Microsoft.Graph.Beta.Users.Actions
Microsoft.Graph.Beta.Users.Actions
| Clear-MgBetaUserAndBlockManagedApp |
Blocks the managed app user from app check-in. |
| Clear-MgBetaUserManagedAppRegistrationByAzureAdDeviceId |
Issues a wipe operation on an app registration with specified aad device Id. |
| Clear-MgBetaUserManagedAppRegistrationByDeviceTag |
Issues a wipe operation on an app registration with specified device tag. |
| Confirm-MgBetaUserMemberGroup |
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified user, group, service principal, organizational contact, device, or directory object is a member. This function is transitive. You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Microsoft Entra ID. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct. Note To view the v1.0 release of this cmdlet, view Confirm-MgUserMemberGroup |
| Confirm-MgBetaUserMemberObject |
Invoke action checkMemberObjects Note To view the v1.0 release of this cmdlet, view Confirm-MgUserMemberObject |
| Convert-MgBetaUserExternalToInternalMemberUser |
Convert an externally authenticated user into an internal user. The user is able to sign into the host tenant as an internal user and access resources as a member. For more information about this conversion, see Convert external users to internal users. |
| Export-MgBetaUserPersonalData |
Submit a data policy operation request from a company administrator or an application to export an organizational user's data. This data includes the user's data stored in OneDrive and their activity reports. For more information about exporting data while complying with regulations, see Data Subject Requests and the GDPR and CCPA. Note To view the v1.0 release of this cmdlet, view Export-MgUserPersonalData |
| Find-MgBetaUserMeetingTime |
Suggest meeting times and locations based on organizer and attendee availability, and time or location constraints specified as parameters. If findMeetingTimes cannot return any meeting suggestions, the response would indicate a reason in the emptySuggestionsReason property.Based on this value, you can better adjust the parameters and call findMeetingTimes again. The algorithm used to suggest meeting times and locations undergoes fine-tuning from time to time. In scenarios like test environments where the input parameters and calendar data remain static, expect that the suggested results may differ over time. Note To view the v1.0 release of this cmdlet, view Find-MgUserMeetingTime |
| Get-MgBetaUserById |
Return the directory objects specified in a list of IDs. Some common uses for this function are to: Note To view the v1.0 release of this cmdlet, view Get-MgUserById |
| Get-MgBetaUserMailTip |
Get the MailTips of one or more recipients as available to the signed-in user. Note that by making a POST call to the getMailTips action, you can request specific types of MailTips tobe returned for more than one recipient at one time. The requested MailTips are returned in a mailTips collection. Note To view the v1.0 release of this cmdlet, view Get-MgUserMailTip |
| Get-MgBetaUserMemberGroup |
Return all the group IDs for the groups that the specified user, group, service principal, organizational contact, device, or directory object is a member of. This function is transitive. This API returns up to 11,000 group IDs. If more than 11,000 results are available, it returns a 400 Bad Request error with the DirectoryResultSizeLimitExceeded error code. If you get the DirectoryResultSizeLimitExceeded error code, use the List group transitive memberOf API instead. Note To view the v1.0 release of this cmdlet, view Get-MgUserMemberGroup |
| Get-MgBetaUserMemberObject |
Invoke action getMemberObjects Note To view the v1.0 release of this cmdlet, view Get-MgUserMemberObject |
| Get-MgBetaUserOwnedObjectByType |
Retrieve a list of recently deleted application and group objects owned by the specified user. This API returns up to 1,000 deleted objects owned by the user, sorted by ID, and doesn't support pagination. |
| Get-MgBetaUserPasswordSingleSignOnCredential |
Get the list of password-based single sign-on credentials for a given user. This API returns the encrypted passwords as null or empty strings. |
| Invoke-MgBetaInvalidateAllUserRefreshToken |
Invalidates all of the user's refresh tokens issued to applications and session cookies in a user's browser, by resetting the refreshTokensValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation would prevent access to any of the organization's data accessed through applications on the device without the user first being required to sign in again. In fact, this operation would force the user to sign in again for all applications that they have previously consented to, independent of device. For developers, if the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application receives an error. If this happens, the application needs to acquire a new refresh token by making a request to the OAuth 2.0 /authorize endpoint, which forces the user to sign in. |
| Invoke-MgBetaLicenseUser |
Reprocess all group-based license assignments for the user. To learn more about group-based licensing, see What is group-based licensing in Microsoft Entra ID. Also see Identify and resolve license assignment problems for a group in Microsoft Entra ID for more details. Note To view the v1.0 release of this cmdlet, view Invoke-MgLicenseUser |
| Invoke-MgBetaRetryUserServiceProvisioning |
Retry the user service provisioning. Note To view the v1.0 release of this cmdlet, view Invoke-MgRetryUserServiceProvisioning |
| Invoke-MgBetaTranslateUserExchangeId |
Translate identifiers of Outlook-related resources between formats. Note To view the v1.0 release of this cmdlet, view Invoke-MgTranslateUserExchangeId |
| Remove-MgBetaAllUserDeviceFromManagement |
Retire all devices from management for this user Note To view the v1.0 release of this cmdlet, view Remove-MgAllUserDeviceFromManagement |
| Remove-MgBetaUserPasswordSingleSignOnCredential |
Delete the password-based single sign-on credentials for a given user to a given service principal. |
| Revoke-MgBetaUserSignInSession |
Invalidates all the refresh tokens issued to applications for a user (as well as session cookies in a user's browser), by resetting the signInSessionsValidFromDateTime user property to the current date-time. Typically, this operation is performed (by the user or an administrator) if the user has a lost or stolen device. This operation prevents access to the organization's data through applications on the device by requiring the user to sign in again to all applications that they have previously consented to, independent of device. If the application attempts to redeem a delegated access token for this user by using an invalidated refresh token, the application will get an error. If this happens, the application will need to acquire a new refresh token by making a request to the authorize endpoint, which will force the user to sign in. Note To view the v1.0 release of this cmdlet, view Revoke-MgUserSignInSession |
| Send-MgBetaUserMail |
Send the message specified in the request body using either JSON or MIME format. When using JSON format, you can include an attachment and use a mention to call out another user in the new message. When using MIME format: This method saves the message in the Sent Items folder. Alternatively, create a draft message to send later. To learn more about the steps involved in the backend before a mail is delivered to recipients, see here. Note To view the v1.0 release of this cmdlet, view Send-MgUserMail |
| Set-MgBetaUserLicense |
Add or remove licenses for the user to enable or disable their use of Microsoft cloud offerings that the company has licenses to. For example, an organization can have a Microsoft 365 Enterprise E3 subscription with 100 licenses, and this request assigns one of those licenses to a specific user. You can also enable and disable specific plans associated with a subscription. Direct user licensing is an alternative to group-based licensing. To get the subscriptions available in the directory, perform a GET subscribedSkus request. Note To view the v1.0 release of this cmdlet, view Set-MgUserLicense |
| Test-MgBetaUserPassword |
Check a user's password against the organization's password validation policy and report whether the password is valid. Use this action to provide real-time feedback on password strength while the user types their password. |
| Test-MgBetaUserProperty |
Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. Clients can use this API to determine whether a display name or mail nickname is valid before trying to create a Microsoft 365 group. For validating properties of an existing group, use the validateProperties function for groups. The following validations are performed for the display name and mail nickname properties: 1. Validate the prefix and suffix naming policy2. Validate the custom banned words policy3. Validate the mail nickname is unique This API returns with the first failure encountered. If one or more properties fail multiple validations, only the property with the first validation failure is returned. However, you can validate both the mail nickname and the display name and receive a collection of validation errors if you are only validating the prefix and suffix naming policy. Note To view the v1.0 release of this cmdlet, view Test-MgUserProperty |
| Unblock-MgBetaUserManagedApp |
Unblocks the managed app user from app check-in. |
| Update-MgBetaUserPassword |
Update the signed-in user's password. Any user can update their password without belonging to any administrator role. Note To view the v1.0 release of this cmdlet, view Update-MgUserPassword |