notifications

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune August updates in beta.

Identity and access | Governance

  • Customize a terms of use agreement to support an agreement expiration date and cadence, require the user to accept the agreement per device, or to re-accept the agreement on a set frequency.
  • Use the file property to navigate to a custom agreement for terms of use. Do not use the files property.
  • Add, remove, and list internal or external sponsors who can approve requests from a connected organization to access a group, application, or SharePoint Online site. See entitlement management for more information.

Identity and access | Identity and sign-in

People and workplace intelligence | Profile

Add and manage the following additional properties in a user's profile, and that can be surfaced in shared, people experiences across Microsoft 365 and third-party apps:

Reports | Microsoft 365 usage reports

Get reports on Microsoft 365 apps usage, specifically on user detail, user counts, and platform user counts.

Teamwork

Get content hosted in a chat message, such as images or code snippets. See an example to get the content bytes of an image.

To-do tasks

July 2020: New and generally available

Calendar

GA of the feature that allows organizers to allow alternate meeting time proposals, and invitees to propose new times for a meeting when they tentatively accept or decline an event.

Change notifications

Removed the erroneously introduced sequenceNumber property from the changeNotification resource.

Groups

GA of the following properties for the group entity: assignedLabels, expirationDateTime, membershipRule, membershipRuleProcessingState, preferredLanguage, and theme.

Identity and access

  • Remove a user as a registered owner or user of a device.
  • Track changes to newly created, updated, or deleted local representation of applications (represented by servicePrincipals resources) and delegated permissions grants (represented by oAuth2PermissionGrant resources) without performing a full read of the entire resource collection.
  • GA of the policy to enforce security defaults that protect organizations against common attacks.

Identity and access | Identity and sign-in

Schema extensions

The schema extensions feature is now generally available in Microsoft Cloud for US Government.

Teamwork

Use the delegated permissions of TeamsAppInstallation.ReadForTeam or TeamsAppInstallation.ReadWriteForTeam, or application permissions of TeamsAppInstallation.ReadForTeam.All or TeamsAppInstallation.ReadWriteForTeam.All to list apps that are installed in a team.

July 2020: New in preview only

Cloud communications

  • Use the update operation to update the startDateTime, endDateTime, participants, or subject property of an online meeting.
  • Subscribe to notifications on changes to the availability of a user on Microsoft Teams, as represented by the presence resource.

Cloud communications | Call records

  • Get records of Public Switch Telephone Network (PSTN) calls.
  • Get records of direct routing calls.

Compliance | eDiscovery

Debut of eDiscovery cases that can contain custodians, holds, collections, review sets, and exports that can be used as evidence in legal cases. Apps can now query and cull review set data collected for use in a litigation, investigation, or regulatory request. This debut is part of Microsoft 365 Advanced eDiscovery.

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune July updates in beta.

Groups

Use the isAssignableToRole property of a Microsoft 365 group and set it during group creation to indicate whether the group can be assigned to an Azure AD role. This helps manage role assignments in Azure AD, such that instead of assigning individual users an Azure AD role, a privileged role admin or global admin can create a Microsoft 365 group and assign the group that role, so that when users join the group, they are assigned the intended role indirectly.

Identity and access

  • Acquire an access token to authorize the Azure AD provisioning service to provision users into an application.
  • Get or update entitlement management settings that control access to groups, applications, and SharePoint Online sites for users internal and external to your organization.

Identity and access | Identity and sign-in

People and workplace intelligence | Insights

Use more granular privacy control over the availability and display of item insights in Microsoft 365. These insights represent the relationships between a user and documents in OneDrive for Business, calculated using advanced analytics and machine learning techniques.

People and workplace intelligence | Profile card customization

Administrators can customize the properties exposed on the profile card for their organizations by using the API for profile card property.

Sites and lists

Access the SharePoint term store taxonomy, the hierarchy that consists of group, set, and term resources, and relation resources between terms.

Workbooks and charts

Get the status and any result of a long running operation in a workbook.

June 2020: New and generally available

Cloud communications | Online meeting

  • Use the Accept-Language HTTP header when creating an online meeting to provide locale-based join information.
  • Use createOrGet to return an online meeting that has a specified externalId value, or create one if none already exists, to streamline embedding the resultant meeting in a third-party calendar.

Files

  • Enhanced synchronization support:
    • Use the pendingOperations property to identify any operations that might update the binary content of a driveItem file, that are pending completion.
    • Restore a driveItem that has been deleted and is in the recycle bin on OneDrive Personal.
  • Get or set the orientation of a photo. Setting is supported on OneDrive Personal.
  • Use Secure Hash Algorithm (SHA-256) to enhance file data security and integrity.
  • Use the deferCommit parameter to defer final creation when uploading typically a large file to OneDrive for Business, until an app makes a request to complete the upload.
  • Use the fileSize property to provide as part of the item parameter an estimate, so to do a quota check prior to uploading a file on OneDrive Personal.
  • Find storagePlanInformation through the quota property of a drive resource to see if there are higher storage quota plans available.

Groups

Use application permissions Group.Read.All and Group.ReadWrite.All to get group conversation and conversation thread resources.

Identity and access

Security

  • Track the following as properties of an alert:
    • IDs of incidents related to the alert.
    • Identify a resource as attacked or as a related resource in the alert.
    • Specify the source and destination locations of a network connection related to the alert.

Sites and lists

Specify geolocation data in a column definition for a SharePoint list resource.

Teamwork

June 2020: New in preview only

Calendar

In addition to tracking incremental changes on events in a calendarView (collection or events delimited by start and end dates), use the delta function on events in a user mailbox, or events in a specific user calendar.

Cloud communications | Presence

Get the presence status of all the users in an organization, or a specific user in the organization.

Devices and apps | Cloud printing

Devices and apps | Corporate management

Intune June updates in beta.

Education

  • Can use delegated permissions EduRoster.ReadBasic to get the ID of a teacher or student in an external source program, as the externalId property.
  • Use the externalSource property to track the value lms if an education organization or class is created from a learning management system (LMS).

Identity and access

Search

  • Make use of enhancements on a property in a schema: isRefinable to enable filtering of search results and for a more refined control of the search experience, and aliases and labels for better relevance.
  • Be able to specify up to 128 property resources in a schema.
  • Use get externalItem for diagnostic purposes.

Users

May 2020: New and generally available

Calendar | Place

GA of the places API in v1.0 - use this API in production apps to get, update, or delete a room or room list in a tenant. Find out more about the places API.

Change notifications

  • Subscribe to change notifications in Microsoft Cloud for US Government.

Cloud communications | Call records

  • GA of the call records API - use the callRecord resource to get the metadata of calls and online meetings on Microsoft Teams and Skype.
  • Subscribe to change notifications for changes to all callRecord resources in an organization.
  • List sessions in a callRecord, and optionally expand each session to list segments in the call record.
  • Support for 60-GHz (frequency60GHz) and unknownFutureValue WiFi band values of a media endpoint in a segment.
  • Support for voice mail as a possible type of service-side end point in a communication segment.

Devices and apps | Corporate management

Intune May updates in v1.0.

Graph Explorer

Use the many new features of Graph Explorer that enhance learning and prototyping in the sandbox. For example:

  • View code snippets that correspond to the REST API query you entered, in C#, Java, JavaScript, and Objective C.
  • Signed in with a tenant, view and copy an access token to your favorite REST client application.

See New Graph Explorer is now GA for more details.

Groups

  • Synchronizing on-premises directory to Azure Active Directory via Azure AD Connect now returns the onPremisesDomainName, onPremisesNetBiosName and onPremisesSamAccountName properties as part of the group resource.
  • Subscribe to change notifications for group resources in Microsoft Cloud China operated by 21Vianet.

Identity and access

  • GA of the service principals API in v1.0 - use the servicePrincipal resource in production apps to programmatically manage instances of applications and control what an application can do within your tenant. You can control who can use an application, what resources the application has access to, such as adding password credentials, rolling expiring certificates, and managing delegated permission grants and application role assignments.
  • GA of the appRoleAssignment API, which records the assignment of an appRole (representing the roles claim in ID tokens and access tokens) to a user, group, or servicePrincipal.
  • Use Facebook as an identity provider on Azure Active Directory.
  • Use the delegated or application permission of AppRoleAssignment.ReadWrite.All to allow an app to manage grants for application permissions to any API (including Microsoft Graph) and application assignments for any app, respectively with or without the signed-in user.

Microsoft Graph SDKs

See new SDK guidance on the following:

Teamwork

Teamwork | Shifts

GA of the shifts API in v1.0 - use this API in production apps to create, update, and manage schedules of firstline workers, to let them stay in touch and collaborate effectively.

Users

  • Subscribe to change notifications for user resources in Microsoft Cloud China operated by 21Vianet.
  • Track the status and date/time of the last status change of an external user, who has been invited to join the organization, by using the externalUserState and externalUserStateChangeDateTime properties of the user resource.

May 2020: New in preview only

Change notifications

  • Use formally schematized types changeNotification and changeNotificationCollection to process resource change notifications.
  • Track if notifications are in sequence or if a notification is missing by using the sequenceNumber property on the changeNotification resource.

Devices and apps | Cloud printing

  • The printer and printerShare resources are now in parity and have the same properties as each other.
  • Some property and type name clean-up around printer shares:
    • Use the shared navigation property of print to get the list of printer shares registered in the tenant.
    • See details in the May changelog.

Devices and apps | Corporate management

Intune May updates in beta.

Groups

  • Evaluate whether a user or device is or would be a member of a dynamic group, using the existing rule for the group or a specified rule. Rule-based dynamic membership reduces administrative overhead of adding and removing members.
  • When creating a Microsoft 365 group, configure the behaviors of the group by specifying them in the resourceBehaviorOptions property. For example, allow members to post, subscribe new members to conversation, disable welcome email, and hide the group in Outlook experiences.
  • Specify the resources to provision in the resourceProvisioningOptions property that are normally not part of the default group creation. Currently supported is provisioning a group as a team with Microsoft Teams capabilities.

Identity and access

Teamwork

April 2020: New and generally available

Calendar

  • Share or delegate calendars programmatically, in closer parity with the Outlook user experience. In addition to tracking the current user's permissions and sharing status for a calendar:
    • For each calendar, you can now manage the permissions of each user with whom the calendar is shared.
    • For each mailbox, you can now specify whether a delegate, mailbox owner, or both receive meeting messages and meeting responses.
  • Create or update an event as an online meeting:
    • For each calendar, specify the allowed and the default online meeting providers.
    • Create or update an event to be available online, and provide details for attendees to join the meeting online.
    • In particular, use the new onlineMeetingProvider and onlineMeeting properties of event to set or identify Microsoft Teams as an online meeting provider, a workaround for a known issue with the onlineMeetingUrl property.
  • Add file attachments up to 150MB to an event.

Files

  • Check out or check in a file to OneDrive to manage updating the file and making updates available to others when the updates are ready.
  • Apply optional password and expiration date/time as parameters of the invite and create sharing link actions to share a driveItem.
  • Get or set password and expiration date/time of a permission, and track the identitySet of users granted the permission to share a driveItem.
  • Get the permission of a shared drive item by using the permission navigation property.
  • Limit users with a sharing link to only view and may not download the contents of a shareddriveItem on OneDrive for Business or SharePoint.

Identity and access

  • To manage roles and assign access to resources in role-based access control (RBAC) providers such as Microsoft Intune, use unifiedRoleAssignmentMultiple. The unifiedRoleAssignmentMultiple resource supports defining a single role over an array of scopes, and assigning the role to multiple principals (such as users).
  • Access specific types of policies for an organization using the /policies URL segment and specifying the policy type. For example, an organization can enforce a policy to automatically sign a user out from a web session after a period of inactivity; see CRUD operations for instances of activityBasedTimeoutPolicy. This is a breaking change to make it easier to discover all policies, by grouping all typed policies under the /policies segment. Access other typed policies in a similar approach: claimsMappingPolicy, homeRealmDiscoveryPolicy, tokenLifetimePolicy, and tokenIssuancePolicy.

Mail

Add file attachments up to 150MB to a message.

Sites and lists

  • List sites that the signed-in user has followed.
  • Identify the geographic region of a site collection by using the dataLocationCode property.
  • Identify the tenant of a file, folder, or other item on SharePoint by accessing the tenantId property that is part of the sharepointIds of a driveItem.

April 2020: New in preview only

Devices and apps | Cloud printing

Designate allowed users and groups to use specific printer shares on Universal Print, the Microsoft 365 cloud-based print infrastructure. To experience robust and centralized print management capabilities, and offer a simple yet rich and secure print experience for print users, see the Universal Print announcement and join their preview program.

Devices and apps | Corporate management

Intune April updates.

Groups

Identify the app that created a group by its app ID.

Identity and access

Reports | Identity and access reports

List relying parties configured in Active Directory Federation Services.

Reports | Microsoft 365 usage reports

View Meeting Created and Meeting Interacted data in CSV reports for email activity counts, email activity user counts, and email activity user detail.

March 2020: New and generally available

Cloud communications

  • Get the call routing and incoming context of a call.
  • Update the recording status of a call.
  • Specify recording information for a participant, including the initiator and status of the recording.
  • Uniquely identify participants in a conference or participant-to-participant call using the callChainId property.
  • Identify as part of participantInfo the country code and endpoint type (such as Skype for Business, or Skype for Business VOIP) of the participant.
  • Third-party video teleconferencing (VTC) device partners can log and provide media quality data for their video teleconferencing devices through a Cloud Video Interop (CVI) bot and using the logTeleconferenceDeviceQuality function. Media quality includes open-type data for audio, video, and screen-sharing.

Files

  • Remote items that are shared with a user, added to the user's OneDrive, or returned as a search result can contain metadata for an image or video.
  • Follow a driveItem for convenient access, or for faciliating actions such as move, copy, and save-as. Use unfollow to stop following the drive item.
  • Grant permissions to users to access a sharing link, in order to share the corresponding drive item.

Identity and access

  • Track changes for organizational contacts.
  • Use the riskEventTypes_v2 property to get the risk event types associated with a sign-in.
  • Use the User.ManageIdentities.All delegated permission to allow an app to read, update, or delete identities that are associated with a user's account, that the signed-in user has access to. Use that permission at the application-level without a signed-in user present. This allows the app to manage which identities a user can sign-in with.

Reports

Use Teams Service Administrator and Teams Communications Administrator as accepted user roles to allow apps to read Microsoft 365 service usage reports on behalf of a user, as forms of user-delegated authorization.

Sites

March 2020: New in preview only

Calendar

  • Use the calendarGroupId property to get the calendar group in which a calendar has been created.
  • Use the isDraft property to identify an event as a meeting that the user has updated in Outlook but has not sent to update attendees.

Cloud communications

  • Use createOrGet to get an online meeting instance by a custom external ID, and create one when none already exists.
  • Have the option to use the externalId property to identify an online meeting with the custom external ID.
  • Use the optional Accept-Language HTTP request header to create or get an instance of online meeting, so that the successful operation displays the content of the joinInformation property in the specified language and locale variant.

Devices and apps

Intune March updates.

Identity and access

  • Use the AuditLog.Read.All permission to list the sign-in activity of a user.
  • Use the PrivilegedAccess.Read.AzureResources application-level permission for Privileged Identity Management (PIM) of Azure resources, to set up just-in-time access workflow for Azure infrastructure roles at a management group, subscription, resource group, or resource level.
  • Use the identitySecurityDefaultsEnforcementPolicy entity to get or update pre-configured default security settings that protect organizations against common attacks.
  • Use an identity segment when calling the conditional access APIs. For example, to get a conditional access policy: GET https://graph.microsoft.com/beta/identity/conditionalAccess/policies/{id}.
  • Use the authenticationRequirement property to get the highest level of authentication that is needed through all the sign-in steps in order for sign-in to succeed.
  • Use pagination when listing provisioning events that occurred in your tenant.

Search

  • To add data in a file to search results, index the data simply as an externalItem. The externalFile type has been deprecated.
  • Update an item in the index, by specifically updating the plain-text representation of the item (represented by the content property), or the properties bag of the item (represented by the properties property). Updating any property in the properties bag overwrites the entire properties bag, so make sure to explicitly include all the properties of the item in the update.
  • Check for HTTP 429 and the Retry-After response header after calling the create, update, or delete operation of externalItem. Backing off requests using the Retry-After delay is the fastest way to recover from throttling.

Teamwork

Use the ChannelMessage.Read.All application-level permission to read chatMessage instances in channels without a signed-in user.

Universal Print

Debut of the Universal Print API which allows users to print on the web or from an app. The API lets IT administrators manage user and group access to printers in the Microsoft 365 cloud, remote printer sharing to maintain availability, monitor printer status, and report on archived print jobs and usage.

Note that as of March 2020, the Universal Print service is in private preview. See Announcing Universal Print: a cloud-based print solution for information regarding participation.

February 2020: New and generally available

Calendar

Walk through an example of creating an event in a shared or delegated calendar, and the actions and properties available to the delegate, invitees, and calendar owner during this process.

Identity and access

Users

Reprocess all group-based license assignments for a user.

February 2020: New in preview only

Calendar

See tasks supported by preview APIs that manage calendar sharing and delegation.

Cloud communications

  • Use the new call records resource to get metadata of calls and online meetings on Microsoft Teams and Skype for Business for an organization.
  • For a participant in a meeting, use the initiator property to get the identity information of the initiator of a recording, if there is one.

Devices and apps

Intune February updates.

Groups

Use the assignLicense method to assign licences for products, such as Microsoft 365 or Enterprise Mobility + Security, to a group. Since Azure AD ensures licences are assigned to members of the group, members joining or leaving a group no longer requires licence management at the individual level.

Identity and access

Teamwork

January 2020: New and generally available

Security

As part of customer alert management, use the update alert method and update the comments field as either Closed in IPC or Closed in MCAS.

Teamwork

Use the primaryChannel navigation property of a team to access its default channel, General.

Users

Use the identities property to access one or more identities that a user can use to sign in to an Azure AD user account. The identities can be provided by Microsoft, organizations, or social identity providers such as Facebook, Google, or Microsoft. This property allows the user to sign in to the user account with any of these identities.

January 2020: New in preview

Devices and apps

Intune January updates.

December 2019: New and generally available

Cloud communications

The cloud communications API has GA'd and APIs for call and onlineMeeting are available in v1.0.

Education

Use the classSettings property to manage class-specific settings, such as enabling the sending of weekly assignment digests. This property is available on the team resource when the team represents an education class.

Identity and access

Attempting to get container objects with limited permissions returns partial data. An example is a group instance that's associated with a user, another group, and a device. An app having only the permissions User.Read.All and Group.Read.All and attempting to access this group instance would get the user and group objects, but limited data for the device object (only data type and object ID and not property values).

People and workplace intelligence

The insights API has GA'd. Use the API in production apps to identify the most relevant documents that are:

Reports

To get Microsoft 365 usage reports using permissions delegated by a user, administrators must have assigned the user an Azure AD limited administrator role. This can be one of the following roles: company administrator, Exchange administrator, SharePoint administrator, Lync administrator, global reader, or reports reader. See Authorization for APIs to read Microsoft 365 usage reports for details.

Toolkit

Microsoft Graph Toolkit v1.1 has released. For a list of enhancements and bug fixes, see the December 2019 section of the changelog.

December 2019: New in preview

Cloud communications

  • Use the new presence resource to get information about the availability and current activity of one or more users.
  • Delete an instance of an onlineMeeting.
  • See the December 2019 section of the changelog for the renaming and removal of a few members of the call and onlineMeeting resources, to be in parity with the v1 version of these resources.

Devices and apps

Intune December updates

Identity and access

Teamwork

November 2019: New and generally available

Groups

  • Use delegated or application permissions, GroupMember.Read.All and GroupMember.ReadWrite.All, to list groups, read basic group properties, read (and update if read/write permission) the membership of the groups the app has access to.
  • Use the application permission, Group.Create, to create groups without a signed-in user.
  • For a specified group, check for membership in other groups or directory roles.

Identity and access

  • Register applications that authenticate with Azure Active Directory (Azure AD). Use delegated permissions, Application.Read.All and Application.ReadWrite.All, or application permission, Application.Read.All, as appropriate.
  • For a specified device, check for membership in other groups or directory roles.

Mail

  • Use the conversationIndex property to get the position of a message in an Outlook email conversation.
  • Use the delegated permission, Mail.ReadBasic, and application permission, Mail.ReadBasic.All, to get message or mail folder resources, track their changes, and manage subscriptions for change notifications on messages.

Users

  • Check for group memberships for a specified user.
  • Use the creationType property to find how a user account was created, for example, whether the account was created as a regular school or work account or as an external account, etc.

November 2019: New in preview

Calendar

Cloud communication

The call resource type supports the following additional features:

Devices and apps

Intune November updates

Education

Administrators can enable class-wide settings through the classSettings property of the team associated with the class. Currently, there is a setting to notify guardians about weekly assignments.

Identity and access

  • Use the application permission, Policy.Read.All, to read all your organization's conditional access policies and named locations, without a signed-in user present.
  • Allow a conditional access policy to be in a report-only state, enabledForReportingButNotEnforced.
  • Use the delegated permission, ThreatAssessment.ReadWrite.All, or application permission, ThreatAssessment.Read.All, to read (or create, if read/write permission) requests to assess threats in an organization.

Mail

Use the delegated permission, Mail.ReadBasic, and application permission, Mail.ReadBasic.All, to manage subscriptions for change notifications on the message resource.

Notifications

Use the new light-weight notifications web SDK in place of the Project Rome SDK, to take advantage of an improved authentication model and support for web apps using web push.

People and workplace intelligence

Debut of the profile resource which is a rich representation of the next generation of people entities in Microsoft services. This resource relates to common and practical people attributes, including information for any meaningful dates such as anniversaries, education, employment positions, interests, language and skill proficiencies, project participation, web site association, and other account and contact information.

Search

Debut of the Microsoft Search API which allows app users to get more up-to-date, personalized, and relevant search results powered by Microsoft Graph. Use the query capability that by default, searches Outlook messages and events, and OneDrive and SharePoint files in the Microsoft cloud. Use connectors, available in the Microsoft Graph connectors gallery, to include search data outside of the Microsoft cloud. Alternatively, build your own connectors, index external custom items and files, and query specific external data sources.

Teamwork

Get the file resources associated with a team and channel by using the following HTTP request syntax:

GET /teams/{teamId}/channels/{channelId}/filesFolder

Users

Use the creationType property to find how a user account was created, for example, whether the account was created as a regular school or work account or as an external account, etc.

October 2019: New and generally available

Identity and access

Mail

Use the new message parameter to update any writeable message properties when replying to a message, for example, adding a recipient to the reply.

Microsoft Graph data connect

Developers and data scientists can now use tools to translate Office 365 data into Common Data Model format, making it schematically consistent with other Open Data Initiative (ODI)-ready datasets.

Microsoft Graph SDKs

  • Use chaos handlers in the JavaScript SDK to verify if an app is resilient to server failures that are tricky to initiate.
  • Read about making API calls using the SDKs.

Users

October 2019: New in preview

Calendar

  • Meeting organizers can allow invitees to propose alternate meeting times. When receiving a meeting response that includes a proposed alternate time, the organizer can decide to accept the proposal and update the meeting time.
  • Programmatic calendar sharing is in closer parity with the Outlook user experience. In addition to tracking the current user's permissions and sharing status for a calendar:
    • For each calendar, you can now manage the permissions of each user with whom the calendar is shared.
    • For each mailbox, you can now specify whether a delegate, mailbox owner, or both receive meeting messages and meeting responses.
  • Additional online meeting support:
    • For each calendar, specify the allowed and the default online meeting providers.
    • Create or update an event to be available online, and provide details for attendees to join the meeting online.
    • In particular, use the new onlineMeetingProvider and onlineMeeting properties of event to set or identify Microsoft Teams as an online meeting provider, a workaround for a known issue with the onlineMeetingUrl property.

Devices and apps

Intune October updates

Graph Explorer

Try the next version of Graph Explorer and see handy contextual information such as permissions, access tokens, and SDK code snippets in the new Permissions, Auth, and Snippets tabs. Use the Preview slider to switch between the production and new preview version of Graph Explorer.

Groups

  • Use the hideFromAddressLists and hideFromOutlookClients properties to control the visibility of a group in certain parts of the Outlook user interface or in an Outlook client.
  • Assign or remove licenses on users in a group.

Identity and access

Mail

Attach large files up to 150MB to a message instance, by creating an upload session, and iteratively uploading ranges of the file until all the bytes of the file have been uploaded.

Microsoft Graph Security API

  • Preview integration with RSA NetWitness, ServiceNow, and Splunk, to correlate and synchronize alerts, and improve threat protection and response.
  • New triggers added to the Microsoft Graph security connector and playbooks for Logic Apps and Flow. See playbook examples.
  • Support for sending threat indicators to Microsoft Defender for Endpoint to block or alert on threats using their own intelligence sources. Integrations with partners like ThreatConnect enable customers to send indicators directly from threat intelligence and automation solutions.

Notifications

  • Create and send notifications to all app clients on all device endpoints that a user is signed in to, without having to manage user-delegated permissions.
  • Use target policy endpoints on user notifications to specifically target notifications for the Windows, iOS, Android, or WebPush platform.
  • Specify a fall back policy on notifications for iOS endpoints, to send high-priority raw notifications that might not be delivered to devices otherwise due to platform specific restrictions, such as battery saver mode.

 

PowerShell SDK

Developers and IT professionals can note the coming of the Microsoft Graph Powershell SDK, which will generate modules that contain cmdlets to make Microsoft Graph REST API requests.

September 2019: New and generally available

Calendar, mail, and group

Get the raw content of a file, or the MIME content of an item that has been added as an attachment to an event, message, or group post.

Calendar, mail, Outlook task, personal contact

Use the translateExchangeId function to convert an Outlook item ID between supported formats, including the Microsoft Graph default ID format and immutable ID format.

The following resources support ID format conversion:

Mail

Get the MIME content of a message.

Microsoft Graph Toolkit

Use the Microsoft Graph Toolkit to develop production apps that offer a consistent Microsoft 365 look-and-feel, and save time in authenticating and accessing data from Microsoft Graph.

September 2019: New in preview

Important

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

Intune September updates

Files

  • Enhanced synchronization support:

    • Use the new pendingOperations property to identify operations that may affect the binary content of a driveItem.
    • Restore a deleted driveItem.

  • Use Secure Hash Algorithm (SHA-256) to enhance file data security and integrity.

  • Get or set the orientation of a photo. Setting is supported on OneDrive Personal.

Identity and access

  • Use the new identities property and get the identities that a user can use to sign in to an account. Identities can be provided by organizations, or social identity providers such as Facebook, Google, and Microsoft.

  • Incremental enhancements for synchronizing identities in a cloud application for a tenant:

Teamwork

Use the General channel of a team, or customize member settings to let team members create private channels in the team.

Users

  • Get or update the identities with which a user can sign in to an account. These identities can be provided by business organizations, or by social identity providers such as Facebook, Google, and Microsoft.
  • Get or update a user's preferred date and time format settings for the mailbox.

August 2019: New and generally available

Reports

Security

August 2019: New in preview

Important

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

Intune August updates

Education

  • Associate a teacher or assignment with a grading rubric to account for specific qualities and levels in assignments. An example of a quality is spelling and grammar, and examples of levels are "good" and "poor". You can further associate points and weights to the rubric. For more information, see education rubric overview.
  • Evaluate an assignment and present the results in terms of feedback, a numeric grade, or rubric.

Files

Up till this point, you have been able to follow a driveItem for convenient access, or for faciliating actions such as move, copy, and save-as. You can now use the unfollow action to stop following such drive items.

Identity and access

  • Providers of role-based access control (RBAC) can manage roles in Azure Active Directory, by defining role actions that can be performed on specific resources, and assigning roles to users based on such role definitions, giving them the corresponding access to those resources.
  • Administrators can list access reviews to efficiently facilitate reviewing group memberships, access to enterprise applications, and role assignments. Regular access reviews make sure only the appropriate people have continued access to resources in specific ways.

Social and workplace intelligence

End users have been able to use the Microsoft 365 MyAnalytics app to get insights on managing time, collaboration at work, and work-life balance. Now, you can use the analytics API to integrate data on time spent on work activities such as calls, chats, and email, to help improve a user's productivity and wellbeing.

July 2019: New and generally available

Example code snippets

There are now Objective-C code snippets in all API topics in the v1.0 and beta references. See the Objective-C example for getting an event.

Group

  • Use the validateProperties function to make sure the display name or mail nickname of an existing Microsoft 365 group complies with naming policies.
  • Alternatively, before creating the group, you can use the validateProperties function for a directoryObject to validate the names first.

Identity and access

July 2019: New in preview

Important

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Calendar

Use the new places API to make use of rich location types such as room and room list, as set up by Exchange Online administrators.

Devices and apps

Intune July updates

Files

Apply expiration date/time or password when creating a sharing link to a file, folder, or some other driveItem.

Identity and access

Mail

Use more granular application permission, Mail.ReadBasic.All, to read a user's mailbox except for any message body, preview body, attachments, and extended properties, and except for searching the mailbox. Now applicable to mailFolder and change tracking for message and mailFolder.

Reports

Teamwork

May - June, 2019: New and generally available

Calendar, mail, and personal contacts

Exchange administrators can grant application permissions to an app and limit the app to access only a subset of mailboxes, instead of the default which is access to all mailboxes in the organization. Such restricted access would apply to any application permissions granted to the app for calendars, contacts, and mail and mailbox settings. See related blog announcement.

Mail

Use mail search folders API to search messages and access Outlook email search results. See related blog announcement.

Postman

As an alternative to Graph Explorer, try the Microsoft Graph API on the Microsoft Graph Postman collection to learn the API behavior and speed up app development.

Tutorials

Try the new tutorial to build a Java console app to get information about a user calendar.

User

Administrators or users can revoke all issued refresh tokens for a user. This is usually used to prevent apps on a lost or stolen device from accessing an organization's data.

May - June, 2019: New in preview

Important

Features, including APIs and tools, in preview status may change without notice, and some may never be promoted to GA status. Do not use them in production apps.

Devices and apps

  • Intune May updates
  • Intune June updates

Education

Group

Get sensitivity labels to help protect sensitive data of a Microsoft 365 group and meet compliance policies. These labels are assignedLabel objects, published by administrators in Microsoft 365 Security & Compliance Center, as part of Microsoft Purview Information Protection capabilities.

Identity and access

  • Get an instance of an application, or add an instance from the Azure AD application gallery into your directory as a template.
  • Get a log of all directory provisioning events in a tenant.
  • Get information about detected user or sign-in risks in an Azure AD environment. This risk detection functionality is part of Azure AD Identity Protection.

Mail

Use more granular delegated permission, Mail.ReadBasic, to read a user's mailbox except for any message body, preview body, attachments, and extended properties, and except for searching the mailbox. Available to read methods of mailFolder, and change tracking for message and mailFolder.

Microsoft Graph toolkit

The Microsoft Graph toolkit is a set of framework-agnostic web components and helpers that provides convenience to authenticate and access data in Microsoft Graph. Because the Microsoft Graph toolkit is in preview status, use toolkit providers and components in only non-production apps.

Reports

Sites

Let users follow or unfollow SharePoint sites.

Teamwork

January - April, 2019: New and generally available

Microsoft Graph data connect

Calendar

Get free-busy schedule

Identity and access

Identity providers Improved auth guides Migrating apps from Azure AD Graph to Microsoft Graph

SDKs

SDK guides API snippets (example)

Security

Tenant secure score

January - April, 2019: New in preview

Calendar, group, mail, to-do tasks

Get raw/MIME content of file or item attachments in an event, message, Outlook task, or group post

Change notifications

Reduce missing change notifications

Devices and apps

Files

Sharing invitation includes expiration and password

Financials

Dynamics 365 Business Central

Identity and access

Access reviews support application permissions Audit and sign-in logs Custom sign-in and sign-up in Azure AD B2C Risky user and history

Mail

Get MIME content of messages

Reports

Application sign-in reports

Security

Security actions Threat indicators

Teamwork

1:1 chats Shifts management

See also