What's new in Microsoft Graph
Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.
For more detailed API-level updates, see the Microsoft Graph API changelog.
For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.
Important
Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.
December 2024: New and generally available
Reports
Microsoft Graph activity logs, which provide an audit trail of all HTTP requests that Microsoft Graph received and processed for your tenant, are now available in China operated by 21Vianet.
Security | Alerts and incidents
Enabled the description, displayName, resolvingComment, and severity properties as supported properties in an Update incident request.
Teamwork and communications | Shift management
- Stage the deletion of an openShift, shift, or timeOff instance in a schedule in draft mode.
- Use the eligibilityFilteringEnabledEntities property on workforceIntegration to get or set support for viewing eligibility-filtered results.
Users
Published the following lesser privileged permissions for managing specific scenarios on the user object:
Permission | Comments |
---|---|
User-Mail.ReadWrite.All | Least privileged permission to update the otherMails property. |
User-PasswordProfile.ReadWrite.All | Least privileged permission to update the passwordProfile property. |
User-Phone.ReadWrite.All | Least privileged permission to update the businessPhones and mobilePhone properties. Previously, only the Directory.AccessAsUser.All permission was supported to update the properties for admin user. We recommend you move the lesser privileged permission instead. |
User.EnableDisableAccount.All | Least privileged permission to update the accountEnabled property. Requires User.Read.All permission as well. Previously, only the Directory.AccessAsUser.All permission was supported to update the account status for admin users. We recommend you move the lesser privileged permission instead. |
User.DeleteRestore.All | Least privileged permission to delete a user, restore a deleted user from the recycle bin, or permanently delete a deleted user from the recycle bin. Also allows retrieving deleted users via the /directory/deleteditems/microsoft.graph.user endpoint. |
December 2024: New in preview only
Backup Storage
Use the new restore bulk addition request API for more convenient, efficient, and scalable restore solutions. This API is designed to streamline the restore process by allowing direct submission of restoration resources in a bulk request. The following resources are supported:
- driveRestoreArtifactsBulkAdditionRequest
- mailboxRestoreArtifactsBulkAdditionRequest
- siteRestoreArtifactsBulkAdditionRequest
Device and app management | Cloud PC
- Use the disasterRecoveryType property on cloudPcCrossRegionDisasterRecoverySetting to get or set the type of disaster recovery to perform when a disaster occurs on a user's Cloud PC.
- Use the userInitiatedDisasterRecoveryAllowed property on cloudPcCrossRegionDisasterRecoverySetting to get or set whether the client allows the end user to initiate a disaster recovery activation.
- Deprecated the crossRegionDisasterRecoveryEnabled property of the cloudPcCrossRegionDisasterRecoverySetting resource. Going forward use the disasterRecoveryType property.
- Enabled
endpointConnectivityCheckVMAgentEndPointCommunicationError
as a supported error type in the errorType property of the cloudPcOnPremisesConnectionHealthCheck resource.
Identity and access | Directory management
While restoring soft-deleted users, you can now specify whether Microsoft Entra ID should replace the user's userPrincipalName with a new value.
Identity and access | Identity and sign-in
- Use Microsoft Graph APIs to stay informed about the latest product updates, including the product roadmap and change announcements, the programmatic alternative to the What's new tab on the Microsoft Entra admin center.
- You can now manage hardware OATH tokens for your organization and users programmatically via the following Microsoft Graph APIs:
- hardwareOathTokenAuthenticationMethodDevice resource type and its associated methods to manage the hardware tokens in your tenant, including assigning to users
- hardwareOathAuthenticationMethod resource type and its associated methods to manage tokens that are already assigned to users by activating or deactivating them
Reports | Microsoft 365 monitoring reports
The Microsoft 365 monitoring APIs provide telemetry data to monitor the health of various Microsoft services within a Microsoft 365 subscription for your organization. Use the new operations in the serviceActivity resource to get telemetry data for Exchange Online, Microsoft 365 Apps, and Microsoft Teams.
Security | Alerts and incidents
Enabled the description, displayName, and severity properties as supported properties in an Update incident request.
Sites and lists
Create and manage a news link page in SharePoint.
Teamwork and communications | Calls and online meetings
The get and list operations of the callRecording and callTranscript resources support the retrieval of call recordings or call transcripts from private chat meetings and channel meetings.
Teamwork and communications | Messaging
Use the firstChannelName property on team to set the name of the first channel created in a team.
November 2024: New and generally available
Files
Use a range of new methods and resources for enhanced file storage management, including methods for managing columns and recycle bin items. You can also run operations like restore, lock, unlock, and more across the fileStorageContainer, fileStorage, and recycleBin resources.
Applications | Policies
Use the state property on keyCredentialConfiguration and passwordCredentialConfiguration to indicate whether a restriction is evaluated.
Security | Alerts and incidents
Enabled the active
, pendingApproval
, declined
, unremediated
, running
, and partiallyRemediated
statuses in the evidenceRemediationStatus enumeration. Use these new statuses via the remediationStatus property of the alertEvidence and its inherited types.
Security | Identities
The Defender for Identity sensors management API enables you to create detailed reports on the sensors in your workspace, providing information such as server name, sensor version, type, state, and health status. It also allows you to manage sensor settings, including adding descriptions, enabling or disabling delayed updates, and specifying the domain controller the sensor connects to for querying Entra ID. For more information, see sensor.
Teamwork and communications | Calls and online meetings
Use the administrativeUnitInfos property on participant and organizer to get the IDs of one or more administrative units for a call participant.
November 2024: New in preview only
Device and app management | Cloud PC
- Added new endpoints that support application permissions in the following methods of the cloudPC resource:
- Use the reservePercentage property in the [cloudPcProvisioningPolicy: apply] method to specify the percentage of Cloud PCs to keep available for frontline shared scenarios.
- Use the getCloudPCPerformanceReport method to get reports related to the performance of Cloud PCs.
- Use the reportName parameter with the getInaccessibleCloudPcReports method to specify the Cloud PC report type.
- Enabled the
performanceTrendReport
andinaccessibleCloudPcTrendReport
options for the reportName parameter in the Create cloudPcExportJob method.
Device and app management | Device updates
- Deploy a hotpatch quality update using Windows Autopatch.
- Use the isHotpatchUpdate property on productRevision to identify whether the content is hotpatchable.
- Use the isHotpatchEnabled property on userExperienceSettings to identify whether the update is offered as a hotpatch.
Identity and access | Identity and sign-in
- Use the oidcIdentityProvider resource and its methods to interact with OpenID Connect identity providers in a Microsoft Entra external tenant.
- Added the certificateBasedAuthPki resource to manage the collection of public key infrastructure (PKI) instances for the certificate-based authentication method, and the certificateAuthorityDetail resource to access the properties of each certificate authority object within a certificateBasedAuthPki.
Identity and access | Network access
List, create, get, update, and delete fqdnFilteringRule and webCategoryFilteringRule resources that are derived types of filteringRule.
Reports | Identity and access reports
Use the sessionId property on signIn to get the identifier of the session that was generated during a sign-in.
Security | Discovered cloud apps
The new Microsoft Defender for Cloud apps API in Microsoft Graph is designed to provide an efficient and reliable way to query discovered apps information, making it easier for you to analyze the risks associated with the discovered apps. Use the following resources and their methods to get data and insights across the discovered SaaS apps ecosystem:
- cloudAppDiscoveryReport
- discoveredCloudAppDetail
- discoveredCloudAppInfo
- discoveredCloudAppUser
- discoveredCloudAppIPAddress
- discoveredCloudAppDevice
- endpointDiscoveredCloudAppDetail
Security | eDiscovery
Added application authentication for Microsoft Purview eDiscovery Graph APIs. For more information about setting up app-only access, see Set up application authentication.
Teamwork and communications | AI interactions
Use the getAllEnterpriseInteractions method to get Microsoft 365 Copilot interaction data, including user prompts to Copilot and Copilot responses.
Teamwork and communications | Calls and online meetings
- Link external event information to a virtualEventTownhall or virtualEventWebinar by setting an externalEventId.
- Use the externalEventInformation on virtualEventTownhall and virtualEventWebinar to identify the external event information of a virtual event.
- Use the allowedLobbyAdmitters property on onlineMeeting to get or set the users who can admit from the lobby.
- Use the allowedLobbyAdmitters property on onlineMeeting to get or set the users who can admit from the lobby.
- Get or set whether users of Microsoft 365 Copilot in Teams Meetings can receive responses to sentiment-related prompts.
Contribute to Microsoft Graph
Are there scenarios you'd like Microsoft Graph to support?
Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (
https://graph.microsoft.com/beta
) and v1.0 (https://graph.microsoft.com/v1.0
) endpoints.Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.
Join our research panel to provide your input on our developer experiences.