diff --git a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/index.json b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/index.json index 8599516..ea404d1 100644 --- a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/index.json +++ b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/index.json @@ -10,16 +10,16 @@ "$ref": "types.json#/95" }, "Microsoft.Graph/applications/federatedIdentityCredentials@beta": { - "$ref": "types.json#/100" + "$ref": "types.json#/101" }, "Microsoft.Graph/oauth2PermissionGrants@beta": { - "$ref": "types.json#/104" + "$ref": "types.json#/105" }, "Microsoft.Graph/appRoleAssignedTo@beta": { - "$ref": "types.json#/108" + "$ref": "types.json#/109" }, "Microsoft.Graph/users@beta": { - "$ref": "types.json#/113" + "$ref": "types.json#/114" } }, "resourceFunctions": {}, @@ -28,7 +28,7 @@ "version": "0.1.10-preview", "isSingleton": false, "configurationType": { - "$ref": "types.json#/114" + "$ref": "types.json#/115" } } } \ No newline at end of file diff --git a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.json b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.json index c8a1c0e..1a53a53 100644 --- a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.json +++ b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.json @@ -33,7 +33,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Describes a classification for the group (such as low, medium or high business impact)" + "description": "Describes a classification for the group (such as low, medium or high business impact)." }, "cloudLicensing": { "type": { @@ -47,7 +47,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "App ID of the app used to create the group. Can be null for some groups. Read-only" + "description": "App ID of the app used to create the group. Can be null for some groups. Read-only." }, "createdDateTime": { "type": { @@ -61,14 +61,14 @@ "$ref": "#/0" }, "flags": 0, - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The display name for the group. Required. Maximum length is 256 characters" + "description": "The display name for the group. Required. Maximum length is 256 characters." }, "expirationDateTime": { "type": { @@ -82,21 +82,21 @@ "$ref": "#/5" }, "flags": 0, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "infoCatalogs": { "type": { "$ref": "#/6" }, "flags": 0, - "description": "Identifies the info segments assigned to the group" + "description": "Identifies the info segments assigned to the group." }, "isAssignableToRole": { "type": { "$ref": "#/7" }, "flags": 0, - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": { @@ -110,35 +110,35 @@ "$ref": "#/0" }, "flags": 2, - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only" + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only." }, "mailEnabled": { "type": { "$ref": "#/7" }, "flags": 1, - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE." }, "membershipRule": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": { @@ -152,7 +152,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only" + "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only." }, "onPremisesNetBiosName": { "type": { @@ -166,7 +166,7 @@ "$ref": "#/9" }, "flags": 2, - "description": "Errors when using Microsoft synchronization product during provisioning" + "description": "Errors when using Microsoft synchronization product during provisioning." }, "onPremisesSamAccountName": { "type": { @@ -180,14 +180,14 @@ "$ref": "#/0" }, "flags": 2, - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only" + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only." }, "onPremisesSyncEnabled": { "type": { "$ref": "#/7" }, "flags": 2, - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only" + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only." }, "organizationId": { "type": { @@ -200,21 +200,21 @@ "$ref": "#/0" }, "flags": 0, - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable." }, "preferredLanguage": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": { "$ref": "#/10" }, "flags": 2, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable" + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable." }, "renewedDateTime": { "type": { @@ -235,21 +235,21 @@ "$ref": "#/12" }, "flags": 0, - "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options" + "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options." }, "securityEnabled": { "type": { "$ref": "#/7" }, "flags": 1, - "description": "Specifies whether the group is a security group" + "description": "Specifies whether the group is a security group." }, "securityIdentifier": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "Security identifier of the group, used in Windows scenarios. Read-only" + "description": "Security identifier of the group, used in Windows scenarios. Read-only." }, "serviceProvisioningErrors": { "type": { @@ -263,14 +263,14 @@ "$ref": "#/0" }, "flags": 0, - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red." }, "uniqueName": { "type": { "$ref": "#/0" }, "flags": 25, - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable" + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable." }, "visibility": { "type": { @@ -291,14 +291,14 @@ "$ref": "#/16" }, "flags": 0, - "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "type": { "$ref": "#/16" }, "flags": 0, - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." }, "deletedDateTime": { "type": { @@ -357,7 +357,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": { @@ -434,7 +434,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default" + "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default." }, "isEnabled": { "type": { @@ -540,7 +540,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key" + "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key." }, "appRoles": { "type": { @@ -568,7 +568,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only" + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only." }, "defaultRedirectUri": { "type": { @@ -582,21 +582,21 @@ "$ref": "#/0" }, "flags": 0, - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": { @@ -610,14 +610,14 @@ "$ref": "#/39" }, "flags": 0, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api:/, or specify a more readable URI like https:/contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api:/, or specify a more readable URI like https:/contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "type": { "$ref": "#/40" }, "flags": 0, - "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": { @@ -638,7 +638,7 @@ "$ref": "#/42" }, "flags": 0, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": { @@ -694,7 +694,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The verified publisher domain for the application. Read-only" + "description": "The verified publisher domain for the application. Read-only." }, "requestSignatureVerification": { "type": { @@ -708,7 +708,7 @@ "$ref": "#/64" }, "flags": 0, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": { @@ -736,7 +736,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first." }, "spa": { "type": { @@ -750,7 +750,7 @@ "$ref": "#/68" }, "flags": 0, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": { @@ -764,7 +764,7 @@ "$ref": "#/0" }, "flags": 25, - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable" + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable." }, "verifiedPublisher": { "type": { @@ -787,6 +787,13 @@ "flags": 0, "description": "Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store." }, + "owners": { + "type": { + "$ref": "#/16" + }, + "flags": 0, + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable." + }, "deletedDateTime": { "type": { "$ref": "#/0" @@ -996,7 +1003,7 @@ "$ref": "#/7" }, "flags": 0, - "description": "When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed." + "description": "When you create or updating an app role, this value must be true. To delete a role, this must first be set to false. At that point, in a subsequent call, this role might be removed. Default value is true." }, "origin": { "type": { @@ -1010,7 +1017,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .." + "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z, and a-z. Any other character, including the space character, aren't allowed. May not begin with .." } } }, @@ -1083,7 +1090,7 @@ "$ref": "#/7" }, "flags": 0, - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": { @@ -1116,28 +1123,28 @@ "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's marketing page. For example, https:/www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https:/www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's privacy statement. For example, https:/www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https:/www.contoso.com/app/privacy." }, "supportUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's support page. For example, https:/www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https:/www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's terms of service statement. For example, https:/www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https:/www.contoso.com/app/termsofservice." } } }, @@ -1760,7 +1767,7 @@ "$ref": "#/7" }, "flags": 0, - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": { @@ -1774,7 +1781,7 @@ "$ref": "#/85" }, "flags": 0, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": { @@ -1795,7 +1802,7 @@ "$ref": "#/0" }, "flags": 17, - "description": "The unique identifier for the associated application (its appId property). Alternate key" + "description": "The unique identifier for the associated application (its appId property). Alternate key." }, "applicationTemplateId": { "type": { @@ -1809,14 +1816,14 @@ "$ref": "#/26" }, "flags": 2, - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications" + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications." }, "appRoleAssignmentRequired": { "type": { "$ref": "#/7" }, "flags": 0, - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": { @@ -1830,21 +1837,21 @@ "$ref": "#/0" }, "flags": 0, - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": { @@ -1858,14 +1865,14 @@ "$ref": "#/40" }, "flags": 0, - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": { "$ref": "#/87" }, "flags": 0, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": { @@ -1963,7 +1970,7 @@ "$ref": "#/93" }, "flags": 0, - "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": { @@ -1984,7 +1991,7 @@ "$ref": "#/94" }, "flags": 0, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": { @@ -2000,6 +2007,13 @@ "flags": 0, "description": "Specifies the verified publisher of the application that's linked to this service principal." }, + "owners": { + "type": { + "$ref": "#/16" + }, + "flags": 0, + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." + }, "deletedDateTime": { "type": { "$ref": "#/0" @@ -2052,14 +2066,14 @@ "$ref": "#/0" }, "flags": 0, - "description": "Key." + "description": "Contains the name of the field that a value is associated with." }, "value": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Value." + "description": "Contains the corresponding value for the specified key." } } }, @@ -2184,6 +2198,13 @@ "flags": 1, "description": "The audience that can appear in the external token. This field is mandatory and should be set to api:/AzureADTokenExchange for Microsoft Entra ID. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Microsoft Entra ID in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required." }, + "claimsMatchingExpression": { + "type": { + "$ref": "#/100" + }, + "flags": 0, + "description": "Nullable. Defaults to null if not set. Enables the use of claims matching expressions against specified claims. If claimsMatchingExpression is defined, subject must be null. For the list of supported expression syntax and claims, visit the Flexible FIC reference." + }, "description": { "type": { "$ref": "#/0" @@ -2203,14 +2224,14 @@ "$ref": "#/0" }, "flags": 17, - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable" + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable." }, "subject": { "type": { "$ref": "#/0" }, - "flags": 1, - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters" + "flags": 0, + "description": "Nullable. Defaults to null if not set. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters. If subject is defined, claimsMatchingExpression must be null." }, "id": { "type": { @@ -2227,6 +2248,26 @@ "$ref": "#/0" } }, + { + "$type": "ObjectType", + "name": "MicrosoftGraphFederatedIdentityExpression", + "properties": { + "languageVersion": { + "type": { + "$ref": "#/33" + }, + "flags": 0, + "description": "Indicated the language version to be used. Should always be set to 1. Required." + }, + "value": { + "type": { + "$ref": "#/0" + }, + "flags": 0, + "description": "Indicates the configured expression. Required." + } + } + }, { "$type": "ResourceType", "name": "Microsoft.Graph/applications/federatedIdentityCredentials@beta", @@ -2250,14 +2291,14 @@ "properties": { "type": { "type": { - "$ref": "#/101" + "$ref": "#/102" }, "flags": 10, "description": "The resource type" }, "apiVersion": { "type": { - "$ref": "#/102" + "$ref": "#/103" }, "flags": 10, "description": "The resource api version" @@ -2267,28 +2308,28 @@ "$ref": "#/0" }, "flags": 1, - "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": { @@ -2311,7 +2352,7 @@ "name": "Microsoft.Graph/oauth2PermissionGrants@beta", "scopeType": 0, "body": { - "$ref": "#/103" + "$ref": "#/104" }, "flags": 0 }, @@ -2329,14 +2370,14 @@ "properties": { "type": { "type": { - "$ref": "#/105" + "$ref": "#/106" }, "flags": 10, "description": "The resource type" }, "apiVersion": { "type": { - "$ref": "#/106" + "$ref": "#/107" }, "flags": 10, "description": "The resource api version" @@ -2360,7 +2401,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only" + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only." }, "principalId": { "type": { @@ -2388,7 +2429,14 @@ "$ref": "#/26" }, "flags": 1, - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." + }, + "deletedDateTime": { + "type": { + "$ref": "#/0" + }, + "flags": 2, + "description": "Date and time when this object was deleted. Always null when the object hasn't been deleted." }, "id": { "type": { @@ -2404,7 +2452,7 @@ "name": "Microsoft.Graph/appRoleAssignedTo@beta", "scopeType": 0, "body": { - "$ref": "#/107" + "$ref": "#/108" }, "flags": 0 }, @@ -2422,87 +2470,87 @@ "properties": { "type": { "type": { - "$ref": "#/109" + "$ref": "#/110" }, "flags": 10, "description": "The resource type" }, "apiVersion": { "type": { - "$ref": "#/110" + "$ref": "#/111" }, "flags": 10, "description": "The resource api version" }, "businessPhones": { "type": { - "$ref": "#/112" + "$ref": "#/113" }, "flags": 2, - "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory" + "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory." }, "officeLocation": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The office location in the user's place of business. Maximum length is 128 characters" + "description": "The office location in the user's place of business. Maximum length is 128 characters." }, "preferredLanguage": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": { "$ref": "#/0" }, "flags": 25, - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies" + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies." }, "deletedDateTime": { "type": { @@ -2531,7 +2579,7 @@ "name": "Microsoft.Graph/users@beta", "scopeType": 0, "body": { - "$ref": "#/111" + "$ref": "#/112" }, "flags": 1 }, diff --git a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.md b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.md index 76a63ff..76f7aff 100644 --- a/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.md +++ b/generated/microsoftgraph/microsoft.graph/beta/0.1.10-preview/types.md @@ -5,42 +5,43 @@ ### Properties * **api**: [MicrosoftGraphApiApplication](#microsoftgraphapiapplication): Specifies settings for an application that implements a web API. * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version -* **appId**: string (ReadOnly): The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key +* **appId**: string (ReadOnly): The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key. * **appRoles**: [MicrosoftGraphAppRole](#microsoftgraphapprole)[]: The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable. * **authenticationBehaviors**: [MicrosoftGraphAuthenticationBehaviors](#microsoftgraphauthenticationbehaviors): The collection of breaking change behaviors related to token issuance that are configured for the application. Authentication behaviors are unset by default (null) and must be explicitly enabled or disabled. Nullable. For more information about authentication behaviors, see Manage application authenticationBehaviors to avoid unverified use of email claims for user identification or authorization. * **certification**: [MicrosoftGraphCertification](#microsoftgraphcertification) (ReadOnly): Specifies the certification status of the application. -* **createdDateTime**: string (ReadOnly): The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only +* **createdDateTime**: string (ReadOnly): The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **defaultRedirectUri**: string: The default redirect URI. If specified and there's no explicit redirect URI in the sign-in request for SAML and OIDC flows, Microsoft Entra ID sends the token to this redirect URI. Microsoft Entra ID also sends the token to this default URI in SAML IdP-initiated single sign-on. The value must match one of the configured redirect URIs for the application. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters -* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement) -* **displayName**: string (Required): The display name for the application. Maximum length is 256 characters +* **description**: string: Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters. +* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement). +* **displayName**: string (Required): The display name for the application. Maximum length is 256 characters. * **groupMembershipClaims**: string: Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. To set this attribute, use one of the following string values: None, SecurityGroup (for security groups and Microsoft Entra roles), All (this gets all security groups, distribution groups, and Microsoft Entra directory roles that the signed-in user is a member of). * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **identifierUris**: string[]: Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable -* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps +* **identifierUris**: string[]: Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable. +* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps. * **isDeviceOnlyAuthSupported**: bool: Specifies whether this application supports device authentication without a user. The default is false. * **isFallbackPublicClient**: bool: Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as a web app. There are certain scenarios where Microsoft Entra ID can't determine the client application type. For example, the ROPC flow where the application is configured without specifying a redirect URI. In those cases Microsoft Entra ID interprets the application type based on the value of this property. -* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the application. Not nullable +* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the application. Not nullable. * **logo**: string: The main logo for the application. Not nullable. * **nativeAuthenticationApisEnabled**: 'all' | 'none' | string: Specifies whether the Native Authentication APIs are enabled for the application. The possible values are: noneand all. Default is none. For more information, see Native Authentication. * **notes**: string: Notes relevant for the management of the application. * **optionalClaims**: [MicrosoftGraphOptionalClaims](#microsoftgraphoptionalclaims): Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app. +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable. * **parentalControlSettings**: [MicrosoftGraphParentalControlSettings](#microsoftgraphparentalcontrolsettings): Specifies parental control settings for an application. * **passwordCredentials**: [MicrosoftGraphPasswordCredential](#microsoftgraphpasswordcredential)[]: The collection of password credentials associated with the application. Not nullable. * **publicClient**: [MicrosoftGraphPublicClientApplication](#microsoftgraphpublicclientapplication): Specifies settings for installed clients such as desktop or mobile devices. -* **publisherDomain**: string (ReadOnly): The verified publisher domain for the application. Read-only +* **publisherDomain**: string (ReadOnly): The verified publisher domain for the application. Read-only. * **requestSignatureVerification**: [MicrosoftGraphRequestSignatureVerification](#microsoftgraphrequestsignatureverification): Specifies whether this application requires Microsoft Entra ID to verify the signed authentication requests. -* **requiredResourceAccess**: [MicrosoftGraphRequiredResourceAccess](#microsoftgraphrequiredresourceaccess)[]: Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable +* **requiredResourceAccess**: [MicrosoftGraphRequiredResourceAccess](#microsoftgraphrequiredresourceaccess)[]: Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable. * **samlMetadataUrl**: string: The URL where the service exposes SAML metadata for federation. This property is valid only for single-tenant applications. Nullable. * **serviceManagementReference**: string: References application or service contact information from a Service or Asset Management database. Nullable. * **servicePrincipalLockConfiguration**: [MicrosoftGraphServicePrincipalLockConfiguration](#microsoftgraphserviceprincipallockconfiguration): Specifies whether sensitive properties of a multitenant application should be locked for editing after the application is provisioned in a tenant. Nullable. null by default. -* **signInAudience**: string: Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first +* **signInAudience**: string: Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first. * **spa**: [MicrosoftGraphSpaApplication](#microsoftgraphspaapplication): Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. -* **tags**: string[]: Custom strings that can be used to categorize and identify the application. Not nullable +* **tags**: string[]: Custom strings that can be used to categorize and identify the application. Not nullable. * **tokenEncryptionKeyId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"}: Specifies the keyId of a public key from the keyCredentials collection. When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. * **type**: 'Microsoft.Graph/applications' (ReadOnly, DeployTimeConstant): The resource type -* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to an application and used as an alternate key. Immutable +* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to an application and used as an alternate key. Immutable. * **verifiedPublisher**: [MicrosoftGraphVerifiedPublisher](#microsoftgraphverifiedpublisher): Specifies the verified publisher of the application. For more information about how publisher verification helps support application security, trustworthiness, and compliance, see Publisher verification. * **web**: [MicrosoftGraphWebApplication](#microsoftgraphwebapplication): Specifies settings for a web application. * **windows**: [MicrosoftGraphWindowsApplication](#microsoftgraphwindowsapplication): Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store. @@ -50,11 +51,12 @@ ### Properties * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version * **audiences**: string[] (Required): The audience that can appear in the external token. This field is mandatory and should be set to api://AzureADTokenExchange for Microsoft Entra ID. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Microsoft Entra ID in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required. +* **claimsMatchingExpression**: [MicrosoftGraphFederatedIdentityExpression](#microsoftgraphfederatedidentityexpression): Nullable. Defaults to null if not set. Enables the use of claims matching expressions against specified claims. If claimsMatchingExpression is defined, subject must be null. For the list of supported expression syntax and claims, visit the Flexible FIC reference. * **description**: string: The un-validated, user-provided description of the federated identity credential. It has a limit of 600 characters. Optional. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. * **issuer**: string (Required): The URL of the external identity provider and must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique on the app. It has a limit of 600 characters. Required. -* **name**: string (Required, Identifier): The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable -* **subject**: string (Required): Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters +* **name**: string (Required, Identifier): The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable. +* **subject**: string: Nullable. Defaults to null if not set. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters. If subject is defined, claimsMatchingExpression must be null. * **type**: 'Microsoft.Graph/applications/federatedIdentityCredentials' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/appRoleAssignedTo@beta @@ -63,58 +65,59 @@ * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version * **appRoleId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The identifier (id) for the app role that is assigned to the principal. This app role must be exposed in the appRoles property on the resource application's service principal (resourceId). If the resource application hasn't declared any app roles, a default app role ID of 00000000-0000-0000-0000-000000000000 can be specified to signal that the principal is assigned to the resource app without any specific app roles. Required on create. * **creationTimestamp**: string (ReadOnly): The time when the app role assignment was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. +* **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **principalDisplayName**: string (ReadOnly): The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only +* **principalDisplayName**: string (ReadOnly): The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only. * **principalId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the user, security group, or service principal being granted the app role. Security groups with dynamic memberships are supported. Required on create. * **principalType**: string (ReadOnly): The type of the assigned principal. This can either be User, Group, or ServicePrincipal. Read-only. * **resourceDisplayName**: string: The display name of the resource app's service principal to which the assignment is made. Maximum length is 256 characters. -* **resourceId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the resource service principal for which the assignment is made. Required on create +* **resourceId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the resource service principal for which the assignment is made. Required on create. * **type**: 'Microsoft.Graph/appRoleAssignedTo' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/groups@beta * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version -* **classification**: string: Describes a classification for the group (such as low, medium or high business impact) +* **classification**: string: Describes a classification for the group (such as low, medium or high business impact). * **cloudLicensing**: any: The relationships of a group to cloud licensing resources. -* **createdByAppId**: string (ReadOnly): App ID of the app used to create the group. Can be null for some groups. Read-only +* **createdByAppId**: string (ReadOnly): App ID of the app used to create the group. Can be null for some groups. Read-only. * **createdDateTime**: string (ReadOnly): Timestamp of when the group was created. The value can't be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: An optional description for the group -* **displayName**: string (Required): The display name for the group. Required. Maximum length is 256 characters +* **description**: string: An optional description for the group. +* **displayName**: string (Required): The display name for the group. Required. Maximum length is 256 characters. * **expirationDateTime**: string (ReadOnly): Timestamp of when the group is set to expire. It is null for security groups, but for Microsoft 365 groups, it represents when the group is set to expire as defined in the groupLifecyclePolicy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. -* **groupTypes**: string[]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static +* **groupTypes**: string[]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **infoCatalogs**: string[]: Identifies the info segments assigned to the group -* **isAssignableToRole**: bool: Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license +* **infoCatalogs**: string[]: Identifies the info segments assigned to the group. +* **isAssignableToRole**: bool: Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license. * **isManagementRestricted**: bool (ReadOnly): Indicates whether the group is a member of a restricted management administrative unit. The default value is false. Read-only. To manage a group member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. -* **mail**: string (ReadOnly): The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only -* **mailEnabled**: bool (Required): Specifies whether the group is mail-enabled. Required -* **mailNickname**: string (Required): The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE -* **members**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable -* **membershipRule**: string: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax -* **membershipRuleProcessingState**: string: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused +* **mail**: string (ReadOnly): The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only. +* **mailEnabled**: bool (Required): Specifies whether the group is mail-enabled. Required. +* **mailNickname**: string (Required): The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE. +* **members**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable. +* **membershipRule**: string: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. +* **membershipRuleProcessingState**: string: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. * **onPremisesDomainName**: string (ReadOnly): Contains the on-premises domain FQDN, also called dnsDomainName synchronized from the on-premises directory. Read-only. -* **onPremisesLastSyncDateTime**: string (ReadOnly): Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only +* **onPremisesLastSyncDateTime**: string (ReadOnly): Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **onPremisesNetBiosName**: string (ReadOnly): Contains the on-premises netBios name synchronized from the on-premises directory. Read-only. -* **onPremisesProvisioningErrors**: [MicrosoftGraphOnPremisesProvisioningError](#microsoftgraphonpremisesprovisioningerror)[] (ReadOnly): Errors when using Microsoft synchronization product during provisioning +* **onPremisesProvisioningErrors**: [MicrosoftGraphOnPremisesProvisioningError](#microsoftgraphonpremisesprovisioningerror)[] (ReadOnly): Errors when using Microsoft synchronization product during provisioning. * **onPremisesSamAccountName**: string (ReadOnly): Contains the on-premises SAM account name synchronized from the on-premises directory. Read-only. -* **onPremisesSecurityIdentifier**: string (ReadOnly): Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only -* **onPremisesSyncEnabled**: bool (ReadOnly): true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only +* **onPremisesSecurityIdentifier**: string (ReadOnly): Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only. +* **onPremisesSyncEnabled**: bool (ReadOnly): true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only. * **organizationId**: string -* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue -* **preferredDataLocation**: string: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable -* **preferredLanguage**: string: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US -* **proxyAddresses**: string[] (ReadOnly): Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue. +* **preferredDataLocation**: string: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable. +* **preferredLanguage**: string: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US. +* **proxyAddresses**: string[] (ReadOnly): Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable. * **renewedDateTime**: string (ReadOnly): Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **resourceBehaviorOptions**: string[]: Specifies the group behaviors that can be set for a Microsoft 365 group during creation. This property can be set only as part of creation (POST). For the list of possible values, see Microsoft 365 group behaviors and provisioning options. -* **resourceProvisioningOptions**: string[]: Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options -* **securityEnabled**: bool (Required): Specifies whether the group is a security group -* **securityIdentifier**: string (ReadOnly): Security identifier of the group, used in Windows scenarios. Read-only +* **resourceProvisioningOptions**: string[]: Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options. +* **securityEnabled**: bool (Required): Specifies whether the group is a security group. +* **securityIdentifier**: string (ReadOnly): Security identifier of the group, used in Windows scenarios. Read-only. * **serviceProvisioningErrors**: [MicrosoftGraphServiceProvisioningError](#microsoftgraphserviceprovisioningerror)[]: Errors published by a federated service describing a non-transient, service-specific error regarding the properties or link from a group object. -* **theme**: string: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red +* **theme**: string: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. * **type**: 'Microsoft.Graph/groups' (ReadOnly, DeployTimeConstant): The resource type -* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to a group and used as an alternate key. Immutable +* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to a group and used as an alternate key. Immutable. * **visibility**: string: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value isn't specified during group creation on Microsoft Graph, a security group is created as Private by default, and Microsoft 365 group is Public. Groups assignable to roles are always Private. To learn more, see group visibility options. Nullable. * **writebackConfiguration**: [MicrosoftGraphGroupWritebackConfiguration](#microsoftgraphgroupwritebackconfiguration): Specifies whether or not a group is configured to write back group object properties to on-premises Active Directory. These properties are used when group writeback is configured in the Microsoft Entra Connect sync client. @@ -122,40 +125,41 @@ * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version -* **clientId**: string (Required): The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required -* **consentType**: string (Required): Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required +* **clientId**: string (Required): The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required. +* **consentType**: string (Required): Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **principalId**: string: The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal -* **resourceId**: string (Required): The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user +* **principalId**: string: The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal. +* **resourceId**: string (Required): The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user. * **scope**: string: A space-separated list of the claim values for delegated permissions that should be included in access tokens for the resource application (the API). For example, openid User.Read GroupMember.Read.All. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the publishedPermissionScopes property of the resource service principal. Must not exceed 3850 characters in length. * **type**: 'Microsoft.Graph/oauth2PermissionGrants' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/servicePrincipals@beta * **Valid Scope(s)**: Unknown ### Properties -* **accountEnabled**: bool: true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it +* **accountEnabled**: bool: true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it. * **addIns**: [MicrosoftGraphAddIn](#microsoftgraphaddin)[]: Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its 'FileHandler' functionality. This lets services like Microsoft 365 call the application in the context of a document the user is working on. -* **alternativeNames**: string[]: Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities +* **alternativeNames**: string[]: Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities. * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version * **appDescription**: string: The description exposed by the associated application. * **appDisplayName**: string: The display name exposed by the associated application. Maximum length is 256 characters. -* **appId**: string (Required, Identifier): The unique identifier for the associated application (its appId property). Alternate key +* **appId**: string (Required, Identifier): The unique identifier for the associated application (its appId property). Alternate key. * **applicationTemplateId**: string (ReadOnly): Unique identifier of the applicationTemplate. Read-only. null if the app wasn't created from an application template. -* **appOwnerOrganizationId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (ReadOnly): Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications -* **appRoleAssignmentRequired**: bool: Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable +* **appOwnerOrganizationId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (ReadOnly): Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications. +* **appRoleAssignmentRequired**: bool: Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable. * **appRoles**: [MicrosoftGraphAppRole](#microsoftgraphapprole)[]: The roles exposed by the application, which this service principal represents. For more information, see the appRoles property definition on the application entity. Not nullable. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters -* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement) -* **displayName**: string: The display name for the service principal +* **description**: string: Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters. +* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement). +* **displayName**: string: The display name for the service principal. * **homepage**: string: Home page or landing page of the application. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps -* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the service principal. Not nullable +* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps. +* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the service principal. Not nullable. * **loginUrl**: string: Specifies the URL where the service provider redirects the user to Microsoft Entra ID to authenticate. Microsoft Entra ID uses the URL to launch the application from Microsoft 365 or the Microsoft Entra My Apps. When blank, Microsoft Entra ID performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. The user launches the application from Microsoft 365, the Microsoft Entra My Apps, or the Microsoft Entra SSO URL. * **logoutUrl**: string: Specifies the URL that the Microsoft's authorization service uses to sign out a user using OpenId Connect front-channel, back-channel, or SAML sign out protocols. * **notes**: string: Free text field to capture information about the service principal, typically used for operational purposes. Maximum allowed size is 1,024 characters. * **notificationEmailAddresses**: string[]: Specifies the list of email addresses where Microsoft Entra ID sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Microsoft Entra Gallery applications. +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. * **passwordCredentials**: [MicrosoftGraphPasswordCredential](#microsoftgraphpasswordcredential)[]: The collection of password credentials associated with the service principal. Not nullable. * **preferredSingleSignOnMode**: string: Specifies the single sign-on mode configured for this application. Microsoft Entra ID uses the preferred single sign-on mode to launch the application from Microsoft 365 or the Microsoft Entra My Apps. The supported values are password, saml, notSupported, and oidc. Note: This field might be null for older SAML apps and for OIDC applications where it isn't set automatically. * **preferredTokenSigningKeyEndDateTime**: string: Specifies the expiration date of the keyCredential used for token signing, marked by preferredTokenSigningKeyThumbprint. Updating this attribute isn't currently supported. For details, see ServicePrincipal property differences. @@ -165,10 +169,10 @@ * **replyUrls**: string[]: The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Not nullable. * **samlMetadataUrl**: string: The url where the service exposes SAML metadata for federation. * **samlSingleSignOnSettings**: [MicrosoftGraphSamlSingleSignOnSettings](#microsoftgraphsamlsinglesignonsettings): The collection for settings related to saml single sign-on. -* **servicePrincipalNames**: string[]: Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable +* **servicePrincipalNames**: string[]: Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable. * **servicePrincipalType**: string: Identifies if the service principal represents an application or a managed identity. This is set by Microsoft Entra ID internally. For a service principal that represents an application this is set as Application. For a service principal that represents a managed identity this is set as ManagedIdentity. The SocialIdp type is for internal use. * **signInAudience**: string (ReadOnly): Specifies the Microsoft accounts that are supported for the current application. Read-only. Supported values are:AzureADMyOrg: Users with a Microsoft work or school account in my organization's Microsoft Entra tenant (single-tenant).AzureADMultipleOrgs: Users with a Microsoft work or school account in any organization's Microsoft Entra tenant (multitenant).AzureADandPersonalMicrosoftAccount: Users with a personal Microsoft account, or a work or school account in any organization's Microsoft Entra tenant.PersonalMicrosoftAccount: Users with a personal Microsoft account only. -* **tags**: string[]: Custom strings that can be used to categorize and identify the service principal. Not nullable +* **tags**: string[]: Custom strings that can be used to categorize and identify the service principal. Not nullable. * **tokenEncryptionKeyId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"}: Specifies the keyId of a public key from the keyCredentials collection. When configured, Microsoft Entra ID issues tokens for this application encrypted using the key specified by this property. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. * **type**: 'Microsoft.Graph/servicePrincipals' (ReadOnly, DeployTimeConstant): The resource type * **verifiedPublisher**: [MicrosoftGraphVerifiedPublisher](#microsoftgraphverifiedpublisher): Specifies the verified publisher of the application that's linked to this service principal. @@ -177,19 +181,19 @@ * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'beta' (ReadOnly, DeployTimeConstant): The resource api version -* **businessPhones**: string[] (ReadOnly): The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory +* **businessPhones**: string[] (ReadOnly): The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **displayName**: string (ReadOnly): The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters -* **givenName**: string (ReadOnly): The given name (first name) of the user. Maximum length is 64 characters +* **displayName**: string (ReadOnly): The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters. +* **givenName**: string (ReadOnly): The given name (first name) of the user. Maximum length is 64 characters. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **jobTitle**: string (ReadOnly): The user's job title. Maximum length is 128 characters -* **mail**: string (ReadOnly): The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead -* **mobilePhone**: string (ReadOnly): The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory -* **officeLocation**: string (ReadOnly): The office location in the user's place of business. Maximum length is 128 characters -* **preferredLanguage**: string (ReadOnly): The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES' -* **surname**: string (ReadOnly): The user's surname (family name or last name). Maximum length is 64 characters +* **jobTitle**: string (ReadOnly): The user's job title. Maximum length is 128 characters. +* **mail**: string (ReadOnly): The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. +* **mobilePhone**: string (ReadOnly): The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. +* **officeLocation**: string (ReadOnly): The office location in the user's place of business. Maximum length is 128 characters. +* **preferredLanguage**: string (ReadOnly): The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'. +* **surname**: string (ReadOnly): The user's surname (family name or last name). Maximum length is 64 characters. * **type**: 'Microsoft.Graph/users' (ReadOnly, DeployTimeConstant): The resource type -* **userPrincipalName**: string (Required, DeployTimeConstant, Identifier): The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies +* **userPrincipalName**: string (Required, DeployTimeConstant, Identifier): The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies. ## MicrosoftGraphAddIn ### Properties @@ -211,9 +215,9 @@ * **description**: string: The description for the app role. This is displayed when the app role is being assigned and, if the app role functions as an application permission, during consent experiences. * **displayName**: string: Display name for the permission that appears in the app role assignment and consent experiences. * **id**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"}: Unique role identifier inside the appRoles collection. You must specify a new GUID identifier when you create a new app role. -* **isEnabled**: bool: When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed. +* **isEnabled**: bool: When you create or updating an app role, this value must be true. To delete a role, this must first be set to false. At that point, in a subsequent call, this role might be removed. Default value is true. * **origin**: string (ReadOnly): Specifies if the app role is defined on the application object or on the servicePrincipal entity. Must not be included in any POST or PATCH requests. Read-only. -* **value**: string: Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .. +* **value**: string: Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z, and a-z. Any other character, including the space character, aren't allowed. May not begin with .. ## MicrosoftGraphAuthenticationBehaviors ### Properties @@ -226,13 +230,18 @@ * **certificationDetailsUrl**: string: URL that shows certification details for the application. * **certificationExpirationDateTime**: string: The timestamp when the current certification for the application expires. * **isCertifiedByMicrosoft**: bool: Indicates whether the application is certified by Microsoft. -* **isPublisherAttested**: bool: Indicates whether the application has been self-attested by the application developer or the publisher. +* **isPublisherAttested**: bool: Indicates whether the application developer or publisher completed Publisher Attestation. * **lastCertificationDateTime**: string: The timestamp when the certification for the application was most recently added or updated. +## MicrosoftGraphFederatedIdentityExpression +### Properties +* **languageVersion**: int: Indicated the language version to be used. Should always be set to 1. Required. +* **value**: string: Indicates the configured expression. Required. + ## MicrosoftGraphGroupWritebackConfiguration ### Properties * **isEnabled**: bool: Indicates whether writeback of cloud groups to on-premise Active Directory is enabled. Default value is true for Microsoft 365 groups and false for security groups. -* **onPremisesGroupType**: string: Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default +* **onPremisesGroupType**: string: Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default. ## MicrosoftGraphImplicitGrantSettings ### Properties @@ -242,10 +251,10 @@ ## MicrosoftGraphInformationalUrl ### Properties * **logoUrl**: string (ReadOnly): CDN URL to the application's logo, Read-only. -* **marketingUrl**: string: Link to the application's marketing page. For example, https://www.contoso.com/app/marketing -* **privacyStatementUrl**: string: Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy -* **supportUrl**: string: Link to the application's support page. For example, https://www.contoso.com/app/support -* **termsOfServiceUrl**: string: Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice +* **marketingUrl**: string: Link to the application's marketing page. For example, https://www.contoso.com/app/marketing. +* **privacyStatementUrl**: string: Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy. +* **supportUrl**: string: Link to the application's support page. For example, https://www.contoso.com/app/support. +* **termsOfServiceUrl**: string: Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice. ## MicrosoftGraphKeyCredential ### Properties @@ -260,14 +269,14 @@ ## MicrosoftGraphKeyValue ### Properties -* **key**: string: Key. -* **value**: string: Value. +* **key**: string: Contains the name of the field that a value is associated with. +* **value**: string: Contains the corresponding value for the specified key. ## MicrosoftGraphOnPremisesProvisioningError ### Properties * **category**: string: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. * **occurredDateTime**: string: The date and time at which the error occurred. -* **propertyCausingError**: string: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress +* **propertyCausingError**: string: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress. * **value**: string: Value of the property causing the error. ## MicrosoftGraphOptionalClaim diff --git a/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.json b/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.json index 188b21e..8d16600 100644 --- a/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.json +++ b/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.json @@ -33,7 +33,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Describes a classification for the group (such as low, medium, or high business impact)" + "description": "Describes a classification for the group (such as low, medium, or high business impact)." }, "createdDateTime": { "type": { @@ -47,14 +47,14 @@ "$ref": "#/0" }, "flags": 0, - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters" + "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters." }, "expirationDateTime": { "type": { @@ -68,14 +68,14 @@ "$ref": "#/4" }, "flags": 0, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "isAssignableToRole": { "type": { "$ref": "#/5" }, "flags": 0, - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": { @@ -88,35 +88,35 @@ "$ref": "#/0" }, "flags": 2, - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only" + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only." }, "mailEnabled": { "type": { "$ref": "#/5" }, "flags": 1, - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required." }, "membershipRule": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": { @@ -130,7 +130,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only" + "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only." }, "onPremisesNetBiosName": { "type": { @@ -144,7 +144,7 @@ "$ref": "#/7" }, "flags": 2, - "description": "Errors when using Microsoft synchronization product during provisioning" + "description": "Errors when using Microsoft synchronization product during provisioning." }, "onPremisesSamAccountName": { "type": { @@ -158,35 +158,35 @@ "$ref": "#/0" }, "flags": 2, - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only" + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only." }, "onPremisesSyncEnabled": { "type": { "$ref": "#/5" }, "flags": 2, - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only" + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only." }, "preferredDataLocation": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable." }, "preferredLanguage": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": { "$ref": "#/8" }, "flags": 2, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable" + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable." }, "renewedDateTime": { "type": { @@ -200,35 +200,35 @@ "$ref": "#/5" }, "flags": 1, - "description": "Specifies whether the group is a security group. Required" + "description": "Specifies whether the group is a security group. Required." }, "securityIdentifier": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "Security identifier of the group, used in Windows scenarios. Read-only" + "description": "Security identifier of the group, used in Windows scenarios. Read-only." }, "serviceProvisioningErrors": { "type": { "$ref": "#/10" }, "flags": 0, - "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object" + "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object." }, "theme": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red." }, "uniqueName": { "type": { "$ref": "#/0" }, "flags": 25, - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable" + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable." }, "visibility": { "type": { @@ -242,14 +242,14 @@ "$ref": "#/11" }, "flags": 0, - "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "type": { "$ref": "#/11" }, "flags": 0, - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." }, "deletedDateTime": { "type": { @@ -299,7 +299,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": { @@ -457,7 +457,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key" + "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key." }, "applicationTemplateId": { "type": { @@ -485,7 +485,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only" + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only." }, "defaultRedirectUri": { "type": { @@ -498,21 +498,21 @@ "$ref": "#/0" }, "flags": 0, - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": { @@ -526,14 +526,14 @@ "$ref": "#/37" }, "flags": 0, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api:/, or specify a more readable URI like https:/contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api:/, or specify a more readable URI like https:/contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "type": { "$ref": "#/38" }, "flags": 0, - "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": { @@ -554,7 +554,7 @@ "$ref": "#/40" }, "flags": 0, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": { @@ -610,7 +610,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain" + "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain." }, "requestSignatureVerification": { "type": { @@ -624,7 +624,7 @@ "$ref": "#/62" }, "flags": 0, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": { @@ -652,7 +652,7 @@ "$ref": "#/0" }, "flags": 0, - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first." }, "spa": { "type": { @@ -666,7 +666,7 @@ "$ref": "#/66" }, "flags": 0, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": { @@ -680,7 +680,7 @@ "$ref": "#/0" }, "flags": 25, - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable" + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable." }, "verifiedPublisher": { "type": { @@ -696,6 +696,13 @@ "flags": 0, "description": "Specifies settings for a web application." }, + "owners": { + "type": { + "$ref": "#/11" + }, + "flags": 0, + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." + }, "deletedDateTime": { "type": { "$ref": "#/0" @@ -1024,7 +1031,7 @@ "$ref": "#/5" }, "flags": 0, - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": { @@ -1057,28 +1064,28 @@ "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's marketing page. For example, https:/www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https:/www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's privacy statement. For example, https:/www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https:/www.contoso.com/app/privacy." }, "supportUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's support page. For example, https:/www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https:/www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Link to the application's terms of service statement. For example, https:/www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https:/www.contoso.com/app/termsofservice." } } }, @@ -1666,7 +1673,7 @@ "$ref": "#/5" }, "flags": 0, - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": { @@ -1680,7 +1687,7 @@ "$ref": "#/78" }, "flags": 0, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": { @@ -1701,7 +1708,7 @@ "$ref": "#/0" }, "flags": 17, - "description": "The unique identifier for the associated application (its appId property). Alternate key" + "description": "The unique identifier for the associated application (its appId property). Alternate key." }, "applicationTemplateId": { "type": { @@ -1715,14 +1722,14 @@ "$ref": "#/21" }, "flags": 2, - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications" + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications." }, "appRoleAssignmentRequired": { "type": { "$ref": "#/5" }, "flags": 0, - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": { @@ -1743,21 +1750,21 @@ "$ref": "#/0" }, "flags": 0, - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": { @@ -1771,14 +1778,14 @@ "$ref": "#/38" }, "flags": 0, - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": { "$ref": "#/81" }, "flags": 0, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": { @@ -1862,7 +1869,7 @@ "$ref": "#/89" }, "flags": 0, - "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": { @@ -1883,7 +1890,7 @@ "$ref": "#/90" }, "flags": 0, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": { @@ -1899,6 +1906,13 @@ "flags": 0, "description": "Specifies the verified publisher of the application that's linked to this service principal." }, + "owners": { + "type": { + "$ref": "#/11" + }, + "flags": 0, + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." + }, "deletedDateTime": { "type": { "$ref": "#/0" @@ -2099,14 +2113,14 @@ "$ref": "#/0" }, "flags": 17, - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable" + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable." }, "subject": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters" + "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters." }, "id": { "type": { @@ -2163,28 +2177,28 @@ "$ref": "#/0" }, "flags": 1, - "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": { "$ref": "#/0" }, "flags": 0, - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": { "$ref": "#/0" }, "flags": 1, - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": { @@ -2256,7 +2270,7 @@ "$ref": "#/0" }, "flags": 2, - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only" + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only." }, "principalId": { "type": { @@ -2284,7 +2298,7 @@ "$ref": "#/21" }, "flags": 1, - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." }, "deletedDateTime": { "type": { @@ -2342,70 +2356,70 @@ "$ref": "#/108" }, "flags": 2, - "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory" + "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory." }, "displayName": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters." }, "officeLocation": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The office location in the user's place of business" + "description": "The office location in the user's place of business." }, "preferredLanguage": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": { "$ref": "#/0" }, "flags": 2, - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": { "$ref": "#/0" }, "flags": 25, - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies" + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies." }, "deletedDateTime": { "type": { diff --git a/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.md b/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.md index 8a5def0..3e17408 100644 --- a/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.md +++ b/generated/microsoftgraph/microsoft.graph/v1.0/0.1.10-preview/types.md @@ -6,42 +6,43 @@ * **addIns**: [MicrosoftGraphAddIn](#microsoftgraphaddin)[]: Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams can set the addIns property for its 'FileHandler' functionality. This lets services like Microsoft 365 call the application in the context of a document the user is working on. * **api**: [MicrosoftGraphApiApplication](#microsoftgraphapiapplication): Specifies settings for an application that implements a web API. * **apiVersion**: 'v1.0' (ReadOnly, DeployTimeConstant): The resource api version -* **appId**: string (ReadOnly): The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key +* **appId**: string (ReadOnly): The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key. * **applicationTemplateId**: string (ReadOnly): Unique identifier of the applicationTemplate. Read-only. null if the app wasn't created from an application template. * **appRoles**: [MicrosoftGraphAppRole](#microsoftgraphapprole)[]: The collection of roles defined for the application. With app role assignments, these roles can be assigned to users, groups, or service principals associated with other applications. Not nullable. * **certification**: [MicrosoftGraphCertification](#microsoftgraphcertification) (ReadOnly): Specifies the certification status of the application. -* **createdDateTime**: string (ReadOnly): The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only +* **createdDateTime**: string (ReadOnly): The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **defaultRedirectUri**: string * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters -* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement) -* **displayName**: string (Required): The display name for the application. Maximum length is 256 characters +* **description**: string: Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters. +* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement). +* **displayName**: string (Required): The display name for the application. Maximum length is 256 characters. * **groupMembershipClaims**: string: Configures the groups claim issued in a user or OAuth 2.0 access token that the application expects. To set this attribute, use one of the following valid string values: None, SecurityGroup (for security groups and Microsoft Entra roles), All (this gets all of the security groups, distribution groups, and Microsoft Entra directory roles that the signed-in user is a member of). * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **identifierUris**: string[]: Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable -* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps +* **identifierUris**: string[]: Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable. +* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps. * **isDeviceOnlyAuthSupported**: bool: Specifies whether this application supports device authentication without a user. The default is false. * **isFallbackPublicClient**: bool: Specifies the fallback application type as public client, such as an installed application running on a mobile device. The default value is false, which means the fallback application type is confidential client such as a web app. There are certain scenarios where Microsoft Entra ID can't determine the client application type. For example, the ROPC flow where it's configured without specifying a redirect URI. In those cases, Microsoft Entra ID interprets the application type based on the value of this property. -* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the application. Not nullable +* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the application. Not nullable. * **logo**: string: The main logo for the application. Not nullable. * **nativeAuthenticationApisEnabled**: 'all' | 'none' | string: Specifies whether the Native Authentication APIs are enabled for the application. The possible values are: none and all. Default is none. For more information, see Native Authentication. * **notes**: string: Notes relevant for the management of the application. * **optionalClaims**: [MicrosoftGraphOptionalClaims](#microsoftgraphoptionalclaims): Application developers can configure optional claims in their Microsoft Entra applications to specify the claims that are sent to their application by the Microsoft security token service. For more information, see How to: Provide optional claims to your app. +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. * **parentalControlSettings**: [MicrosoftGraphParentalControlSettings](#microsoftgraphparentalcontrolsettings): Specifies parental control settings for an application. * **passwordCredentials**: [MicrosoftGraphPasswordCredential](#microsoftgraphpasswordcredential)[]: The collection of password credentials associated with the application. Not nullable. * **publicClient**: [MicrosoftGraphPublicClientApplication](#microsoftgraphpublicclientapplication): Specifies settings for installed clients such as desktop or mobile devices. -* **publisherDomain**: string (ReadOnly): The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain +* **publisherDomain**: string (ReadOnly): The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain. * **requestSignatureVerification**: [MicrosoftGraphRequestSignatureVerification](#microsoftgraphrequestsignatureverification): Specifies whether this application requires Microsoft Entra ID to verify the signed authentication requests. -* **requiredResourceAccess**: [MicrosoftGraphRequiredResourceAccess](#microsoftgraphrequiredresourceaccess)[]: Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable +* **requiredResourceAccess**: [MicrosoftGraphRequiredResourceAccess](#microsoftgraphrequiredresourceaccess)[]: Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable. * **samlMetadataUrl**: string: The URL where the service exposes SAML metadata for federation. This property is valid only for single-tenant applications. Nullable. * **serviceManagementReference**: string: References application or service contact information from a Service or Asset Management database. Nullable. * **servicePrincipalLockConfiguration**: [MicrosoftGraphServicePrincipalLockConfiguration](#microsoftgraphserviceprincipallockconfiguration): Specifies whether sensitive properties of a multitenant application should be locked for editing after the application is provisioned in a tenant. Nullable. null by default. -* **signInAudience**: string: Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first +* **signInAudience**: string: Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first. * **spa**: [MicrosoftGraphSpaApplication](#microsoftgraphspaapplication): Specifies settings for a single-page application, including sign out URLs and redirect URIs for authorization codes and access tokens. -* **tags**: string[]: Custom strings that can be used to categorize and identify the application. Not nullable +* **tags**: string[]: Custom strings that can be used to categorize and identify the application. Not nullable. * **tokenEncryptionKeyId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"}: Specifies the keyId of a public key from the keyCredentials collection. When configured, Microsoft Entra ID encrypts all the tokens it emits by using the key this property points to. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. * **type**: 'Microsoft.Graph/applications' (ReadOnly, DeployTimeConstant): The resource type -* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to an application and used as an alternate key. Immutable +* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to an application and used as an alternate key. Immutable. * **verifiedPublisher**: [MicrosoftGraphVerifiedPublisher](#microsoftgraphverifiedpublisher): Specifies the verified publisher of the application. For more information about how publisher verification helps support application security, trustworthiness, and compliance, see Publisher verification. * **web**: [MicrosoftGraphWebApplication](#microsoftgraphwebapplication): Specifies settings for a web application. @@ -53,8 +54,8 @@ * **description**: string: The unvalidated description of the federated identity credential, provided by the user. It has a limit of 600 characters. Optional. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. * **issuer**: string (Required): The URL of the external identity provider, which must match the issuer claim of the external token being exchanged. The combination of the values of issuer and subject must be unique within the app. It has a limit of 600 characters. Required. -* **name**: string (Required, Identifier): The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable -* **subject**: string (Required): Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters +* **name**: string (Required, Identifier): The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable. +* **subject**: string (Required): Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters. * **type**: 'Microsoft.Graph/applications/federatedIdentityCredentials' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/appRoleAssignedTo@v1.0 @@ -65,103 +66,104 @@ * **createdDateTime**: string (ReadOnly): The time when the app role assignment was created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **principalDisplayName**: string (ReadOnly): The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only +* **principalDisplayName**: string (ReadOnly): The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only. * **principalId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the user, security group, or service principal being granted the app role. Security groups with dynamic memberships are supported. Required on create. * **principalType**: string (ReadOnly): The type of the assigned principal. This can either be User, Group, or ServicePrincipal. Read-only. * **resourceDisplayName**: string: The display name of the resource app's service principal to which the assignment is made. Maximum length is 256 characters. -* **resourceId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the resource service principal for which the assignment is made. Required on create +* **resourceId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (Required): The unique identifier (id) for the resource service principal for which the assignment is made. Required on create. * **type**: 'Microsoft.Graph/appRoleAssignedTo' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/groups@v1.0 * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'v1.0' (ReadOnly, DeployTimeConstant): The resource api version -* **classification**: string: Describes a classification for the group (such as low, medium, or high business impact) +* **classification**: string: Describes a classification for the group (such as low, medium, or high business impact). * **createdDateTime**: string (ReadOnly): Timestamp of when the group was created. The value can't be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: An optional description for the group -* **displayName**: string (Required): The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters +* **description**: string: An optional description for the group. +* **displayName**: string (Required): The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters. * **expirationDateTime**: string (ReadOnly): Timestamp of when the group is set to expire. It's null for security groups, but for Microsoft 365 groups, it represents when the group is set to expire as defined in the groupLifecyclePolicy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only. -* **groupTypes**: string[]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static +* **groupTypes**: string[]: Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **isAssignableToRole**: bool: Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license +* **isAssignableToRole**: bool: Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license. * **isManagementRestricted**: bool -* **mail**: string (ReadOnly): The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only -* **mailEnabled**: bool (Required): Specifies whether the group is mail-enabled. Required -* **mailNickname**: string (Required): The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required -* **members**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable -* **membershipRule**: string: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax -* **membershipRuleProcessingState**: string: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused +* **mail**: string (ReadOnly): The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only. +* **mailEnabled**: bool (Required): Specifies whether the group is mail-enabled. Required. +* **mailNickname**: string (Required): The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required. +* **members**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable. +* **membershipRule**: string: The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. +* **membershipRuleProcessingState**: string: Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. * **onPremisesDomainName**: string (ReadOnly): Contains the on-premises domain FQDN, also called dnsDomainName synchronized from the on-premises directory. Read-only. -* **onPremisesLastSyncDateTime**: string (ReadOnly): Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only +* **onPremisesLastSyncDateTime**: string (ReadOnly): Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only. * **onPremisesNetBiosName**: string (ReadOnly): Contains the on-premises netBios name synchronized from the on-premises directory. Read-only. -* **onPremisesProvisioningErrors**: [MicrosoftGraphOnPremisesProvisioningError](#microsoftgraphonpremisesprovisioningerror)[] (ReadOnly): Errors when using Microsoft synchronization product during provisioning +* **onPremisesProvisioningErrors**: [MicrosoftGraphOnPremisesProvisioningError](#microsoftgraphonpremisesprovisioningerror)[] (ReadOnly): Errors when using Microsoft synchronization product during provisioning. * **onPremisesSamAccountName**: string (ReadOnly): Contains the on-premises SAM account name synchronized from the on-premises directory. Read-only. -* **onPremisesSecurityIdentifier**: string (ReadOnly): Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only -* **onPremisesSyncEnabled**: bool (ReadOnly): true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only -* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue -* **preferredDataLocation**: string: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable -* **preferredLanguage**: string: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US -* **proxyAddresses**: string[] (ReadOnly): Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable +* **onPremisesSecurityIdentifier**: string (ReadOnly): Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only. +* **onPremisesSyncEnabled**: bool (ReadOnly): true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only. +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue. +* **preferredDataLocation**: string: The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable. +* **preferredLanguage**: string: The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US. +* **proxyAddresses**: string[] (ReadOnly): Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable. * **renewedDateTime**: string (ReadOnly): Timestamp of when the group was last renewed. This value can't be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only. -* **securityEnabled**: bool (Required): Specifies whether the group is a security group. Required -* **securityIdentifier**: string (ReadOnly): Security identifier of the group, used in Windows scenarios. Read-only -* **serviceProvisioningErrors**: [MicrosoftGraphServiceProvisioningError](#microsoftgraphserviceprovisioningerror)[]: Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object -* **theme**: string: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red +* **securityEnabled**: bool (Required): Specifies whether the group is a security group. Required. +* **securityIdentifier**: string (ReadOnly): Security identifier of the group, used in Windows scenarios. Read-only. +* **serviceProvisioningErrors**: [MicrosoftGraphServiceProvisioningError](#microsoftgraphserviceprovisioningerror)[]: Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object. +* **theme**: string: Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red. * **type**: 'Microsoft.Graph/groups' (ReadOnly, DeployTimeConstant): The resource type -* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to a group and used as an alternate key. Immutable +* **uniqueName**: string (Required, DeployTimeConstant, Identifier): The unique identifier that can be assigned to a group and used as an alternate key. Immutable. * **visibility**: string: Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation. If visibility value isn't specified during group creation on Microsoft Graph, a security group is created as Private by default, and the Microsoft 365 group is Public. Groups assignable to roles are always Private. To learn more, see group visibility options. Nullable. ## Resource Microsoft.Graph/oauth2PermissionGrants@v1.0 * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'v1.0' (ReadOnly, DeployTimeConstant): The resource api version -* **clientId**: string (Required): The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required -* **consentType**: string (Required): Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required +* **clientId**: string (Required): The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required. +* **consentType**: string (Required): Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **principalId**: string: The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal -* **resourceId**: string (Required): The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user +* **principalId**: string: The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal. +* **resourceId**: string (Required): The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user. * **scope**: string: A space-separated list of the claim values for delegated permissions that should be included in access tokens for the resource application (the API). For example, openid User.Read GroupMember.Read.All. Each claim value should match the value field of one of the delegated permissions defined by the API, listed in the oauth2PermissionScopes property of the resource service principal. Must not exceed 3,850 characters in length. * **type**: 'Microsoft.Graph/oauth2PermissionGrants' (ReadOnly, DeployTimeConstant): The resource type ## Resource Microsoft.Graph/servicePrincipals@v1.0 * **Valid Scope(s)**: Unknown ### Properties -* **accountEnabled**: bool: true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it +* **accountEnabled**: bool: true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it. * **addIns**: [MicrosoftGraphAddIn](#microsoftgraphaddin)[]: Defines custom behavior that a consuming service can use to call an app in specific contexts. For example, applications that can render file streams may set the addIns property for its 'FileHandler' functionality. This lets services like Microsoft 365 call the application in the context of a document the user is working on. -* **alternativeNames**: string[]: Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities +* **alternativeNames**: string[]: Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities. * **apiVersion**: 'v1.0' (ReadOnly, DeployTimeConstant): The resource api version * **appDescription**: string: The description exposed by the associated application. * **appDisplayName**: string: The display name exposed by the associated application. Maximum length is 256 characters. -* **appId**: string (Required, Identifier): The unique identifier for the associated application (its appId property). Alternate key +* **appId**: string (Required, Identifier): The unique identifier for the associated application (its appId property). Alternate key. * **applicationTemplateId**: string (ReadOnly): Unique identifier of the applicationTemplate. Read-only. null if the service principal wasn't created from an application template. -* **appOwnerOrganizationId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (ReadOnly): Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications -* **appRoleAssignmentRequired**: bool: Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable +* **appOwnerOrganizationId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"} (ReadOnly): Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications. +* **appRoleAssignmentRequired**: bool: Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable. * **appRoles**: [MicrosoftGraphAppRole](#microsoftgraphapprole)[]: The roles exposed by the application that's linked to this service principal. For more information, see the appRoles property definition on the application entity. Not nullable. * **customSecurityAttributes**: any: An open complex type that holds the value of a custom security attribute that is assigned to a directory object. Nullable. Filter value is case sensitive. To read this property, the calling app must be assigned the CustomSecAttributeAssignment.Read.All permission. To write this property, the calling app must be assigned the CustomSecAttributeAssignment.ReadWrite.All permissions. To read or write this property in delegated scenarios, the admin must be assigned the Attribute Assignment Administrator role. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **description**: string: Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters -* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement) -* **displayName**: string: The display name for the service principal +* **description**: string: Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters. +* **disabledByMicrosoftStatus**: string: Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement). +* **displayName**: string: The display name for the service principal. * **homepage**: string: Home page or landing page of the application. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps -* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the service principal. Not nullable +* **info**: [MicrosoftGraphInformationalUrl](#microsoftgraphinformationalurl): Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps. +* **keyCredentials**: [MicrosoftGraphKeyCredential](#microsoftgraphkeycredential)[]: The collection of key credentials associated with the service principal. Not nullable. * **loginUrl**: string: Specifies the URL where the service provider redirects the user to Microsoft Entra ID to authenticate. Microsoft Entra ID uses the URL to launch the application from Microsoft 365 or the Microsoft Entra My Apps. When blank, Microsoft Entra ID performs IdP-initiated sign-on for applications configured with SAML-based single sign-on. The user launches the application from Microsoft 365, the Microsoft Entra My Apps, or the Microsoft Entra SSO URL. * **logoutUrl**: string: Specifies the URL that the Microsoft's authorization service uses to sign out a user using OpenID Connect front-channel, back-channel, or SAML sign out protocols. * **notes**: string: Free text field to capture information about the service principal, typically used for operational purposes. Maximum allowed size is 1,024 characters. * **notificationEmailAddresses**: string[]: Specifies the list of email addresses where Microsoft Entra ID sends a notification when the active certificate is near the expiration date. This is only for the certificates used to sign the SAML token issued for Microsoft Entra Gallery applications. * **oauth2PermissionScopes**: [MicrosoftGraphPermissionScope](#microsoftgraphpermissionscope)[]: The delegated permissions exposed by the application. For more information, see the oauth2PermissionScopes property on the application entity's api property. Not nullable. +* **owners**: [MicrosoftGraphRelationship](#microsoftgraphrelationship): Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. * **passwordCredentials**: [MicrosoftGraphPasswordCredential](#microsoftgraphpasswordcredential)[]: The collection of password credentials associated with the application. Not nullable. * **preferredSingleSignOnMode**: string: Specifies the single sign-on mode configured for this application. Microsoft Entra ID uses the preferred single sign-on mode to launch the application from Microsoft 365 or the My Apps portal. The supported values are password, saml, notSupported, and oidc. Note: This field might be null for older SAML apps and for OIDC applications where it isn't set automatically. * **preferredTokenSigningKeyThumbprint**: string: This property can be used on SAML applications (apps that have preferredSingleSignOnMode set to saml) to control which certificate is used to sign the SAML responses. For applications that aren't SAML, don't write or otherwise rely on this property. * **replyUrls**: string[]: The URLs that user tokens are sent to for sign in with the associated application, or the redirect URIs that OAuth 2.0 authorization codes and access tokens are sent to for the associated application. Not nullable. * **resourceSpecificApplicationPermissions**: [MicrosoftGraphResourceSpecificPermission](#microsoftgraphresourcespecificpermission)[] (ReadOnly): The resource-specific application permissions exposed by this application. Currently, resource-specific permissions are only supported for Teams apps accessing to specific chats and teams using Microsoft Graph. Read-only. * **samlSingleSignOnSettings**: [MicrosoftGraphSamlSingleSignOnSettings](#microsoftgraphsamlsinglesignonsettings): The collection for settings related to saml single sign-on. -* **servicePrincipalNames**: string[]: Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable +* **servicePrincipalNames**: string[]: Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable. * **servicePrincipalType**: string: Identifies whether the service principal represents an application, a managed identity, or a legacy application. This is set by Microsoft Entra ID internally. The servicePrincipalType property can be set to three different values: Application - A service principal that represents an application or service. The appId property identifies the associated app registration, and matches the appId of an application, possibly from a different tenant. If the associated app registration is missing, tokens aren't issued for the service principal.ManagedIdentity - A service principal that represents a managed identity. Service principals representing managed identities can be granted access and permissions, but can't be updated or modified directly.Legacy - A service principal that represents an app created before app registrations, or through legacy experiences. A legacy service principal can have credentials, service principal names, reply URLs, and other properties that are editable by an authorized user, but doesn't have an associated app registration. The appId value doesn't associate the service principal with an app registration. The service principal can only be used in the tenant where it was created.SocialIdp - For internal use. * **signInAudience**: string (ReadOnly): Specifies the Microsoft accounts that are supported for the current application. Read-only. Supported values are:AzureADMyOrg: Users with a Microsoft work or school account in my organization's Microsoft Entra tenant (single-tenant).AzureADMultipleOrgs: Users with a Microsoft work or school account in any organization's Microsoft Entra tenant (multitenant).AzureADandPersonalMicrosoftAccount: Users with a personal Microsoft account, or a work or school account in any organization's Microsoft Entra tenant.PersonalMicrosoftAccount: Users with a personal Microsoft account only. -* **tags**: string[]: Custom strings that can be used to categorize and identify the service principal. Not nullable +* **tags**: string[]: Custom strings that can be used to categorize and identify the service principal. Not nullable. * **tokenEncryptionKeyId**: string {minLength: 36, maxLength: 36, pattern: "^[0-9a-fA-F]{8}-([0-9a-fA-F]{4}-){3}[0-9a-fA-F]{12}$"}: Specifies the keyId of a public key from the keyCredentials collection. When configured, Microsoft Entra ID issues tokens for this application encrypted using the key specified by this property. The application code that receives the encrypted token must use the matching private key to decrypt the token before it can be used for the signed-in user. * **type**: 'Microsoft.Graph/servicePrincipals' (ReadOnly, DeployTimeConstant): The resource type * **verifiedPublisher**: [MicrosoftGraphVerifiedPublisher](#microsoftgraphverifiedpublisher): Specifies the verified publisher of the application that's linked to this service principal. @@ -170,19 +172,19 @@ * **Valid Scope(s)**: Unknown ### Properties * **apiVersion**: 'v1.0' (ReadOnly, DeployTimeConstant): The resource api version -* **businessPhones**: string[] (ReadOnly): The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory +* **businessPhones**: string[] (ReadOnly): The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory. * **deletedDateTime**: string (ReadOnly): Date and time when this object was deleted. Always null when the object hasn't been deleted. -* **displayName**: string (ReadOnly): The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters -* **givenName**: string (ReadOnly): The given name (first name) of the user. Maximum length is 64 characters +* **displayName**: string (ReadOnly): The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters. +* **givenName**: string (ReadOnly): The given name (first name) of the user. Maximum length is 64 characters. * **id**: string (ReadOnly): The unique identifier for an entity. Read-only. -* **jobTitle**: string (ReadOnly): The user's job title. Maximum length is 128 characters -* **mail**: string (ReadOnly): The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead -* **mobilePhone**: string (ReadOnly): The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters -* **officeLocation**: string (ReadOnly): The office location in the user's place of business -* **preferredLanguage**: string (ReadOnly): The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES' -* **surname**: string (ReadOnly): The user's surname (family name or last name). Maximum length is 64 characters +* **jobTitle**: string (ReadOnly): The user's job title. Maximum length is 128 characters. +* **mail**: string (ReadOnly): The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. +* **mobilePhone**: string (ReadOnly): The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters. +* **officeLocation**: string (ReadOnly): The office location in the user's place of business. +* **preferredLanguage**: string (ReadOnly): The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'. +* **surname**: string (ReadOnly): The user's surname (family name or last name). Maximum length is 64 characters. * **type**: 'Microsoft.Graph/users' (ReadOnly, DeployTimeConstant): The resource type -* **userPrincipalName**: string (Required, DeployTimeConstant, Identifier): The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies +* **userPrincipalName**: string (Required, DeployTimeConstant, Identifier): The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies. ## MicrosoftGraphAddIn ### Properties @@ -213,7 +215,7 @@ * **certificationDetailsUrl**: string: URL that shows certification details for the application. * **certificationExpirationDateTime**: string: The timestamp when the current certification for the application expires. * **isCertifiedByMicrosoft**: bool: Indicates whether the application is certified by Microsoft. -* **isPublisherAttested**: bool: Indicates whether the application has been self-attested by the application developer or the publisher. +* **isPublisherAttested**: bool: Indicates whether the application developer or publisher completed Publisher Attestation. * **lastCertificationDateTime**: string: The timestamp when the certification for the application was most recently added or updated. ## MicrosoftGraphImplicitGrantSettings @@ -224,10 +226,10 @@ ## MicrosoftGraphInformationalUrl ### Properties * **logoUrl**: string (ReadOnly): CDN URL to the application's logo, Read-only. -* **marketingUrl**: string: Link to the application's marketing page. For example, https://www.contoso.com/app/marketing -* **privacyStatementUrl**: string: Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy -* **supportUrl**: string: Link to the application's support page. For example, https://www.contoso.com/app/support -* **termsOfServiceUrl**: string: Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice +* **marketingUrl**: string: Link to the application's marketing page. For example, https://www.contoso.com/app/marketing. +* **privacyStatementUrl**: string: Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy. +* **supportUrl**: string: Link to the application's support page. For example, https://www.contoso.com/app/support. +* **termsOfServiceUrl**: string: Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice. ## MicrosoftGraphKeyCredential ### Properties @@ -249,7 +251,7 @@ ### Properties * **category**: string: Category of the provisioning error. Note: Currently, there is only one possible value. Possible value: PropertyConflict - indicates a property value is not unique. Other objects contain the same value for the property. * **occurredDateTime**: string: The date and time at which the error occurred. -* **propertyCausingError**: string: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress +* **propertyCausingError**: string: Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress. * **value**: string: Value of the property causing the error. ## MicrosoftGraphOptionalClaim diff --git a/msgraph-metadata b/msgraph-metadata index 8977cda..101fedf 160000 --- a/msgraph-metadata +++ b/msgraph-metadata @@ -1 +1 @@ -Subproject commit 8977cda9203a59f8fa2fcaaaeb087f1d69049000 +Subproject commit 101fedfd8ed5c3ae8cf082aa91695c24a026b1d2 diff --git a/src/swagger-generation/configs/beta/0.1.10-preview.yml b/src/swagger-generation/configs/beta/0.1.10-preview.yml index e4c8c82..316b445 100644 --- a/src/swagger-generation/configs/beta/0.1.10-preview.yml +++ b/src/swagger-generation/configs/beta/0.1.10-preview.yml @@ -146,6 +146,11 @@ EntityTypes: - certification - createdDateTime - publisherDomain + Relationships: + NeedsBatch: true + BulkLimit: 20 + Properties: + - owners - Name: microsoft.graph.servicePrincipal RootUri: /servicePrincipals Upsertable: true @@ -159,6 +164,11 @@ EntityTypes: - applicationTemplateId - appOwnerOrganizationId - signInAudience + Relationships: + NeedsBatch: true + BulkLimit: 20 + Properties: + - owners - Name: microsoft.graph.federatedIdentityCredential RootUri: /applications/federatedIdentityCredentials Upsertable: true @@ -167,7 +177,6 @@ EntityTypes: - audiences - issuer - name - - subject - Name: microsoft.graph.oAuth2PermissionGrant RootUri: /oauth2PermissionGrants Upsertable: false diff --git a/src/swagger-generation/configs/v1.0/0.1.10-preview.yml b/src/swagger-generation/configs/v1.0/0.1.10-preview.yml index a85d7d2..27d4696 100644 --- a/src/swagger-generation/configs/v1.0/0.1.10-preview.yml +++ b/src/swagger-generation/configs/v1.0/0.1.10-preview.yml @@ -134,6 +134,11 @@ EntityTypes: - certification - createdDateTime - publisherDomain + Relationships: + NeedsBatch: true + BulkLimit: 20 + Properties: + - owners - Name: microsoft.graph.servicePrincipal RootUri: /servicePrincipals Upsertable: true @@ -144,6 +149,11 @@ EntityTypes: - appOwnerOrganizationId - resourceSpecificApplicationPermissions - signInAudience + Relationships: + NeedsBatch: true + BulkLimit: 20 + Properties: + - owners - Name: microsoft.graph.federatedIdentityCredential RootUri: /applications/federatedIdentityCredentials Upsertable: true diff --git a/src/swagger-generation/output/metadata.json b/src/swagger-generation/output/metadata.json index 788ddb2..1b97af9 100644 --- a/src/swagger-generation/output/metadata.json +++ b/src/swagger-generation/output/metadata.json @@ -459,13 +459,33 @@ "isIdempotent": true, "updatable": true, "alternateKey": "uniqueName", - "isContainment": false + "isContainment": false, + "relationshipMetadata": { + "needsBatch": true, + "bulkLimit": 20, + "properties": [ + { + "name": "owners", + "type": "directoryObjects" + } + ] + } }, "v1.0": { "isIdempotent": true, "updatable": true, "alternateKey": "uniqueName", - "isContainment": false + "isContainment": false, + "relationshipMetadata": { + "needsBatch": true, + "bulkLimit": 20, + "properties": [ + { + "name": "owners", + "type": "directoryObjects" + } + ] + } } }, "servicePrincipals": { @@ -473,13 +493,33 @@ "isIdempotent": true, "updatable": true, "alternateKey": "appId", - "isContainment": false + "isContainment": false, + "relationshipMetadata": { + "needsBatch": true, + "bulkLimit": 20, + "properties": [ + { + "name": "owners", + "type": "directoryObjects" + } + ] + } }, "v1.0": { "isIdempotent": true, "updatable": true, "alternateKey": "appId", - "isContainment": false + "isContainment": false, + "relationshipMetadata": { + "needsBatch": true, + "bulkLimit": 20, + "properties": [ + { + "name": "owners", + "type": "directoryObjects" + } + ] + } } }, "applications/federatedIdentityCredentials": { diff --git a/src/swagger-generation/output/microsoftgraph-beta-0.1.10-preview.json b/src/swagger-generation/output/microsoftgraph-beta-0.1.10-preview.json index 4d9a6e8..e5cdafc 100644 --- a/src/swagger-generation/output/microsoftgraph-beta-0.1.10-preview.json +++ b/src/swagger-generation/output/microsoftgraph-beta-0.1.10-preview.json @@ -53,43 +53,43 @@ "items": { "type": "string" }, - "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory" + "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory." }, "displayName": { "type": "string", - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": "string", - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": "string", - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": "string", - "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": "string", - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory." }, "officeLocation": { "type": "string", - "description": "The office location in the user's place of business. Maximum length is 128 characters" + "description": "The office location in the user's place of business. Maximum length is 128 characters." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": "string", - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": "string", - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies", + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies.", "x-ms-graph-key": true, "x-constant-key": true } @@ -108,7 +108,7 @@ "properties": { "classification": { "type": "string", - "description": "Describes a classification for the group (such as low, medium or high business impact)" + "description": "Describes a classification for the group (such as low, medium or high business impact)." }, "cloudLicensing": { "$ref": "#/definitions/microsoft.graph.cloudLicensing.groupCloudLicensing", @@ -116,7 +116,7 @@ }, "createdByAppId": { "type": "string", - "description": "App ID of the app used to create the group. Can be null for some groups. Read-only", + "description": "App ID of the app used to create the group. Can be null for some groups. Read-only.", "readOnly": true }, "createdDateTime": { @@ -127,11 +127,11 @@ }, "description": { "type": "string", - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": "string", - "description": "The display name for the group. Required. Maximum length is 256 characters" + "description": "The display name for the group. Required. Maximum length is 256 characters." }, "expirationDateTime": { "type": "string", @@ -144,18 +144,18 @@ "items": { "type": "string" }, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "infoCatalogs": { "type": "array", "items": { "type": "string" }, - "description": "Identifies the info segments assigned to the group" + "description": "Identifies the info segments assigned to the group." }, "isAssignableToRole": { "type": "boolean", - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": "boolean", @@ -164,24 +164,24 @@ }, "mail": { "type": "string", - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only", + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only.", "readOnly": true }, "mailEnabled": { "type": "boolean", - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": "string", - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE." }, "membershipRule": { "type": "string", - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": "string", - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": "string", @@ -191,7 +191,7 @@ "onPremisesLastSyncDateTime": { "type": "string", "format": "date-time", - "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "onPremisesNetBiosName": { @@ -204,7 +204,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.onPremisesProvisioningError" }, - "description": "Errors when using Microsoft synchronization product during provisioning", + "description": "Errors when using Microsoft synchronization product during provisioning.", "readOnly": true }, "onPremisesSamAccountName": { @@ -214,12 +214,12 @@ }, "onPremisesSecurityIdentifier": { "type": "string", - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only", + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only.", "readOnly": true }, "onPremisesSyncEnabled": { "type": "boolean", - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only", + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only.", "readOnly": true }, "organizationId": { @@ -228,18 +228,18 @@ }, "preferredDataLocation": { "type": "string", - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": "array", "items": { "type": "string" }, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable", + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable.", "readOnly": true }, "renewedDateTime": { @@ -260,15 +260,15 @@ "items": { "type": "string" }, - "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options" + "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options." }, "securityEnabled": { "type": "boolean", - "description": "Specifies whether the group is a security group" + "description": "Specifies whether the group is a security group." }, "securityIdentifier": { "type": "string", - "description": "Security identifier of the group, used in Windows scenarios. Read-only", + "description": "Security identifier of the group, used in Windows scenarios. Read-only.", "readOnly": true }, "serviceProvisioningErrors": { @@ -280,11 +280,11 @@ }, "theme": { "type": "string", - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red." }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -298,11 +298,11 @@ }, "members": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." } }, "required": [ @@ -330,7 +330,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key", + "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key.", "readOnly": true }, "appRoles": { @@ -352,7 +352,7 @@ "createdDateTime": { "type": "string", "format": "date-time", - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "defaultRedirectUri": { @@ -361,15 +361,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": "string", @@ -380,11 +380,11 @@ "items": { "type": "string" }, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": "boolean", @@ -399,7 +399,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": "string", @@ -435,7 +435,7 @@ }, "publisherDomain": { "type": "string", - "description": "The verified publisher domain for the application. Read-only", + "description": "The verified publisher domain for the application. Read-only.", "readOnly": true }, "requestSignatureVerification": { @@ -447,7 +447,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.requiredResourceAccess" }, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": "string", @@ -463,7 +463,7 @@ }, "signInAudience": { "type": "string", - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first." }, "spa": { "$ref": "#/definitions/microsoft.graph.spaApplication", @@ -474,7 +474,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -483,7 +483,7 @@ }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -498,6 +498,10 @@ "windows": { "$ref": "#/definitions/microsoft.graph.windowsApplication", "description": "Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable." } }, "required": [ @@ -518,7 +522,7 @@ "properties": { "accountEnabled": { "type": "boolean", - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": "array", @@ -532,7 +536,7 @@ "items": { "type": "string" }, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": "string", @@ -544,7 +548,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the associated application (its appId property). Alternate key", + "description": "The unique identifier for the associated application (its appId property). Alternate key.", "x-ms-graph-key": true }, "applicationTemplateId": { @@ -555,12 +559,12 @@ "appOwnerOrganizationId": { "type": "string", "format": "uuid", - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications", + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications.", "readOnly": true }, "appRoleAssignmentRequired": { "type": "boolean", - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": "array", @@ -571,15 +575,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": "string", @@ -587,14 +591,14 @@ }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": "array", "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": "string", @@ -666,7 +670,7 @@ "items": { "type": "string" }, - "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": "string", @@ -682,7 +686,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -692,6 +696,10 @@ "verifiedPublisher": { "$ref": "#/definitions/microsoft.graph.verifiedPublisher", "description": "Specifies the verified publisher of the application that's linked to this service principal." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -716,6 +724,10 @@ }, "description": "The audience that can appear in the external token. This field is mandatory and should be set to api://AzureADTokenExchange for Microsoft Entra ID. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Microsoft Entra ID in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required." }, + "claimsMatchingExpression": { + "$ref": "#/definitions/microsoft.graph.federatedIdentityExpression", + "description": "Nullable. Defaults to null if not set. Enables the use of claims matching expressions against specified claims. If claimsMatchingExpression is defined, subject must be null. For the list of supported expression syntax and claims, visit the Flexible FIC reference." + }, "description": { "type": "string", "description": "The un-validated, user-provided description of the federated identity credential. It has a limit of 600 characters. Optional." @@ -726,19 +738,18 @@ }, "name": { "type": "string", - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable", + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable.", "x-ms-graph-key": true }, "subject": { "type": "string", - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters" + "description": "Nullable. Defaults to null if not set. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters. If subject is defined, claimsMatchingExpression must be null." } }, "required": [ "audiences", "issuer", - "name", - "subject" + "name" ], "x-ms-graph-resource": true } @@ -754,19 +765,19 @@ "properties": { "clientId": { "type": "string", - "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": "string", - "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": "string", - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": "string", - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": "string", @@ -785,7 +796,7 @@ "microsoft.graph.appRoleAssignment": { "allOf": [ { - "$ref": "#/definitions/microsoft.graph.entity" + "$ref": "#/definitions/microsoft.graph.directoryObject" }, { "type": "object", @@ -803,7 +814,7 @@ }, "principalDisplayName": { "type": "string", - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only", + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only.", "readOnly": true }, "principalId": { @@ -823,7 +834,7 @@ "resourceId": { "type": "string", "format": "uuid", - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." } }, "required": [ @@ -860,7 +871,7 @@ }, "isEnabled": { "type": "boolean", - "description": "When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed." + "description": "When you create or updating an app role, this value must be true. To delete a role, this must first be set to false. At that point, in a subsequent call, this role might be removed. Default value is true." }, "origin": { "type": "string", @@ -869,7 +880,7 @@ }, "value": { "type": "string", - "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .." + "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z, and a-z. Any other character, including the space character, aren't allowed. May not begin with .." } } }, @@ -883,19 +894,19 @@ }, "marketingUrl": { "type": "string", - "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": "string", - "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy." }, "supportUrl": { "type": "string", - "description": "Link to the application's support page. For example, https://www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https://www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": "string", - "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice." } } }, @@ -1034,7 +1045,7 @@ }, "propertyCausingError": { "type": "string", - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": "string", @@ -1070,7 +1081,7 @@ "properties": { "onPremisesGroupType": { "type": "string", - "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default" + "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default." } } } @@ -1147,7 +1158,7 @@ }, "isPublisherAttested": { "type": "boolean", - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": "string", @@ -1401,6 +1412,20 @@ } } }, + "microsoft.graph.federatedIdentityExpression": { + "type": "object", + "properties": { + "languageVersion": { + "type": "integer", + "format": "int32", + "description": "Indicated the language version to be used. Should always be set to 1. Required." + }, + "value": { + "type": "string", + "description": "Indicates the configured expression. Required." + } + } + }, "microsoft.graph.writebackConfiguration": { "type": "object", "properties": { @@ -1496,11 +1521,11 @@ "properties": { "key": { "type": "string", - "description": "Key." + "description": "Contains the name of the field that a value is associated with." }, "value": { "type": "string", - "description": "Value." + "description": "Contains the corresponding value for the specified key." } } }, diff --git a/src/swagger-generation/output/microsoftgraph-v1.0-0.1.10-preview.json b/src/swagger-generation/output/microsoftgraph-v1.0-0.1.10-preview.json index 49fea24..1b61cd0 100644 --- a/src/swagger-generation/output/microsoftgraph-v1.0-0.1.10-preview.json +++ b/src/swagger-generation/output/microsoftgraph-v1.0-0.1.10-preview.json @@ -53,43 +53,43 @@ "items": { "type": "string" }, - "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory" + "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory." }, "displayName": { "type": "string", - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": "string", - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": "string", - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": "string", - "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": "string", - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters." }, "officeLocation": { "type": "string", - "description": "The office location in the user's place of business" + "description": "The office location in the user's place of business." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": "string", - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": "string", - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies", + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies.", "x-ms-graph-key": true, "x-constant-key": true } @@ -108,7 +108,7 @@ "properties": { "classification": { "type": "string", - "description": "Describes a classification for the group (such as low, medium, or high business impact)" + "description": "Describes a classification for the group (such as low, medium, or high business impact)." }, "createdDateTime": { "type": "string", @@ -118,11 +118,11 @@ }, "description": { "type": "string", - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": "string", - "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters" + "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters." }, "expirationDateTime": { "type": "string", @@ -135,11 +135,11 @@ "items": { "type": "string" }, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "isAssignableToRole": { "type": "boolean", - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": "boolean", @@ -147,24 +147,24 @@ }, "mail": { "type": "string", - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only", + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only.", "readOnly": true }, "mailEnabled": { "type": "boolean", - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": "string", - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required." }, "membershipRule": { "type": "string", - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": "string", - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": "string", @@ -174,7 +174,7 @@ "onPremisesLastSyncDateTime": { "type": "string", "format": "date-time", - "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "onPremisesNetBiosName": { @@ -187,7 +187,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.onPremisesProvisioningError" }, - "description": "Errors when using Microsoft synchronization product during provisioning", + "description": "Errors when using Microsoft synchronization product during provisioning.", "readOnly": true }, "onPremisesSamAccountName": { @@ -197,28 +197,28 @@ }, "onPremisesSecurityIdentifier": { "type": "string", - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only", + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only.", "readOnly": true }, "onPremisesSyncEnabled": { "type": "boolean", - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only", + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only.", "readOnly": true }, "preferredDataLocation": { "type": "string", - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": "array", "items": { "type": "string" }, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable", + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable.", "readOnly": true }, "renewedDateTime": { @@ -229,11 +229,11 @@ }, "securityEnabled": { "type": "boolean", - "description": "Specifies whether the group is a security group. Required" + "description": "Specifies whether the group is a security group. Required." }, "securityIdentifier": { "type": "string", - "description": "Security identifier of the group, used in Windows scenarios. Read-only", + "description": "Security identifier of the group, used in Windows scenarios. Read-only.", "readOnly": true }, "serviceProvisioningErrors": { @@ -241,15 +241,15 @@ "items": { "$ref": "#/definitions/microsoft.graph.serviceProvisioningError" }, - "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object" + "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object." }, "theme": { "type": "string", - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red." }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -259,11 +259,11 @@ }, "members": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." } }, "required": [ @@ -298,7 +298,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key", + "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key.", "readOnly": true }, "applicationTemplateId": { @@ -321,7 +321,7 @@ "createdDateTime": { "type": "string", "format": "date-time", - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "defaultRedirectUri": { @@ -330,15 +330,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": "string", @@ -349,11 +349,11 @@ "items": { "type": "string" }, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": "boolean", @@ -368,7 +368,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": "string", @@ -404,7 +404,7 @@ }, "publisherDomain": { "type": "string", - "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain", + "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain.", "readOnly": true }, "requestSignatureVerification": { @@ -416,7 +416,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.requiredResourceAccess" }, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": "string", @@ -432,7 +432,7 @@ }, "signInAudience": { "type": "string", - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first." }, "spa": { "$ref": "#/definitions/microsoft.graph.spaApplication", @@ -443,7 +443,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -452,7 +452,7 @@ }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -463,6 +463,10 @@ "web": { "$ref": "#/definitions/microsoft.graph.webApplication", "description": "Specifies settings for a web application." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -483,7 +487,7 @@ "properties": { "accountEnabled": { "type": "boolean", - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": "array", @@ -497,7 +501,7 @@ "items": { "type": "string" }, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": "string", @@ -509,7 +513,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the associated application (its appId property). Alternate key", + "description": "The unique identifier for the associated application (its appId property). Alternate key.", "x-ms-graph-key": true }, "applicationTemplateId": { @@ -520,12 +524,12 @@ "appOwnerOrganizationId": { "type": "string", "format": "uuid", - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications", + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications.", "readOnly": true }, "appRoleAssignmentRequired": { "type": "boolean", - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": "array", @@ -540,15 +544,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": "string", @@ -556,14 +560,14 @@ }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": "array", "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": "string", @@ -630,7 +634,7 @@ "items": { "type": "string" }, - "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": "string", @@ -646,7 +650,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -656,6 +660,10 @@ "verifiedPublisher": { "$ref": "#/definitions/microsoft.graph.verifiedPublisher", "description": "Specifies the verified publisher of the application that's linked to this service principal." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -690,12 +698,12 @@ }, "name": { "type": "string", - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable", + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable.", "x-ms-graph-key": true }, "subject": { "type": "string", - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters" + "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters." } }, "required": [ @@ -718,19 +726,19 @@ "properties": { "clientId": { "type": "string", - "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": "string", - "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": "string", - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": "string", - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": "string", @@ -767,7 +775,7 @@ }, "principalDisplayName": { "type": "string", - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only", + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only.", "readOnly": true }, "principalId": { @@ -787,7 +795,7 @@ "resourceId": { "type": "string", "format": "uuid", - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." } }, "required": [ @@ -847,19 +855,19 @@ }, "marketingUrl": { "type": "string", - "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": "string", - "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy." }, "supportUrl": { "type": "string", - "description": "Link to the application's support page. For example, https://www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https://www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": "string", - "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice." } } }, @@ -977,7 +985,7 @@ }, "propertyCausingError": { "type": "string", - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": "string", @@ -1078,7 +1086,7 @@ }, "isPublisherAttested": { "type": "boolean", - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": "string", diff --git a/src/swagger-generation/src/deserializer.ts b/src/swagger-generation/src/deserializer.ts index 0b57608..5b6fd93 100644 --- a/src/swagger-generation/src/deserializer.ts +++ b/src/swagger-generation/src/deserializer.ts @@ -317,5 +317,11 @@ const filterDescription = (description: string, isAlternateKey: boolean): string return !hasUnhelpfulWord && !hasReadonlyForAlternateKey; }); - return filteredSentences.join('. ').trim(); + // Combine all sentences and add a trailing period if not already present + let combinedDescription = filteredSentences.join('. ').trim(); + if (combinedDescription && !combinedDescription.endsWith('.')) { + combinedDescription += '.'; + } + + return combinedDescription } \ No newline at end of file diff --git a/src/swagger-generation/tests/deserializer.test.ts b/src/swagger-generation/tests/deserializer.test.ts index 5b2fdb6..dadf41e 100644 --- a/src/swagger-generation/tests/deserializer.test.ts +++ b/src/swagger-generation/tests/deserializer.test.ts @@ -449,9 +449,9 @@ describe('constructDataStructure', () => { expect(propertyWithDescription).toBeDefined(); expect(propertyWithNoDescription).toBeDefined(); expect(altenernateKeyWithDescription).toBeDefined(); - expect(propertyWithDescription?.Description).toBe('Description of propertyName. Optional'); + expect(propertyWithDescription?.Description).toBe('Description of propertyName. Optional.'); expect(propertyWithNoDescription?.Description).toBe('') - expect(altenernateKeyWithDescription?.Description).toBe('Alternate key of the entity. Required'); + expect(altenernateKeyWithDescription?.Description).toBe('Alternate key of the entity. Required.'); }); it('should deserialize alternate keys', () => { diff --git a/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/beta/0.1.10-preview.json b/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/beta/0.1.10-preview.json index 4d9a6e8..e5cdafc 100644 --- a/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/beta/0.1.10-preview.json +++ b/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/beta/0.1.10-preview.json @@ -53,43 +53,43 @@ "items": { "type": "string" }, - "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory" + "description": "The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory." }, "displayName": { "type": "string", - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": "string", - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": "string", - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": "string", - "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": "string", - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory." }, "officeLocation": { "type": "string", - "description": "The office location in the user's place of business. Maximum length is 128 characters" + "description": "The office location in the user's place of business. Maximum length is 128 characters." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": "string", - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": "string", - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies", + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies.", "x-ms-graph-key": true, "x-constant-key": true } @@ -108,7 +108,7 @@ "properties": { "classification": { "type": "string", - "description": "Describes a classification for the group (such as low, medium or high business impact)" + "description": "Describes a classification for the group (such as low, medium or high business impact)." }, "cloudLicensing": { "$ref": "#/definitions/microsoft.graph.cloudLicensing.groupCloudLicensing", @@ -116,7 +116,7 @@ }, "createdByAppId": { "type": "string", - "description": "App ID of the app used to create the group. Can be null for some groups. Read-only", + "description": "App ID of the app used to create the group. Can be null for some groups. Read-only.", "readOnly": true }, "createdDateTime": { @@ -127,11 +127,11 @@ }, "description": { "type": "string", - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": "string", - "description": "The display name for the group. Required. Maximum length is 256 characters" + "description": "The display name for the group. Required. Maximum length is 256 characters." }, "expirationDateTime": { "type": "string", @@ -144,18 +144,18 @@ "items": { "type": "string" }, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "infoCatalogs": { "type": "array", "items": { "type": "string" }, - "description": "Identifies the info segments assigned to the group" + "description": "Identifies the info segments assigned to the group." }, "isAssignableToRole": { "type": "boolean", - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": "boolean", @@ -164,24 +164,24 @@ }, "mail": { "type": "string", - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only", + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only.", "readOnly": true }, "mailEnabled": { "type": "boolean", - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": "string", - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () / [] ' ; : <> , SPACE." }, "membershipRule": { "type": "string", - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": "string", - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": "string", @@ -191,7 +191,7 @@ "onPremisesLastSyncDateTime": { "type": "string", "format": "date-time", - "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "onPremisesNetBiosName": { @@ -204,7 +204,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.onPremisesProvisioningError" }, - "description": "Errors when using Microsoft synchronization product during provisioning", + "description": "Errors when using Microsoft synchronization product during provisioning.", "readOnly": true }, "onPremisesSamAccountName": { @@ -214,12 +214,12 @@ }, "onPremisesSecurityIdentifier": { "type": "string", - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only", + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only.", "readOnly": true }, "onPremisesSyncEnabled": { "type": "boolean", - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only", + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Read-only.", "readOnly": true }, "organizationId": { @@ -228,18 +228,18 @@ }, "preferredDataLocation": { "type": "string", - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo and Create a Microsoft 365 group with a specific PDL. Nullable." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": "array", "items": { "type": "string" }, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable", + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required for filter expressions on multi-valued properties. Read-only. Not nullable.", "readOnly": true }, "renewedDateTime": { @@ -260,15 +260,15 @@ "items": { "type": "string" }, - "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options" + "description": "Specifies the group resources that are associated with the Microsoft 365 group. The possible value is Team. For more information, see Microsoft 365 group behaviors and provisioning options." }, "securityEnabled": { "type": "boolean", - "description": "Specifies whether the group is a security group" + "description": "Specifies whether the group is a security group." }, "securityIdentifier": { "type": "string", - "description": "Security identifier of the group, used in Windows scenarios. Read-only", + "description": "Security identifier of the group, used in Windows scenarios. Read-only.", "readOnly": true }, "serviceProvisioningErrors": { @@ -280,11 +280,11 @@ }, "theme": { "type": "string", - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red." }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -298,11 +298,11 @@ }, "members": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "Direct group members, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." } }, "required": [ @@ -330,7 +330,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key", + "description": "The unique identifier for the application that is assigned by Microsoft Entra ID. Not nullable. Read-only. Alternate key.", "readOnly": true }, "appRoles": { @@ -352,7 +352,7 @@ "createdDateTime": { "type": "string", "format": "date-time", - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "defaultRedirectUri": { @@ -361,15 +361,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": "string", @@ -380,11 +380,11 @@ "items": { "type": "string" }, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application, such as it's marketing, support, terms of service, and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more information, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": "boolean", @@ -399,7 +399,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": "string", @@ -435,7 +435,7 @@ }, "publisherDomain": { "type": "string", - "description": "The verified publisher domain for the application. Read-only", + "description": "The verified publisher domain for the application. Read-only.", "readOnly": true }, "requestSignatureVerification": { @@ -447,7 +447,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.requiredResourceAccess" }, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": "string", @@ -463,7 +463,7 @@ }, "signInAudience": { "type": "string", - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you may need to change other properties first." }, "spa": { "$ref": "#/definitions/microsoft.graph.spaApplication", @@ -474,7 +474,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -483,7 +483,7 @@ }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -498,6 +498,10 @@ "windows": { "$ref": "#/definitions/microsoft.graph.windowsApplication", "description": "Specifies settings for apps running Microsoft Windows and published in the Microsoft Store or Xbox games store." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object. Read-only. Nullable." } }, "required": [ @@ -518,7 +522,7 @@ "properties": { "accountEnabled": { "type": "boolean", - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": "array", @@ -532,7 +536,7 @@ "items": { "type": "string" }, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": "string", @@ -544,7 +548,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the associated application (its appId property). Alternate key", + "description": "The unique identifier for the associated application (its appId property). Alternate key.", "x-ms-graph-key": true }, "applicationTemplateId": { @@ -555,12 +559,12 @@ "appOwnerOrganizationId": { "type": "string", "format": "uuid", - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications", + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications.", "readOnly": true }, "appRoleAssignmentRequired": { "type": "boolean", - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": "array", @@ -571,15 +575,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons may include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": "string", @@ -587,14 +591,14 @@ }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": "array", "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": "string", @@ -666,7 +670,7 @@ "items": { "type": "string" }, - "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. More values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": "string", @@ -682,7 +686,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -692,6 +696,10 @@ "verifiedPublisher": { "$ref": "#/definitions/microsoft.graph.verifiedPublisher", "description": "Specifies the verified publisher of the application that's linked to this service principal." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -716,6 +724,10 @@ }, "description": "The audience that can appear in the external token. This field is mandatory and should be set to api://AzureADTokenExchange for Microsoft Entra ID. It says what Microsoft identity platform should accept in the aud claim in the incoming token. This value represents Microsoft Entra ID in your external identity provider and has no fixed value across identity providers - you may need to create a new application registration in your identity provider to serve as the audience of this token. This field can only accept a single value and has a limit of 600 characters. Required." }, + "claimsMatchingExpression": { + "$ref": "#/definitions/microsoft.graph.federatedIdentityExpression", + "description": "Nullable. Defaults to null if not set. Enables the use of claims matching expressions against specified claims. If claimsMatchingExpression is defined, subject must be null. For the list of supported expression syntax and claims, visit the Flexible FIC reference." + }, "description": { "type": "string", "description": "The un-validated, user-provided description of the federated identity credential. It has a limit of 600 characters. Optional." @@ -726,19 +738,18 @@ }, "name": { "type": "string", - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable", + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. It is immutable once created. Alternate key. Required. Not nullable.", "x-ms-graph-key": true }, "subject": { "type": "string", - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters" + "description": "Nullable. Defaults to null if not set. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format, as each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique on the app. It has a limit of 600 characters. If subject is defined, claimsMatchingExpression must be null." } }, "required": [ "audiences", "issuer", - "name", - "subject" + "name" ], "x-ms-graph-resource": true } @@ -754,19 +765,19 @@ "properties": { "clientId": { "type": "string", - "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that is authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": "string", - "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates whether authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users may be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": "string", - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": "string", - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": "string", @@ -785,7 +796,7 @@ "microsoft.graph.appRoleAssignment": { "allOf": [ { - "$ref": "#/definitions/microsoft.graph.entity" + "$ref": "#/definitions/microsoft.graph.directoryObject" }, { "type": "object", @@ -803,7 +814,7 @@ }, "principalDisplayName": { "type": "string", - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only", + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only.", "readOnly": true }, "principalId": { @@ -823,7 +834,7 @@ "resourceId": { "type": "string", "format": "uuid", - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." } }, "required": [ @@ -860,7 +871,7 @@ }, "isEnabled": { "type": "boolean", - "description": "When creating or updating an app role, this must be set to true (which is the default). To delete a role, this must first be set to false. At that point, in a subsequent call, this role may be removed." + "description": "When you create or updating an app role, this value must be true. To delete a role, this must first be set to false. At that point, in a subsequent call, this role might be removed. Default value is true." }, "origin": { "type": "string", @@ -869,7 +880,7 @@ }, "value": { "type": "string", - "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z and a-z. Any other character, including the space character, aren't allowed. May not begin with .." + "description": "Specifies the value to include in the roles claim in ID tokens and access tokens authenticating an assigned user or service principal. Must not exceed 120 characters in length. Allowed characters are : ! # $ % & ' ( ) * + , -. / : ; = ? @ [ ] ^ + _ { } ~, and characters in the ranges 0-9, A-Z, and a-z. Any other character, including the space character, aren't allowed. May not begin with .." } } }, @@ -883,19 +894,19 @@ }, "marketingUrl": { "type": "string", - "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": "string", - "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy." }, "supportUrl": { "type": "string", - "description": "Link to the application's support page. For example, https://www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https://www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": "string", - "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice." } } }, @@ -1034,7 +1045,7 @@ }, "propertyCausingError": { "type": "string", - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": "string", @@ -1070,7 +1081,7 @@ "properties": { "onPremisesGroupType": { "type": "string", - "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default" + "description": "Indicates the target on-premises group type the cloud object is written back as. Nullable. The possible values are: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup.If the cloud group is a unified (Microsoft 365) group, this property can be one of the following: universalDistributionGroup, universalSecurityGroup, universalMailEnabledSecurityGroup. Microsoft Entra security groups can be written back as universalSecurityGroup. If isEnabled or the NewUnifiedGroupWritebackDefault group setting is true but this property isn't explicitly configured: Microsoft 365 groups are written back as universalDistributionGroup by defaultSecurity groups are written back as universalSecurityGroup by default." } } } @@ -1147,7 +1158,7 @@ }, "isPublisherAttested": { "type": "boolean", - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": "string", @@ -1401,6 +1412,20 @@ } } }, + "microsoft.graph.federatedIdentityExpression": { + "type": "object", + "properties": { + "languageVersion": { + "type": "integer", + "format": "int32", + "description": "Indicated the language version to be used. Should always be set to 1. Required." + }, + "value": { + "type": "string", + "description": "Indicates the configured expression. Required." + } + } + }, "microsoft.graph.writebackConfiguration": { "type": "object", "properties": { @@ -1496,11 +1521,11 @@ "properties": { "key": { "type": "string", - "description": "Key." + "description": "Contains the name of the field that a value is associated with." }, "value": { "type": "string", - "description": "Value." + "description": "Contains the corresponding value for the specified key." } } }, diff --git a/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/v1.0/0.1.10-preview.json b/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/v1.0/0.1.10-preview.json index 49fea24..1b61cd0 100644 --- a/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/v1.0/0.1.10-preview.json +++ b/swagger/specification/microsoftgraph/resource-manager/microsoftgraph/preview/v1.0/0.1.10-preview.json @@ -53,43 +53,43 @@ "items": { "type": "string" }, - "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory" + "description": "The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory." }, "displayName": { "type": "string", - "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters" + "description": "The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters." }, "givenName": { "type": "string", - "description": "The given name (first name) of the user. Maximum length is 64 characters" + "description": "The given name (first name) of the user. Maximum length is 64 characters." }, "jobTitle": { "type": "string", - "description": "The user's job title. Maximum length is 128 characters" + "description": "The user's job title. Maximum length is 128 characters." }, "mail": { "type": "string", - "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead" + "description": "The SMTP address for the user, for example, jeff@contoso.com. Changes to this property update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead." }, "mobilePhone": { "type": "string", - "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters" + "description": "The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters." }, "officeLocation": { "type": "string", - "description": "The office location in the user's place of business" + "description": "The office location in the user's place of business." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'" + "description": "The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'." }, "surname": { "type": "string", - "description": "The user's surname (family name or last name). Maximum length is 64 characters" + "description": "The user's surname (family name or last name). Maximum length is 64 characters." }, "userPrincipalName": { "type": "string", - "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies", + "description": "The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies.", "x-ms-graph-key": true, "x-constant-key": true } @@ -108,7 +108,7 @@ "properties": { "classification": { "type": "string", - "description": "Describes a classification for the group (such as low, medium, or high business impact)" + "description": "Describes a classification for the group (such as low, medium, or high business impact)." }, "createdDateTime": { "type": "string", @@ -118,11 +118,11 @@ }, "description": { "type": "string", - "description": "An optional description for the group" + "description": "An optional description for the group." }, "displayName": { "type": "string", - "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters" + "description": "The display name for the group. This property is required when a group is created and can't be cleared during updates. Maximum length is 256 characters." }, "expirationDateTime": { "type": "string", @@ -135,11 +135,11 @@ "items": { "type": "string" }, - "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static" + "description": "Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or a distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static." }, "isAssignableToRole": { "type": "boolean", - "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license" + "description": "Indicates whether this group can be assigned to a Microsoft Entra role. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group can't be a dynamic group (that is, groupTypes can't contain DynamicMembership). Only callers with at least the Privileged Role Administrator role can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Microsoft Entra role assignmentsUsing this feature requires a Microsoft Entra ID P1 license." }, "isManagementRestricted": { "type": "boolean", @@ -147,24 +147,24 @@ }, "mail": { "type": "string", - "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only", + "description": "The SMTP address for the group, for example, 'serviceadmins@contoso.com'. Read-only.", "readOnly": true }, "mailEnabled": { "type": "boolean", - "description": "Specifies whether the group is mail-enabled. Required" + "description": "Specifies whether the group is mail-enabled. Required." }, "mailNickname": { "type": "string", - "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required" + "description": "The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following characters: @ () / [] ' ; : <> , SPACE. Required." }, "membershipRule": { "type": "string", - "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax" + "description": "The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax." }, "membershipRuleProcessingState": { "type": "string", - "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused" + "description": "Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused." }, "onPremisesDomainName": { "type": "string", @@ -174,7 +174,7 @@ "onPremisesLastSyncDateTime": { "type": "string", "format": "date-time", - "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "Indicates the last time at which the group was synced with the on-premises directory. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on January 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "onPremisesNetBiosName": { @@ -187,7 +187,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.onPremisesProvisioningError" }, - "description": "Errors when using Microsoft synchronization product during provisioning", + "description": "Errors when using Microsoft synchronization product during provisioning.", "readOnly": true }, "onPremisesSamAccountName": { @@ -197,28 +197,28 @@ }, "onPremisesSecurityIdentifier": { "type": "string", - "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only", + "description": "Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only.", "readOnly": true }, "onPremisesSyncEnabled": { "type": "boolean", - "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only", + "description": "true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never synced from an on-premises directory (default). Read-only.", "readOnly": true }, "preferredDataLocation": { "type": "string", - "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable" + "description": "The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the Directory.ReadWrite.All permission and the user be assigned at least one of the following Microsoft Entra roles: User Account Administrator Directory Writer Exchange Administrator SharePoint Administrator For more information about this property, see OneDrive Online Multi-Geo. Nullable." }, "preferredLanguage": { "type": "string", - "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US" + "description": "The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, en-US." }, "proxyAddresses": { "type": "array", "items": { "type": "string" }, - "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable", + "description": "Email addresses for the group that direct to the same group mailbox. For example: ['SMTP: bob@contoso.com', 'smtp: bob@sales.contoso.com']. The any operator is required to filter expressions on multi-valued properties. Read-only. Not nullable.", "readOnly": true }, "renewedDateTime": { @@ -229,11 +229,11 @@ }, "securityEnabled": { "type": "boolean", - "description": "Specifies whether the group is a security group. Required" + "description": "Specifies whether the group is a security group. Required." }, "securityIdentifier": { "type": "string", - "description": "Security identifier of the group, used in Windows scenarios. Read-only", + "description": "Security identifier of the group, used in Windows scenarios. Read-only.", "readOnly": true }, "serviceProvisioningErrors": { @@ -241,15 +241,15 @@ "items": { "$ref": "#/definitions/microsoft.graph.serviceProvisioningError" }, - "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object" + "description": "Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a group object." }, "theme": { "type": "string", - "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red" + "description": "Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange, or Red." }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to a group and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -259,11 +259,11 @@ }, "members": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable" + "description": "The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable." }, "owners": { "$ref": "#/definitions/microsoft.graph.relationship", - "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue" + "description": "The owners of the group who can be users or service principals. Limited to 100 owners. Nullable. If this property isn't specified when creating a Microsoft 365 group the calling user (admin or non-admin) is automatically assigned as the group owner. A non-admin user can't explicitly add themselves to this collection when they're creating the group. For more information, see the related known issue. For security groups, the admin user isn't automatically added to this collection. For more information, see the related known issue." } }, "required": [ @@ -298,7 +298,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key", + "description": "The unique identifier for the application that is assigned to an application by Microsoft Entra ID. Not nullable. Read-only. Alternate key.", "readOnly": true }, "applicationTemplateId": { @@ -321,7 +321,7 @@ "createdDateTime": { "type": "string", "format": "date-time", - "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only", + "description": "The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.", "readOnly": true }, "defaultRedirectUri": { @@ -330,15 +330,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide a description of the application object to end users. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the application. Maximum length is 256 characters" + "description": "The display name for the application. Maximum length is 256 characters." }, "groupMembershipClaims": { "type": "string", @@ -349,11 +349,11 @@ "items": { "type": "string" }, - "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable" + "description": "Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you reference in your API's code, and it must be globally unique. You can use the default value provided, which is in the form api://, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Microsoft Entra application registration security best practices. Not nullable." }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "isDeviceOnlyAuthSupported": { "type": "boolean", @@ -368,7 +368,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the application. Not nullable" + "description": "The collection of key credentials associated with the application. Not nullable." }, "logo": { "type": "string", @@ -404,7 +404,7 @@ }, "publisherDomain": { "type": "string", - "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain", + "description": "The verified publisher domain for the application. Read-only. For more information, see How to: Configure an application's publisher domain.", "readOnly": true }, "requestSignatureVerification": { @@ -416,7 +416,7 @@ "items": { "$ref": "#/definitions/microsoft.graph.requiredResourceAccess" }, - "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable" + "description": "Specifies the resources that the application needs to access. This property also specifies the set of delegated permissions and application roles that it needs for each of those resources. This configuration of access to the required resources drives the consent experience. No more than 50 resource services (APIs) can be configured. Beginning mid-October 2021, the total number of required permissions must not exceed 400. For more information, see Limits on requested permissions per app. Not nullable." }, "samlMetadataUrl": { "type": "string", @@ -432,7 +432,7 @@ }, "signInAudience": { "type": "string", - "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first" + "description": "Specifies the Microsoft accounts that are supported for the current application. The possible values are: AzureADMyOrg (default), AzureADMultipleOrgs, AzureADandPersonalMicrosoftAccount, and PersonalMicrosoftAccount. See more in the table. The value of this object also limits the number of permissions an app can request. For more information, see Limits on requested permissions per app. The value for this property has implications on other app object properties. As a result, if you change this property, you might need to change other properties first." }, "spa": { "$ref": "#/definitions/microsoft.graph.spaApplication", @@ -443,7 +443,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the application. Not nullable" + "description": "Custom strings that can be used to categorize and identify the application. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -452,7 +452,7 @@ }, "uniqueName": { "type": "string", - "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable", + "description": "The unique identifier that can be assigned to an application and used as an alternate key. Immutable.", "x-ms-graph-key": true, "x-constant-key": true }, @@ -463,6 +463,10 @@ "web": { "$ref": "#/definitions/microsoft.graph.webApplication", "description": "Specifies settings for a web application." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this application. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -483,7 +487,7 @@ "properties": { "accountEnabled": { "type": "boolean", - "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it" + "description": "true if the service principal account is enabled; otherwise, false. If set to false, then no users are able to sign in to this app, even if they're assigned to it." }, "addIns": { "type": "array", @@ -497,7 +501,7 @@ "items": { "type": "string" }, - "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities" + "description": "Used to retrieve service principals by subscription, identify resource group and full resource IDs for managed identities." }, "appDescription": { "type": "string", @@ -509,7 +513,7 @@ }, "appId": { "type": "string", - "description": "The unique identifier for the associated application (its appId property). Alternate key", + "description": "The unique identifier for the associated application (its appId property). Alternate key.", "x-ms-graph-key": true }, "applicationTemplateId": { @@ -520,12 +524,12 @@ "appOwnerOrganizationId": { "type": "string", "format": "uuid", - "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications", + "description": "Contains the tenant ID where the application is registered. This is applicable only to service principals backed by applications.", "readOnly": true }, "appRoleAssignmentRequired": { "type": "boolean", - "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable" + "description": "Specifies whether users or other service principals need to be granted an app role assignment for this service principal before users can sign in or apps can get tokens. The default value is false. Not nullable." }, "appRoles": { "type": "array", @@ -540,15 +544,15 @@ }, "description": { "type": "string", - "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters" + "description": "Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps displays the application description in this field. The maximum allowed size is 1,024 characters." }, "disabledByMicrosoftStatus": { "type": "string", - "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)" + "description": "Specifies whether Microsoft has disabled the registered application. Possible values are: null (default value), NotDisabled, and DisabledDueToViolationOfServicesAgreement (reasons include suspicious, abusive, or malicious activity, or a violation of the Microsoft Services Agreement)." }, "displayName": { "type": "string", - "description": "The display name for the service principal" + "description": "The display name for the service principal." }, "homepage": { "type": "string", @@ -556,14 +560,14 @@ }, "info": { "$ref": "#/definitions/microsoft.graph.informationalUrl", - "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps" + "description": "Basic profile information of the acquired application such as app's marketing, support, terms of service and privacy statement URLs. The terms of service and privacy statement are surfaced to users through the user consent experience. For more info, see How to: Add Terms of service and privacy statement for registered Microsoft Entra apps." }, "keyCredentials": { "type": "array", "items": { "$ref": "#/definitions/microsoft.graph.keyCredential" }, - "description": "The collection of key credentials associated with the service principal. Not nullable" + "description": "The collection of key credentials associated with the service principal. Not nullable." }, "loginUrl": { "type": "string", @@ -630,7 +634,7 @@ "items": { "type": "string" }, - "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable" + "description": "Contains the list of identifiersUris, copied over from the associated application. Additional values can be added to hybrid applications. These values can be used to identify the permissions exposed by this app within Microsoft Entra ID. For example,Client apps can specify a resource URI that is based on the values of this property to acquire an access token, which is the URI returned in the 'aud' claim.The any operator is required for filter expressions on multi-valued properties. Not nullable." }, "servicePrincipalType": { "type": "string", @@ -646,7 +650,7 @@ "items": { "type": "string" }, - "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable" + "description": "Custom strings that can be used to categorize and identify the service principal. Not nullable." }, "tokenEncryptionKeyId": { "type": "string", @@ -656,6 +660,10 @@ "verifiedPublisher": { "$ref": "#/definitions/microsoft.graph.verifiedPublisher", "description": "Specifies the verified publisher of the application that's linked to this service principal." + }, + "owners": { + "$ref": "#/definitions/microsoft.graph.relationship", + "description": "Directory objects that are owners of this servicePrincipal. The owners are a set of nonadmin users or servicePrincipals who are allowed to modify this object." } }, "required": [ @@ -690,12 +698,12 @@ }, "name": { "type": "string", - "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable", + "description": "The unique identifier for the federated identity credential, which has a limit of 120 characters and must be URL friendly. The string is immutable after it's created. Alternate key. Required. Not nullable.", "x-ms-graph-key": true }, "subject": { "type": "string", - "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters" + "description": "Required. The identifier of the external software workload within the external identity provider. Like the audience value, it has no fixed format; each identity provider uses their own - sometimes a GUID, sometimes a colon delimited identifier, sometimes arbitrary strings. The value here must match the sub claim within the token presented to Microsoft Entra ID. The combination of issuer and subject must be unique within the app. It has a limit of 600 characters." } }, "required": [ @@ -718,19 +726,19 @@ "properties": { "clientId": { "type": "string", - "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required" + "description": "The object id (not appId) of the client service principal for the application that's authorized to act on behalf of a signed-in user when accessing an API. Required." }, "consentType": { "type": "string", - "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required" + "description": "Indicates if authorization is granted for the client application to impersonate all users or only a specific user. AllPrincipals indicates authorization to impersonate all users. Principal indicates authorization to impersonate a specific user. Consent on behalf of all users can be granted by an administrator. Nonadmin users might be authorized to consent on behalf of themselves in some cases, for some delegated permissions. Required." }, "principalId": { "type": "string", - "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal" + "description": "The id of the user on behalf of whom the client is authorized to access the resource, when consentType is Principal. If consentType is AllPrincipals this value is null. Required when consentType is Principal." }, "resourceId": { "type": "string", - "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user" + "description": "The id of the resource service principal to which access is authorized. This identifies the API that the client is authorized to attempt to call on behalf of a signed-in user." }, "scope": { "type": "string", @@ -767,7 +775,7 @@ }, "principalDisplayName": { "type": "string", - "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only", + "description": "The display name of the user, group, or service principal that was granted the app role assignment. Maximum length is 256 characters. Read-only.", "readOnly": true }, "principalId": { @@ -787,7 +795,7 @@ "resourceId": { "type": "string", "format": "uuid", - "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create" + "description": "The unique identifier (id) for the resource service principal for which the assignment is made. Required on create." } }, "required": [ @@ -847,19 +855,19 @@ }, "marketingUrl": { "type": "string", - "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing" + "description": "Link to the application's marketing page. For example, https://www.contoso.com/app/marketing." }, "privacyStatementUrl": { "type": "string", - "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy" + "description": "Link to the application's privacy statement. For example, https://www.contoso.com/app/privacy." }, "supportUrl": { "type": "string", - "description": "Link to the application's support page. For example, https://www.contoso.com/app/support" + "description": "Link to the application's support page. For example, https://www.contoso.com/app/support." }, "termsOfServiceUrl": { "type": "string", - "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice" + "description": "Link to the application's terms of service statement. For example, https://www.contoso.com/app/termsofservice." } } }, @@ -977,7 +985,7 @@ }, "propertyCausingError": { "type": "string", - "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress" + "description": "Name of the directory property causing the error. Current possible values: UserPrincipalName or ProxyAddress." }, "value": { "type": "string", @@ -1078,7 +1086,7 @@ }, "isPublisherAttested": { "type": "boolean", - "description": "Indicates whether the application has been self-attested by the application developer or the publisher." + "description": "Indicates whether the application developer or publisher completed Publisher Attestation." }, "lastCertificationDateTime": { "type": "string",