What's new in Microsoft Graph

Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.

For more detailed API-level updates, see the Microsoft Graph API changelog.

For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.

Important

Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.

December 2024: New and generally available

Reports

Microsoft Graph activity logs, which provide an audit trail of all HTTP requests that Microsoft Graph received and processed for your tenant, are now available in China operated by 21Vianet.

Security | Alerts and incidents

Enabled the description, displayName, resolvingComment, and severity properties as supported properties in an Update incident request.

Teamwork and communications | Shift management

Users

Published the following lesser privileged permissions for managing specific scenarios on the user object:

Permission Comments
User-Mail.ReadWrite.All Least privileged permission to update otherMails property.
User-PasswordProfile.ReadWrite.All Least privileged permission to update passwordProfile property.
User-Phone.ReadWrite.All Least privileged permission to update businessPhones and mobilePhone properties. Previously, only the Directory.AccessAsUser.All permission was supported to update the properties for admin user. We recommend you move the lesser privileged ** permission instead.
User.EnableDisableAccount.All Least privileged permission to update accountEnabled property. Requires User.Read.All permission as well. Previously, only the Directory.AccessAsUser.All permission was supported to update the account status for admin users. We recommend you move the lesser privileged permission instead.
User.DeleteRestore.All Least privileged permission to delete a user, restore a deleted user from the recycle bin, or permanently delete a deleted user from the recycle bin. Also allows retrieving deleted users via the /directory/deleteditems/microsoft.graph.user endpoint.

December 2024: New in preview only

Backup Storage

Use the new restore bulk addition request API for more convenient, efficient, and scalable restore solutions. This API is designed to streamline the restore process by allowing direct submission of restoration resources in a bulk request. The following resources are supported:

Device and app management | Cloud PC

Identity and access | Directory management

While restoring soft-deleted users, you can now specify whether Microsoft Entra ID should replace the user's userPrincipalName with a new value.

Identity and access | Identity and sign-in

Reports | Microsoft 365 monitoring reports

The Microsoft 365 monitoring APIs provide telemetry data to monitor the health of various Microsoft services within a Microsoft 365 subscription for your organization. Use the new operations in the serviceActivity resource to get telemetry data for Exchange Online, Microsoft 365 Apps, and Microsoft Teams.

Security | Alerts and incidents

Enabled the description, displayName, and severity properties as supported properties in an Update incident request.

Sites and lists

Create and manage a news link page in SharePoint.

Teamwork and communications | Messaging

Use the firstChannelName property on team to set the name of the first channel created in a team.

November 2024: New and generally available

Files

Use a range of new methods and resources for enhanced file storage management, including methods for managing columns and recycle bin items. You can also run operations like restore, lock, unlock, and more across the fileStorageContainer, fileStorage, and recycleBin resources.

Applications | Policies

Use the state property on keyCredentialConfiguration and passwordCredentialConfiguration to indicate whether a restriction is evaluated.

Security | Alerts and incidents

Enabled the active, pendingApproval, declined, unremediated, running, and partiallyRemediated statuses in the evidenceRemediationStatus enumeration. Use these new statuses via the remediationStatus property of the alertEvidence and its inherited types.

Security | Identities

The Defender for Identity sensors management API enables you to create detailed reports on the sensors in your workspace, providing information such as server name, sensor version, type, state, and health status. It also allows you to manage sensor settings, including adding descriptions, enabling or disabling delayed updates, and specifying the domain controller the sensor connects to for querying Entra ID. For more information, see sensor.

Teamwork and communications | Calls and online meetings

Use the administrativeUnitInfos property on participant and organizer to get the IDs of one or more administrative units for a call participant.

November 2024: New in preview only

Device and app management | Cloud PC

Device and app management | Device updates

Identity and access | Identity and sign-in

Identity and access | Network access

List, create, get, update, and delete fqdnFilteringRule and webCategoryFilteringRule resources that are derived types of filteringRule.

Reports | Identity and access reports

Use the sessionId property on signIn to get the identifier of the session that was generated during a sign-in.

Security | Discovered cloud apps

The new Microsoft Defender for Cloud apps API in Microsoft Graph is designed to provide an efficient and reliable way to query discovered apps information, making it easier for you to analyze the risks associated with the discovered apps. Use the following resources and their methods to get data and insights across the discovered SaaS apps ecosystem:

Security | eDiscovery

Added application authentication for Microsoft Purview eDiscovery Graph APIs. For more information about setting up app-only access, see Set up application authentication.

Teamwork and communications | AI interactions

Use the getAllEnterpriseInteractions method to get Microsoft 365 Copilot interaction data, including user prompts to Copilot and Copilot responses.

Teamwork and communications | Calls and online meetings

  • Link external event information to a virtualEventTownhall or virtualEventWebinar by setting an externalEventId.
  • Use the externalEventInformation on virtualEventTownhall and virtualEventWebinar to identify the external event information of a virtual event.
  • Use the allowedLobbyAdmitters property on onlineMeeting to get or set the users who can admit from the lobby.
  • Use the allowedLobbyAdmitters property on onlineMeeting to get or set the users who can admit from the lobby.
  • Get or set whether users of Microsoft 365 Copilot in Teams Meetings can receive responses to sentiment-related prompts.

Contribute to Microsoft Graph

Are there scenarios you'd like Microsoft Graph to support?

  • Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.

  • Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.

  • Join our research panel to provide your input on our developer experiences.