What's new in Microsoft Graph
Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.
For more detailed API-level updates, see the Microsoft Graph API changelog.
For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.
Important
Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.
April 2024: New and generally available
Applications
Updated the default value for signInAudience for new applications from
AzureADandPersonalMicrosoftAccount
toAzureADMyOrg
. Going forward, if you don't explicitly assign a value to the property during app creation, the app is automatically assigned the valueAzureADMyOrg
.Added the support for adding password secrets to applications during app creation. Previously, you could only add secrets to existing apps through the Update application or the addPassword operations.
Use the upsert capability to create an application, federatedIdentityCredential, or servicePrincipal if it doesn't exist, or update an existing object, by using a client-provided key. For more information, see the following API operations:
Identity and access | Governance
Use the Create operation on the workflow resource to create now up to 100 workflows that is an increase from the previous limit of 50.
Identity and access | Identity and sign-in
- Configure the default identity provider to use in redemption flow settings for Microsoft Entra ID B2B collaboration.
- Use a custom authentication extension to manage the configuration and get data from a system external to Microsoft Entra ID, such as a database, so to customize the authentication experience for users. This feature is available for both Microsoft Entra for workforce tenants and Microsoft Entra External ID.
- To customize an authentication process, use an authentication event listener to manage listeners and handlers that trigger the execution of custom logic during the authentication experience. This feature is available for both Microsoft Entra for workforce tenants and Microsoft Entra External ID.
- Multiple tenants in Microsoft Entra ID can now collaborate seamlessly as a single entity by using multi-tenant organization APIs. Set up and manage a multi-tenant organization, and configure cross-tenant policies for multi-tenant organization tenants through policy templates.
Groups
Added the upsert capability to the group resource type. Use this capability to create a group if it doesn't exist, or update an existing group, by using the uniqueName client-provided key.
Security | Legacy alerts
The /security/alerts
endpoint is deprecated and will stop returning data on April 10, 2026.
Sites and lists
You can now:
- Track changes for SharePoint site resources.
- Track changes for SharePoint list item resources.
Work with site pages and horizonal and vertical sections of pages.
Users
Associate users or groups as sponsors for a guest user's privileges in the tenant and keep the guest user's information and access updated. You can assign a sponsor, list sponsors, and remove a sponsor.
April 2024: New in preview only
Device and app management | Cloud PC
- Use the allotmentDisplayName property on cloudPC to divide tenant licenses into smaller batches or groups that help restrict the number of licenses available for use in a specific assignment.
- Deprecated the type property on cloudPcAuditResource in favor of the resourceType property.
- Deprecated the
shared
member on cloudPcProvisioningType in favor of thesharedByUser
member. - Added the
sharedbyEntraGroup
member as a new provisioning type under cloudPcProvisioningType.
Identity and access | Governance
Use the Create operation on the workflow resource to create now up to 100 workflows that is an increase from the previous limit of 50.
Identity and access | Network access
Updated the definition of physical locations for customer premises equipment in the Global Secure Access services from the branchSite resource type to the remoteNetwork resource type. The branchSite resource type and its associated properties, relationships, and endpoints are deprecated will be retired soon. Use the remoteNetwork resource type and its associated properties, relationships, and endpoints.
Industry data ETL
The outbound provisioning flow set, which represents a collection of outbound provisioning flows used to configure how school data sync populates data in Microsoft 365 and Microsoft Entra ID, is now generally available.
An outbound provisioning flow set can contain no more than one of each provisioning flow configuration: userProvisioningFlow, classGroupProvisioingFlow, securityGroupProvisioingFlow, administrativeUnitProvisioingFlow.
When calling the industry data ETL API, take advantage of more granular permissions added for reading or writing outbound provisioning flow set data by using the new permissions IndustryData-OutboundFlow.Read.All
and IndustryData-OutboundFlow.ReadWrite.All
.
People and workplace intelligence | People
Deprecated the /organization/{organizationId}/settings/itemInsights
endpoint in favor of the new peopleAdminSettings resource and introduced the List method on the peopleAdminSettings resource.
Reports | Identity and access reports
- Added the
nativeAuth
member as a supported protocol type to the authenticationProtocol in the signIn resource. - The previously deprecated activeUsersBreakdownMetric resource and its associated APIs are now retired. To get insights into daily and monthly user activity on apps registered in your tenant that's configured for Microsoft Entra External ID for customers, use the activeUsersMetric resource type and its associated APIs.
Security | Legacy alerts
The /security/alerts
endpoint is deprecated and will stop returning data on April 10, 2026.
Security | Threat intelligence indicator
The /security/tiindicators
endpoint is deprecated and will stop returning data on April 10, 2026.
Teamwork and communications | Calls and online meetings
A town hall is a type of meeting available in Microsoft Teams. Whether you're marking milestone achievements within your organization or covering an election, town hall features enable you to provide high-quality production experiences to large audiences. You can create, publish, and cancel town hall meetings by using the following APIs:
For more information about town hall APIs, see virtualEventTownhall.
Teamwork and communications | Messaging
Send chatMessage in a channel or a chat with a file attachment in it using file share link.
March 2024: New and generally available
Applications
Perform a bulk upload as a synchronization job to ingest data into the Microsoft Entra ID synchronization service.
Cross-device experiences
Added the ability to list and get Windows settings and Windows settings instances.
Device and app management | Cloud PC
- List, get, end grace period, reboot, rename, restore, and troubleshoot operations are now available on cloudPC.
- List and get operations are now available on cloudPcAuditEvent.
- List, get, create, update, delete, and assign provisioning policies operations are now available on cloudPcProvisioningPolicy.
- List, get, create, update, delete, and assign user settings operations are now available on cloudPcUserSetting.
- List, get, create, delete, and get source images operations are now available on cloudPcDeviceImage.
- List and get operations are now available on cloudPcGalleryImage.
Education | Assignment
Enabled the $expand
query parameter for the Get educationAssignment method.
Identity and access | Directory management
- The organization entity now returns the
CIAM
tenantType to identify tenants that are set up as Microsoft Entra ID for customers tenants, a customer identity & access management (CIAM) solution. - New properties set by Intune on the device resource: enrollmentType, isRooted, and managementType.
Reports | Partner billing reports
Use the billedReconciliation: export API to access billed invoice reconciliation data.
March 2024: New in preview only
Security | Attack simulation and training
Use the training campaign API to directly assign security trainings to users.
Applications
Use the upsert capability to create an application, federatedIdentityCredential, or servicePrincipal if it doesn't exist, or update an existing object, by using a client-provided key. For more information, see the following API operations:
Device and app management | Cloud PC
- Apply the current provisioning policy configuration across all Cloud PC devices under a specified policy.
- Update the provisioning policy configuration for a specific set of Cloud PC devices using their IDs.
- Added the ability to mark specified alertRecord objects as sent via the isPortalNotificationSent property.
- Run bulk power-off, power-on, reprovision, resize, restart, restore, and troubleshoot actions on Cloud PC devices using their IDs.
Deprecated the following properties:
- type property on cloudPcOnPremisesConnection; use the connectionType property instead.
- healthCheckStatusDetails property on cloudPcOnPremisesConnection; use the healthCheckStatusDetail property instead.
- additionalDetails property on cloudPcOnPremisesConnectionHealthCheck; use the additionalDetail property instead.
- domainJoinConfiguration property on cloudPcProvisioningPolicy in favor of the domainJoinConfigurations property.
- onPremisesConnectionId property on cloudPcProvisioningPolicy in favor of the domainJoinConfigurations property.
Device and app management | Device updates
Added methods to the Windows Updates API for Windows products, including retrieval of known issues by time range, finding product revisions by catalog ID, and by knowledge base number.
Files
Use the Get file by contentStream method to download file content directly instead of getting a 302
redirect URL.
Groups
Added the upsert capability to the group resource type. Use this capability to create a group if it doesn't exist, or update an existing group, by using the uniqueName client-provided key.
Identity and access | Identity and sign-in
Use the federatedTokenValidationPolicy resource type and its associated methods to manage whether Microsoft Entra ID validates federation authentication tokens.
Security | Email and collaboration protection
Added the ability to list emails analyzed by Microsoft Defender for Office 365, get email related metadata, and perform response actions (soft delete, hard delete, move to junk, move to Inbox).
Security | Identities
Added the ability to get, get list, update Microsoft Defender for Identity health issues.
Users
Added the ability to convert an external user to an internal member user using the user: convertExternalToInternalMemberUser API. This conversion allows the converted users to maintain their existing user object and access, while gaining the full privileges of an internal member user in the tenant.
Contribute to Microsoft Graph
Are there scenarios you'd like Microsoft Graph to support?
Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (
https://graph.microsoft.com/beta
) and v1.0 (https://graph.microsoft.com/v1.0
) endpoints.Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. Visit the Microsoft 365 and Power Platform community page to discover the full calendar of developer calls.
Join our research panel to provide your input on our developer experiences.
Related content
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for