diff --git a/.azure-pipelines/.config/CredScanSuppressions.json b/.azure-pipelines/.config/CredScanSuppressions.json
new file mode 100644
index 00000000000..a2adf2483d0
--- /dev/null
+++ b/.azure-pipelines/.config/CredScanSuppressions.json
@@ -0,0 +1,57 @@
+{
+ "tool": "Credential Scanner",
+ "suppressions": [
+ {
+ "hash": "4HFMaPyHf2Oq0UHssXYQ+IzVZIRgG18pB/v4dtou7sw=",
+ "_justification": "authenticationmethod-resetpassword.md line 184 Sample password in JSON example"
+ },
+ {
+ "hash": "Dl8lVS64t7J9YPKUCrs6IvmGgwA9lkG/9TTJvKLyIfw=",
+ "_justification": "externallyaccessibleawsstoragebucketfinding-list.md line 118 Sample Azure storage account access key in JSON example"
+ },
+ {
+ "hash": "6uNofS5cYXMBA0lB/CvV80FLhrnf5Pgi8z1A4ouVNzE=",
+ "_justification": "security-passivednsrecord-get.md line 66 Sample general symmetric key in HTTP request example"
+ },
+ {
+ "hash": "DqnzqSuPoql8CRa0NwVQjvMWVEdB/1JVZhMLf5a7caw=",
+ "_justification": "serviceprincipal-createpasswordsinglesignoncredentials.md line 90 Sample common default password in JSON example"
+ },
+ {
+ "hash": "YGEAcd2dkpni4zKf2vds0XCBd4ETjyy6VSqP6wF8K4Y=",
+ "_justification": "security-whoishistoryrecord-get.md line 64 Sample symmetric key in HTTP request example"
+ },
+ {
+ "hash": "yuNZ6vrD0RfK/gi2biOeRwncQ7QBOUsptruQ9gF4fGE=",
+ "_justification": "user-changepassword.md line 67 Sample password in JSON example"
+ },
+ {
+ "hash": "XQQz4syNsXVwCQBB+ROKXms/PeYf1xxMiu93rtFGQzE=",
+ "_justification": "user-validatepassword.md line 69 Sample password in JSON example"
+ },
+ {
+ "hash": "449XS9qz2RDCs4hRlMopVw7CCRxp01qRBUh152CBj1w=",
+ "_justification": "send-sharing-invite-go-snippets.md line 40 Sample password in JSON example"
+ },
+ {
+ "hash": "ezuuJrz3tJVuhDI3QayaAQnoJmJ7OdePNofJCf9yRos=",
+ "_justification": "update-planneruser-go-snippets.md line 22 Sample general symmetric key in code snippets"
+ },
+ {
+ "hash": "4HFMaPyHf2Oq0UHssXYQ+IzVZIRgG18pB/v4dtou7sw=",
+ "_justification": "passwordauthenticationmethod-resetpassword-adminprovided-java-snippets.md line 9 Sample password in code snippets"
+ },
+ {
+ "hash": "pFG5S9mElRlcOZ+ByQRi1yN4nzkV+sW0DBJStZwB13I=",
+ "_justification": "application-saml-sso-configure-api.md line 1004 Sample general symmetric key in JSON example"
+ },
+ {
+ "hash": "lrucAcVPXoYUsoNE7NH+dQDxA5dKVl04BhLUkL2i+k8=",
+ "_justification": "auth-v2-service.md line 166 Sample Azure AD client secret in cURL example"
+ },
+ {
+ "hash": "Yq6kyr67P2hd5i71eNVIOL8EHosrVwv9Mg0R6PdiF6c=",
+ "_justification": "authenticationmethods-get-started.md line 451 Sample general password in JSON example"
+ }
+ ]
+}
\ No newline at end of file
diff --git a/Test-Docs.ps1 b/Test-Docs.ps1
index 6d8d1c5b9c9..1d3bff7dc27 100644
--- a/Test-Docs.ps1
+++ b/Test-Docs.ps1
@@ -8,25 +8,35 @@ $apiDoctorNuGetVersion = $env:API_DOCTOR_NUGET_VERSION
$apiDoctorGitRepoUrl = $env:API_DOCTOR_GIT_REPO_URL
$apiDoctorGitBranch = $env:API_DOCTOR_GIT_BRANCH
$docsRepoPath = (Get-Location).Path
-$docsSubPath = $env:APIDOCTOR_DOCSUBPATH
+$docsSubPath = $env:DOCS_SUB_PATH
$downloadedApiDoctor = $false
$downloadedNuGet = $false
-Write-Host "Repository location: ", $docsRepoPath
+if ($useNuGetPackage -eq $true) {
+ Write-Host "API Doctor NuGet Version: ", $apiDoctorNuGetVersion
+}
+else {
+ Write-Host "API Doctor Git Repo:"
+ Write-Host "- URL: $apiDoctorGitRepoUrl"
+ Write-Host "- Branch: $apiDoctorGitBranch"
+}
+
+Write-Host "Repository Location: ", $docsRepoPath
+Write-Host "Docs Subpath: ", $docsSubPath
# Check if API Doctor source has been set
-if ($useNuGetPackage -and [string]::IsNullOrWhiteSpace($apiDoctorNuGetVersion)) {
+if ($useNuGetPackage -eq $true -and [string]::IsNullOrWhiteSpace($apiDoctorNuGetVersion)) {
Write-Host "API Doctor NuGet package version has not been set. Aborting..."
exit 1
}
-elseif (!$useNuGetPackage -and [string]::IsNullOrWhiteSpace($apiDoctorGitRepoUrl)) {
+elseif ($useNuGetPackage -eq $false -and [string]::IsNullOrWhiteSpace($apiDoctorGitRepoUrl)) {
Write-Host "API Doctor Git Repo URL has not been set. Aborting..."
exit 1
}
# Check if docs subpath has been set
if ([string]::IsNullOrWhiteSpace($docsSubPath)) {
- Write-Host "API Doctor subpath has not been set. Aborting..."
+ Write-Host "Docs subpath has not been set. Aborting..."
exit 1
}
@@ -56,7 +66,7 @@ else {
$apidocPath = Join-Path $docsRepoPath -ChildPath "apidoctor"
New-Item -ItemType Directory -Force -Path $apidocPath
- if ($useNuGetPackage) {
+ if ($useNuGetPackage -eq $true) {
# Install API Doctor from NuGet
Write-Host "Running nuget.exe from ", $nugetPath
$nugetParams = "install", "ApiDoctor", "-Version", $apiDoctorNuGetVersion, "-OutputDirectory", $apidocPath, "-NonInteractive", "-DisableParallelProcessing"
@@ -64,7 +74,7 @@ else {
if ($LastExitCode -ne 0) {
# NuGet error, so we can't proceed
- Write-Host "Error installing API Doctor from NuGet. Aborting."
+ Write-Host "Error installing API Doctor from NuGet. Aborting..."
Remove-Item $nugetPath
exit $LastExitCode
}
diff --git a/api-reference/beta/api/chatmessage-post.md b/api-reference/beta/api/chatmessage-post.md
index 261b4ed9463..4a30b46936f 100644
--- a/api-reference/beta/api/chatmessage-post.md
+++ b/api-reference/beta/api/chatmessage-post.md
@@ -15,9 +15,9 @@ Namespace: microsoft.graph
Send a new [chatMessage](../resources/chatmessage.md) in the specified [channel](../resources/channel.md) or a [chat](../resources/chat.md).
-> **Note**: We don't recommend that you use this API for data migration. It does not have the throughput necessary for a typical migration.
-
-> **Note**: It is a violation of the [terms of use](/legal/microsoft-apis/terms-of-use) to use Microsoft Teams as a log file. Only send messages that people will read.
+> **Notes:**
+> - We don't recommend that you use this API for data migration. It does not have the throughput necessary for a typical migration.
+> - It is a violation of the [terms of use](/legal/microsoft-apis/terms-of-use) to use Microsoft Teams as a log file. Only send messages that people will read.
[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
@@ -481,8 +481,9 @@ Content-type: application/json
#### Request
The following example shows a request.
->**Note:** The file must already be in SharePoint. To find the file properties, GET the **driveItem** for the file. For example, /drives/{id}/items/{id}. Your attachment ID is the GUID in the **eTag** of the **driveItem**, your attachment **contentURL** is the **webUrl** of the **driveItem**'s folder plus the **driveItem**'s name, and your attachment name is the **driveItem**'s name.
-
+>**Notes:**
+> - The file must already be in SharePoint. To find the file properties, GET the **driveItem** for the file. For example: `/drives/{id}/items/{id}`. The attachment ID is the GUID in the **eTag** of the **driveItem**. The attachment **contentURL** is the **webUrl** of the **driveItem** folder plus the name of the **driveItem**. The attachment name is the name of the **driveItem**.
+> - Microsoft Graph supports the `OpenUrl` card action. Bots are required for other card actions.
# [HTTP](#tab/http)
``` http
-GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/provisioningPolicies/60b94f83-3e22-430e-a69d-440f65b922d6?$select=id,description,displayName,displayName,domainJoinConfiguration,imageDisplayName,imageId,imageType,onPremisesConnectionId,windowsSettings,managedBy,cloudPcGroupDisplayName,gracePeriodInHours,localAdminEnabled,alternateResourceUrl
+GET https://graph.microsoft.com/beta/deviceManagement/virtualEndpoint/provisioningPolicies/60b94f83-3e22-430e-a69d-440f65b922d6?$select=id,description,displayName,domainJoinConfiguration,imageDisplayName,imageId,imageType,onPremisesConnectionId,windowsSetting,managedBy,cloudPcGroupDisplayName,gracePeriodInHours,localAdminEnabled,alternateResourceUrl
```
-# [C#](#tab/csharp)
-[!INCLUDE [sample-code](../includes/snippets/csharp/get-cloudpcprovisioningpolicy-3-csharp-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [CLI](#tab/cli)
-[!INCLUDE [sample-code](../includes/snippets/cli/get-cloudpcprovisioningpolicy-3-cli-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Go](#tab/go)
-[!INCLUDE [sample-code](../includes/snippets/go/get-cloudpcprovisioningpolicy-3-go-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Java](#tab/java)
-[!INCLUDE [sample-code](../includes/snippets/java/get-cloudpcprovisioningpolicy-3-java-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [JavaScript](#tab/javascript)
-[!INCLUDE [sample-code](../includes/snippets/javascript/get-cloudpcprovisioningpolicy-3-javascript-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PHP](#tab/php)
-[!INCLUDE [sample-code](../includes/snippets/php/get-cloudpcprovisioningpolicy-3-php-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PowerShell](#tab/powershell)
-[!INCLUDE [sample-code](../includes/snippets/powershell/get-cloudpcprovisioningpolicy-3-powershell-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Python](#tab/python)
-[!INCLUDE [sample-code](../includes/snippets/python/get-cloudpcprovisioningpolicy-3-python-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
----
-
#### Response
The following example shows the response.
@@ -368,6 +339,9 @@ Content-Type: application/json
"windowsSettings": {
"language": "en-US"
},
+ "windowsSetting": {
+ "locale": "en-US"
+ },
"provisioningType": "dedicated"
}
```
diff --git a/api-reference/beta/api/cloudpcprovisioningpolicy-update.md b/api-reference/beta/api/cloudpcprovisioningpolicy-update.md
index 52fd5dba3fe..61d28e66dbd 100644
--- a/api-reference/beta/api/cloudpcprovisioningpolicy-update.md
+++ b/api-reference/beta/api/cloudpcprovisioningpolicy-update.md
@@ -52,13 +52,15 @@ The following table shows the properties that can be updated for the [cloudPcPro
|:---|:---|:---|
|description|String|The provisioning policy description.|
|displayName|String|The display name for the provisioning policy. |
-|domainJoinConfiguration|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs will join Microsoft Entra ID.|
+|domainJoinConfigurations|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md) collection|Specifies a list ordered by priority on how Cloud PCs join Microsoft Entra ID.|
|enableSingleSignOn|Boolean|`True` if the provisioned Cloud PC can be accessed by single sign-on. `False` indicates that the provisioned Cloud PC doesn't support this feature. Default value is `false`. Windows 365 users can use single sign-on to authenticate to Microsoft Entra ID with passwordless options (for example, FIDO keys) to access their Cloud PC. Optional.|
|imageDisplayName|String|The display name for the OS image you're provisioning.|
|imageId|String|The ID of the OS image you want to provision on Cloud PCs. The format for a gallery type image is: {publisher_offer_sku}. Supported values for each of the parameters are as follows: - publisher: Microsoftwindowsdesktop.
- offer: windows-ent-cpc.
- sku: 21h1-ent-cpc-m365, 21h1-ent-cpc-os, 20h2-ent-cpc-m365, 20h2-ent-cpc-os, 20h1-ent-cpc-m365, 20h1-ent-cpc-os, 19h2-ent-cpc-m365 and 19h2-ent-cpc-os.
|
|imageType|cloudPcProvisioningPolicyImageType|The type of OS image (custom or gallery) you want to provision on Cloud PCs. Possible values are: `gallery`, `custom`.|
-|onPremisesConnectionId|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service.|
-|windowsSettings|[cloudPcWindowsSettings](../resources/cloudpcwindowssettings.md)|The Windows operation system settings for the provisioned Cloud PCs with this provisioning policy, such as operation system language setting.|
+|windowsSetting|[cloudPcWindowsSettings](../resources/cloudpcwindowssetting.md)|Indicates a specific Windows setting to configure during the creation of Cloud PCs for this provisioning policy. Supports `$select`. |
+|domainJoinConfiguration (deprecated)|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs join Microsoft Entra ID.|
+|onPremisesConnectionId (deprecated)|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service.|
+|windowsSettings (deprecated)|[cloudPcWindowsSettings](../resources/cloudpcwindowssettings.md)|Specific Windows settings to configure during the creation of Cloud PCs for this provisioning policy. Supports `$select`. The **windowsSettings** property is deprecated and will stop returning data on January 31, 2024. Going forward, use the **windowsSetting** property.|
## Response
@@ -68,9 +70,8 @@ If successful, this method returns a `204 No Content` response code.
### Request
-The following is an example of a request.
+The following example shows a request.
-# [HTTP](#tab/http)
+[!INCLUDE [permissions-table](../includes/permissions/cloudpcreports-getcloudpcrecommendationreports-permissions.md)]
## HTTP request
diff --git a/api-reference/beta/api/cloudpcreports-getshareduselicenseusagereport.md b/api-reference/beta/api/cloudpcreports-getshareduselicenseusagereport.md
index 806d391a229..526141c5ccd 100644
--- a/api-reference/beta/api/cloudpcreports-getshareduselicenseusagereport.md
+++ b/api-reference/beta/api/cloudpcreports-getshareduselicenseusagereport.md
@@ -16,7 +16,7 @@ Namespace: microsoft.graph
Get a usage report on shared-use licenses, such as **servicePlanId**, **licenseCount**, and **claimedLicenseCount**, for real-time, 7 days, or 28 days trend.
>[!CAUTION]
->This API is deprecated. Going forward, use the [getFrontlineReport](cloudpcreports-getfrontlinereport.md) API.
+> This API is deprecated and will stop returning data on April 24, 2024. Going forward, use the [getFrontlineReport](cloudpcreports-getfrontlinereport.md) API.
[!INCLUDE [national-cloud-support](../../includes/global-only.md)]
diff --git a/api-reference/beta/api/cloudpcshareduseserviceplan-get.md b/api-reference/beta/api/cloudpcshareduseserviceplan-get.md
index fa38bdfacc6..aa2337f7c80 100644
--- a/api-reference/beta/api/cloudpcshareduseserviceplan-get.md
+++ b/api-reference/beta/api/cloudpcshareduseserviceplan-get.md
@@ -14,7 +14,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
> [!CAUTION]
-> The **cloudPcSharedUseServicePlan** resource is deprecated and stopped returning data on October 8, 2023. Going forward, use the [cloudPcFrontLineServicePlan](../resources/cloudpcfrontlineserviceplan.md).
+> The **cloudPcSharedUseServicePlan** resource is deprecated and stopped returning data on April 24, 2024. Going forward, use the [cloudPcFrontLineServicePlan](../resources/cloudpcfrontlineserviceplan.md).
Read the properties and relationships of a [cloudPcSharedUseServicePlan](../resources/cloudpcshareduseserviceplan.md) object.
diff --git a/api-reference/beta/api/cloudpcusersetting-get.md b/api-reference/beta/api/cloudpcusersetting-get.md
index 3b3d458f5b2..d6837ddaf07 100644
--- a/api-reference/beta/api/cloudpcusersetting-get.md
+++ b/api-reference/beta/api/cloudpcusersetting-get.md
@@ -125,6 +125,7 @@ Content-Type: application/json
"resetEnabled": true,
"restorePointSetting": {
"frequencyInHours": 16,
+ "frequencyType": "sixteenHours",
"userRestoreEnabled": true
},
"lastModifiedDateTime": "2021-02-01T10:29:57Z",
@@ -205,6 +206,7 @@ Content-Type: application/json
"resetEnabled": true,
"restorePointSetting": {
"frequencyInHours": 16,
+ "frequencyType": "sixteenHours",
"userRestoreEnabled": true
},
"lastModifiedDateTime": "2021-02-01T10:29:57Z",
diff --git a/api-reference/beta/api/cloudpcusersetting-update.md b/api-reference/beta/api/cloudpcusersetting-update.md
index 09c314afd09..e7254d2ce2a 100644
--- a/api-reference/beta/api/cloudpcusersetting-update.md
+++ b/api-reference/beta/api/cloudpcusersetting-update.md
@@ -65,9 +65,8 @@ If successful, this method returns a `200 OK` response code and an updated [clou
### Request
-The following is an example of a request.
+The following example shows a request.
-# [HTTP](#tab/http)
+``` http
+DELETE /security/rules/detectionRules/{ruleId}
+```
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+``` http
+DELETE https://graph.microsoft.com/beta/security/rules/detectionRules/302
+```
+
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+``` http
+HTTP/1.1 204 No Content
+```
+
diff --git a/api-reference/beta/api/security-detectionrule-get.md b/api-reference/beta/api/security-detectionrule-get.md
new file mode 100644
index 00000000000..3a3cb2b93f5
--- /dev/null
+++ b/api-reference/beta/api/security-detectionrule-get.md
@@ -0,0 +1,147 @@
+---
+title: "Get detectionRule"
+description: "Read the properties and relationships of a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: apiPageType
+---
+
+# Get detectionRule
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relatonships of a [custom detection rule](../resources/security-detectionrule.md).
+
+With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured assets in their organization network.
+Custom detection rules, which are written in [Kusto query language (KQL)](/azure/data-explorer/kusto/query/), automatically trigger [alerts](../resources/security-alert.md) and response actions when events occur that match a KQL query.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type| Permissions (from least to most privileged) |
+|:---|:--------------------------------------------|
+|Delegated (work or school account)| CustomDetection.Read.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| CustomDetection.Read.All |
+
+## HTTP request
+
+
+``` http
+GET /security/rules/detectionRules/{ruleId}
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+``` http
+GET https://graph.microsoft.com/beta/security/rules/detectionRules/7506
+```
+
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "7506",
+ "displayName": "ban file",
+ "isEnabled": true,
+ "createdBy": "NaderK@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2021-02-28T16:28:15.3863467Z",
+ "lastModifiedDateTime": "2023-05-24T09:26:11.8630516Z",
+ "lastModifiedBy": "GlobalAdmin@unifiedrbactest3.ccsctp.net",
+ "detectorId": "67895317-b2a8-4ac3-8f8b-fa6b7765f2fe",
+ "queryCondition": {
+ "queryText": "DeviceFileEvents\r\n| where Timestamp > ago(1h)\r\n| where FileName == \"ifz30zlx.dll\"",
+ "lastModifiedDateTime": null
+ },
+ "schedule": {
+ "period": "24H",
+ "nextRunDateTime": "2023-06-26T08:52:06.1766667Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": "2023-06-25T08:52:06.1766667Z",
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "unwanted dll",
+ "description": "test",
+ "severity": "low",
+ "category": "Malware",
+ "recommendedActions": null,
+ "mitreTechniques": [],
+ "impactedAssets": []
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.restrictAppExecutionResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.initiateInvestigationResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.collectInvestigationPackageResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.runAntivirusScanResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "isolationType": "full",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.blockFileResponseAction",
+ "identifier": "sha1",
+ "deviceGroupNames": []
+ }
+ ]
+ }
+}
+```
+
diff --git a/api-reference/beta/api/security-detectionrule-list.md b/api-reference/beta/api/security-detectionrule-list.md
new file mode 100644
index 00000000000..c6fb291b91e
--- /dev/null
+++ b/api-reference/beta/api/security-detectionrule-list.md
@@ -0,0 +1,248 @@
+---
+title: "List detectionRules"
+description: "Get a list of the custom detection rules and their properties."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: apiPageType
+---
+
+# List detectionRules
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Get a list of [custom detection rules](../resources/security-detectionrule.md).
+With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured assets in their organization network.
+Custom detection rules, which are written in [Kusto query language (KQL)](/azure/data-explorer/kusto/query/), automatically trigger [alerts](../resources/security-alert.md) and response actions once there are events matching their KQL queries.
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+|Permission type| Permissions (from least to most privileged) |
+|:---|:--------------------------------------------|
+|Delegated (work or school account)| CustomDetection.Read.All |
+|Delegated (personal Microsoft account)| Not supported. |
+|Application| CustomDetection.Read.All |
+
+## HTTP request
+
+
+``` http
+GET /security/rules/detectionRules
+```
+
+## Optional query parameters
+This method supports some of the OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a collection of [detectionRule](../resources/security-detectionrule.md) objects in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+``` http
+GET https://graph.microsoft.com/beta/security/rules/detectionRules?$top=3
+```
+
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "value": [
+ {
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "7506",
+ "displayName": "ban file",
+ "isEnabled": true,
+ "createdBy": "NaderK@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2021-02-28T16:28:15.3863467Z",
+ "lastModifiedDateTime": "2023-05-24T09:26:11.8630516Z",
+ "lastModifiedBy": "GlobalAdmin@unifiedrbactest3.ccsctp.net",
+ "detectorId": "67895317-b2a8-4ac3-8f8b-fa6b7765f2fe",
+ "queryCondition": {
+ "queryText": "DeviceFileEvents\r\n| where Timestamp > ago(1h)\r\n| where FileName == \"ifz30zlx.dll\"",
+ "lastModifiedDateTime": null
+ },
+ "schedule": {
+ "period": "24H",
+ "nextRunDateTime": "2023-06-26T08:52:06.1766667Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": "2023-06-25T08:52:06.1766667Z",
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "unwanted dll",
+ "description": "test",
+ "severity": "low",
+ "category": "Malware",
+ "recommendedActions": null,
+ "mitreTechniques": [],
+ "impactedAssets": []
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.restrictAppExecutionResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.initiateInvestigationResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.collectInvestigationPackageResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.runAntivirusScanResponseAction",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "isolationType": "full",
+ "identifier": "deviceId"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.blockFileResponseAction",
+ "identifier": "sha1",
+ "deviceGroupNames": []
+ }
+ ]
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "8575",
+ "displayName": "Continuous_EmailAttachmentInfo_Mod300",
+ "isEnabled": true,
+ "createdBy": "rony@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2021-11-03T21:32:01.6144651Z",
+ "lastModifiedDateTime": "2022-11-03T19:27:14.4187141Z",
+ "lastModifiedBy": "InESecAdmin@winatptestlic06.ccsctp.net",
+ "detectorId": "56ef4994-fe31-4ac9-b29f-0ca2f2cc9112",
+ "queryCondition": {
+ "queryText": "EmailAttachmentInfo\r\n| extend second = datetime_diff('second',now(),Timestamp)\r\n| where second % 300 == 0 ",
+ "lastModifiedDateTime": "2022-11-03T19:27:14.4331537Z"
+ },
+ "schedule": {
+ "period": "0",
+ "nextRunDateTime": "2021-11-03T21:32:01.7863185Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": "2021-11-03T21:32:01.7863185Z",
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "EmailAttachmentInfo",
+ "description": "EmailAttachmentInfo",
+ "severity": "low",
+ "category": "Exfiltration",
+ "recommendedActions": "EmailAttachmentInfo",
+ "mitreTechniques": [],
+ "impactedAssets": [
+ {
+ "@odata.type": "#microsoft.graph.security.impactedMailboxAsset",
+ "identifier": "recipientEmailAddress"
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.impactedUserAsset",
+ "identifier": "recipientObjectId"
+ }
+ ]
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.moveToDeletedItemsResponseAction",
+ "identifier": "networkMessageId, recipientEmailAddress"
+ }
+ ]
+ }
+ },
+ {
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "9794",
+ "displayName": "UPDATED DET: Office/LoLBin Network Connection to Low-Reputation TLD",
+ "isEnabled": true,
+ "createdBy": "NaderK@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2022-02-02T10:26:01.7708581Z",
+ "lastModifiedDateTime": "2022-02-02T10:26:01.7708581Z",
+ "lastModifiedBy": "NaderK@winatptestlic06.ccsctp.net",
+ "detectorId": "67aa92a1-b04b-4f2a-a223-236968a3da96",
+ "queryCondition": {
+ "queryText": "//https://www.spamhaus.org/statistics/tlds/ http://www.surbl.org/tld https://www.iana.org/domains/root/db https://unit42.paloaltonetworks.com/top-level-domains-cybercrime/\r\nDeviceNetworkEvents\r\n| where isnotempty(RemoteUrl) and RemoteIPType == \"Public\"\r\n| where InitiatingProcessFileName in~ (\"winword.exe\", \"excel.exe\", \"powerpnt.exe\", \"rundll32.exe\", \"regsvr32.exe\", \"certutil.exe\", \"bitsadmin.exe\", \"wscript.exe\", \"cscript.exe\", \"powershell.exe\", \"pwsh.exe\", \"powershell_ise.exe\")\r\n| extend TopLevelDomain=tolower(extract(@\"([A-Za-z0-9-]{1,63}\\.)+([A-Za-z]{2,10})\", 2, RemoteUrl))\r\n| where TopLevelDomain in (\"xyz\", \"top\", \"live\", \"loan\", \"club\", \"surf\", \"work\", \"biz\", \"ryukyu\", \"press\", \"ltd\", \"bid\", \"vip\", \"online\", \"download\" \"buzz\", \"cam\", \"ru\", \"cn\", \"ci\", \"ga\", \"gq\", \"tk\", \"tw\", \"ml\", \"cf\", \"cfd\", \"icu\", \"cm\")\r\n| extend TimeDiff=datetime_diff(\"Second\", Timestamp, InitiatingProcessCreationTime)\r\n| where TimeDiff < 30\r\n| project-reorder Timestamp, DeviceName, RemoteUrl, TopLevelDomain, TimeDiff, InitiatingProcessCommandLine, *\r\n//| summarize count() by InitiatingProcessFolderPath, TopLevelDomain, RemoteUrl",
+ "lastModifiedDateTime": null
+ },
+ "schedule": {
+ "period": "1H",
+ "nextRunDateTime": "2023-06-25T10:17:06.4366667Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": "2023-06-25T09:17:06.4366667Z",
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "updated Office/LoLBin Network Connection to Low-Reputation TLD",
+ "description": "This is a custom detection created by the Centene Detection Engineering team.\n\nAn Office application or Living-Off-The-Land Binary made an immediate remote connection to a domain with a low-reputation top level domain after execution. This activity is suspicious as threat actors typically use low-reputation TLDs for malicious purposes, such as hosting payloads for potential targets. These TLDs are often abused because of their low cost and lack of oversite. The TLDs included in the list cover destinations that have either a high count or a high percentage of low-reputation sites. ",
+ "severity": "low",
+ "category": "CommandAndControl",
+ "recommendedActions": "Check the reputation of the RemoteUrl through OSINT tools such as VirusTotal and Hybrid Analysis.\n\nReview the document and device timeline for additional context and IOCs. \n\nCheck for related alerts on the associated endpoint. ",
+ "mitreTechniques": ["T1071.001"],
+ "impactedAssets": [
+ {
+ "@odata.type": "#microsoft.graph.security.impactedDeviceAsset",
+ "identifier": "deviceId"
+ }
+ ]
+ },
+ "organizationalScope": {
+ "scopeType": "deviceGroup",
+ "scopeNames": ["UnassignedGroup"]
+ },
+ "responseActions": []
+ }
+ }
+ ]
+}
+```
+
diff --git a/api-reference/beta/api/security-detectionrule-post-detectionrules.md b/api-reference/beta/api/security-detectionrule-post-detectionrules.md
new file mode 100644
index 00000000000..d3735d3d3fb
--- /dev/null
+++ b/api-reference/beta/api/security-detectionrule-post-detectionrules.md
@@ -0,0 +1,161 @@
+---
+title: "Create detectionRule"
+description: "Create a new custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: apiPageType
+---
+
+# Create detectionRule
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Create a [custom detection rule](../resources/security-detectionrule.md).
+With custom detections, you can proactively monitor for and respond to various events and system states, including suspected breach activity and misconfigured assets in their organization's network.
+Custom detection rules, which are written in [Kusto query language (KQL)](/azure/data-explorer/kusto/query/), automatically trigger [alerts](../resources/security-alert.md) and response actions once there are events matching their KQL queries.
+
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+|:---------------------------------------|:--------------------------------------------|
+| Delegated (work or school account) | CustomDetection.ReadWrite.All |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | CustomDetection.ReadWrite.All |
+
+## HTTP request
+
+
+``` http
+POST /security/rules/detectionRules
+```
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+Within the request body, supply a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md). Some metadata fields are unnecessary and are ignored, such as 'createdBy' and 'lastModifiedDateTime'.
+
+## Response
+
+If successful, this method returns a `201 Created` response code and a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+``` http
+POST https://graph.microsoft.com/beta/security/rules/detectionRules
+Content-Type: application/json
+{
+ "displayName": "Some rule name",
+ "isEnabled": true,
+ "queryCondition": {
+ "queryText": "DeviceProcessEvents | take 1"
+ },
+ "schedule": {
+ "period": "12H"
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "Some alert title",
+ "description": "Some alert description",
+ "severity": "medium",
+ "category": "Execution",
+ "recommendedActions": null,
+ "mitreTechniques": [],
+ "impactedAssets": [
+ {
+ "@odata.type": "#microsoft.graph.security.impactedDeviceAsset",
+ "identifier": "deviceId"
+ }
+ ]
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "identifier": "deviceId",
+ "isolationType": "full"
+ }
+ ]
+ }
+}
+```
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+``` http
+HTTP/1.1 201 Created
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "35079",
+ "displayName": "Some rule name",
+ "isEnabled": true,
+ "createdBy": "MichaelMekler@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2023-06-25T09:37:28.6149005Z",
+ "lastModifiedDateTime": "2023-06-25T09:37:28.6149005Z",
+ "lastModifiedBy": "MichaelMekler@winatptestlic06.ccsctp.net",
+ "detectorId": "67aa92a1-b04b-4f2a-a223-236968a3da96",
+ "queryCondition": {
+ "queryText": "DeviceProcessEvents | take 1",
+ "lastModifiedDateTime": null
+ },
+ "schedule": {
+ "period": "12H",
+ "nextRunDateTime": "2023-06-25T09:37:28.6149005Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": null,
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "Some alert title",
+ "description": "Some alert description",
+ "severity": "medium",
+ "category": "Execution",
+ "recommendedActions": null,
+ "mitreTechniques": [],
+ "impactedAssets": [
+ {
+ "@odata.type": "#microsoft.graph.security.impactedDeviceAsset",
+ "identifier": "deviceId"
+ }
+ ]
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "isolationType": "full",
+ "identifier": "deviceId"
+ }
+ ]
+ }
+}
+```
+
diff --git a/api-reference/beta/api/security-detectionrule-update.md b/api-reference/beta/api/security-detectionrule-update.md
new file mode 100644
index 00000000000..0751096bffb
--- /dev/null
+++ b/api-reference/beta/api/security-detectionrule-update.md
@@ -0,0 +1,152 @@
+---
+title: "Update detectionRule"
+description: "Update the properties of a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: apiPageType
+---
+
+# Update detectionRule
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Update the properties of a [custom detection rule](../resources/security-detectionrule.md).
+
+## Permissions
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+| Permission type | Permissions (from least to most privileged) |
+|:---------------------------------------|:--------------------------------------------|
+| Delegated (work or school account) | CustomDetection.ReadWrite.All |
+| Delegated (personal Microsoft account) | Not supported. |
+| Application | CustomDetection.ReadWrite.All |
+
+## HTTP request
+
+
+``` http
+PATCH /security/rules/detectionRules/{ruleId}
+```
+
+## Request headers
+| Name | Description |
+|:--------------|:----------------------------|
+| Authorization | Bearer {token}. Required. |
+| Content-Type | application/json. Required. |
+
+## Request body
+
+Provide the properties of a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) to update, and those properties only.
+The properties that can be updated are specified in the following table:
+
+| Property | Type | Description |
+|:-------------------------------------------------|:---------------------------------------------------------------------------------------------|:-----------------------------------------------------------------|
+| displayName | String | Optional. |
+| isEnabled | Boolean | Optional. |
+| detectionAction/alertTemplate/title | String | Optional. |
+| detectionAction/alertTemplate/category | String | Optional. |
+| detectionAction/alertTemplate/description | String | Optional. |
+| detectionAction/alertTemplate/recommendedActions | String | Optional. Provide 'null' to delete the existing response actions |
+| detectionAction/alertTemplate/severity | [microsoft.graph.alertSeverity](../resources/enums.md#alertseverity-values) | Optional. |
+| detectionAction/alertTemplate/impactedAssets | [microsoft.graph.security.impactedAsset](../resources/security-impactedasset.md) | Optional. Provide 'null' to delete the existing impacted assets. |
+| detectionAction/responseActions | [microsoft.graph.security.responseAction](../resources/security-responseaction.md) | Optional. |
+| detectionAction/organizationalScope | [microsoft.graph.security.organizationalScope](../resources/security-organizationalscope.md) | Optional. |
+| queryCondition/queryText | String | Optional. |
+| schedule/period | String | Optional. |
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+``` http
+PATCH https://graph.microsoft.com/beta/security/rules/detectionRules/35079
+Content-Type: application/json
+{
+ "schedule": {
+ "period": "24H"
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "Different alert title"
+ }
+ }
+}
+```
+
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "35079",
+ "displayName": "Some rule name",
+ "isEnabled": true,
+ "createdBy": "MichaelMekler@winatptestlic06.ccsctp.net",
+ "createdDateTime": "2023-06-25T09:37:28.6149005Z",
+ "lastModifiedDateTime": "2023-06-25T09:38:09.5960938Z",
+ "lastModifiedBy": "MichaelMekler@winatptestlic06.ccsctp.net",
+ "detectorId": "67aa92a1-b04b-4f2a-a223-236968a3da96",
+ "queryCondition": {
+ "queryText": "DeviceProcessEvents | take 1",
+ "lastModifiedDateTime": null
+ },
+ "schedule": {
+ "period": "24H",
+ "nextRunDateTime": "2023-06-25T09:37:28.6149005Z"
+ },
+ "lastRunDetails": {
+ "lastRunDateTime": null,
+ "status": null,
+ "failureReason": null,
+ "errorCode": null
+ },
+ "detectionAction": {
+ "alertTemplate": {
+ "title": "Different alert title",
+ "description": "Some alert description",
+ "severity": "medium",
+ "category": "Execution",
+ "recommendedActions": null,
+ "mitreTechniques": [],
+ "impactedAssets": [
+ {
+ "@odata.type": "#microsoft.graph.security.impactedDeviceAsset",
+ "identifier": "deviceId"
+ }
+ ]
+ },
+ "organizationalScope": null,
+ "responseActions": [
+ {
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "isolationType": "full",
+ "identifier": "deviceId"
+ }
+ ]
+ }
+}
+```
+
diff --git a/api-reference/beta/api/sitepage-get.md b/api-reference/beta/api/sitepage-get.md
index 95f7d5d49c3..650a1b570b3 100644
--- a/api-reference/beta/api/sitepage-get.md
+++ b/api-reference/beta/api/sitepage-get.md
@@ -219,7 +219,7 @@ Content-type: application/json
"id": "f45354cb-d634-45df-8b88-2b4e96a1dc45",
"lastModifiedDateTime": "2023-04-16T10:01:41Z",
"name": "Electronic Convertible.aspx",
- "webUrl": https://a830edad9050849yd.sharepoint.com/"SitePages/Electronic Convertible.aspx",
+ "webUrl": "https://a830edad9050849yd.sharepoint.com/SitePages/Electronic%20Convertible.aspx",
"title": "Electronic Convertible",
"pageLayout": "article",
"thumbnailWebUrl": "https://media.akamai.odsp.cdn.office.net/_layouts/15/images/sitepagethumbnail.png",
diff --git a/api-reference/beta/api/virtualendpoint-list-provisioningpolicies.md b/api-reference/beta/api/virtualendpoint-list-provisioningpolicies.md
index c038b610508..71d6c911525 100644
--- a/api-reference/beta/api/virtualendpoint-list-provisioningpolicies.md
+++ b/api-reference/beta/api/virtualendpoint-list-provisioningpolicies.md
@@ -57,7 +57,7 @@ If successful, this method returns a `200 OK` response code and a collection of
### Request
-The following is an example of a request.
+The following example shows a request.
# [HTTP](#tab/http)
@@ -150,6 +149,9 @@ Content-Type: application/json
"windowsSettings": {
"language": "en-US"
},
+ "windowsSetting": {
+ "locale": "en-US"
+ },
"managedBy": "windows365",
"provisioningType": "dedicated"
}
diff --git a/api-reference/beta/api/virtualendpoint-list-shareduseserviceplans.md b/api-reference/beta/api/virtualendpoint-list-shareduseserviceplans.md
index 1f454ec0088..f8d956aa757 100644
--- a/api-reference/beta/api/virtualendpoint-list-shareduseserviceplans.md
+++ b/api-reference/beta/api/virtualendpoint-list-shareduseserviceplans.md
@@ -14,7 +14,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
> [!CAUTION]
-> The **cloudPcSharedUseServicePlan** resource is deprecated and stopped returning data on October 8, 2023. Going forward, use the [cloudPcFrontLineServicePlan](../resources/cloudpcfrontlineserviceplan.md).
+> The **cloudPcSharedUseServicePlan** resource is deprecated and stopped returning data on April 24, 2024. Going forward, use the [cloudPcFrontLineServicePlan](../resources/cloudpcfrontlineserviceplan.md).
Get a list of the [cloudPcSharedUseServicePlan](../resources/cloudpcshareduseserviceplan.md) objects and their properties.
diff --git a/api-reference/beta/api/virtualendpoint-post-provisioningpolicies.md b/api-reference/beta/api/virtualendpoint-post-provisioningpolicies.md
index ce5ccd9d1c3..8a6cb1f4fdb 100644
--- a/api-reference/beta/api/virtualendpoint-post-provisioningpolicies.md
+++ b/api-reference/beta/api/virtualendpoint-post-provisioningpolicies.md
@@ -52,14 +52,15 @@ The following table lists the properties that are required when you create the [
|:---|:---|:---|
|description|String|The provisioning policy description.|
|displayName|String|The display name for the provisioning policy.|
-|domainJoinConfiguration|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs will join Microsoft Entra ID.|
-|domainJoinConfigurations|Collection([microsoft.graph.cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md))|Specifies a list ordered by priority on how Cloud PCs will join Azure AD.|
+|domainJoinConfigurations|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md) collection|Specifies a list ordered by priority on how Cloud PCs join Microsoft Entra ID.|
|imageDisplayName|String|The display name for the OS image you’re provisioning.|
|imageId|String|The ID of the operating system image you want to provision on Cloud PCs. The format for a gallery type image is: {publisher_offer_sku}. Supported values for each of the parameters are as follows:- publisher: `Microsoftwindowsdesktop`.
- offer: `windows-ent-cpc`.
- sku: `21h1-ent-cpc-m365`, `21h1-ent-cpc-os`, `20h2-ent-cpc-m365`, `20h2-ent-cpc-os`, `20h1-ent-cpc-m365`, `20h1-ent-cpc-os`, `19h2-ent-cpc-m365` and `19h2-ent-cpc-os`.
|
|imageType|cloudPcProvisioningPolicyImageType|The type of OS image (custom or gallery) you want to provision on Cloud PCs. Possible values are: `gallery`, `custom`.|
-|onPremisesConnectionId|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service.|
|provisioningType|[cloudPcProvisioningType](../resources/cloudpcprovisioningpolicy.md#cloudpcprovisioningtype-values)|Specifies the type of license used when provisioning Cloud PCs using this policy. By default, the license type is `dedicated` if the **provisioningType** isn't specified when you create the **cloudPcProvisioningPolicy**. You can't change this property after the **cloudPcProvisioningPolicy** was created. Possible values are: `dedicated`, `shared`, `unknownFutureValue`.|
-|windowsSettings|[cloudPcWindowsSettings](../resources/cloudpcwindowssettings.md)|Specific Windows settings to configure while creating Cloud PCs for this provisioning policy.|
+|windowsSetting|[cloudPcWindowsSettings](../resources/cloudpcwindowssetting.md)|Indicates a specific Windows setting to configure during the creation of Cloud PCs for this provisioning policy. Supports `$select`. |
+|domainJoinConfiguration (deprecated)|[cloudPcDomainJoinConfiguration](../resources/cloudpcdomainjoinconfiguration.md)|Specifies how Cloud PCs join Microsoft Entra ID.|
+|onPremisesConnectionId (deprecated)|String|The ID of the cloudPcOnPremisesConnection. To ensure that Cloud PCs have network connectivity and that they domain join, choose a connection with a virtual network that’s validated by the Cloud PC service.|
+|windowsSettings (deprecated)|[cloudPcWindowsSettings](../resources/cloudpcwindowssettings.md)|Specific Windows settings to configure during the creation of Cloud PCs for this provisioning policy. Supports `$select`. The **windowsSettings** property is deprecated and will stop returning data on January 31, 2024. Going forward, use the **windowsSetting** property.|
## Response
@@ -69,9 +70,8 @@ If successful, this method returns a `201 Created` response code and a [cloudPcP
### Request
-The following is an example of a request.
+The following example shows a request.
-# [HTTP](#tab/http)
> [!NOTE]
-> This API is available for Cloud Solution Provider (CSP) partners only to access their billed and unbilled data for a tenant. For information about the CSP program, see the [Microsoft Cloud Solution Provider](https://learn.microsoft.com/en-us/partner-center/csp-overview) page.
+> This API is available for Cloud Solution Provider (CSP) partners only to access their billed and unbilled reconciliation data for a tenant. To learn more about the CSP program, see [Microsoft Cloud Solution Provider](/partner-center/csp-overview).
diff --git a/api-reference/beta/includes/permissions/cloudpcreports-getcloudpcrecommendationreports-permissions.md b/api-reference/beta/includes/permissions/cloudpcreports-getcloudpcrecommendationreports-permissions.md
new file mode 100644
index 00000000000..9c47350a87b
--- /dev/null
+++ b/api-reference/beta/includes/permissions/cloudpcreports-getcloudpcrecommendationreports-permissions.md
@@ -0,0 +1,11 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|CloudPC.Read.All|CloudPC.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|CloudPC.Read.All|CloudPC.ReadWrite.All|
\ No newline at end of file
diff --git a/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentremindersms-permissions.md b/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentremindersms-permissions.md
index 8ebc7dfff80..6d5c2f8147c 100644
--- a/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentremindersms-permissions.md
+++ b/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentremindersms-permissions.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
|Permission type|Least privileged permissions|Higher privileged permissions|
|:---|:---|:---|
-|Delegated (work or school account)|VirtualAppointment.ReadWrite|Not available.|
+|Delegated (work or school account)|VirtualAppointmentNotification.Send|VirtualAppointment.ReadWrite|
|Delegated (personal Microsoft account)|Not supported.|Not supported.|
|Application|Not supported.|Not supported.|
diff --git a/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentsms-permissions.md b/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentsms-permissions.md
index 8ebc7dfff80..6d5c2f8147c 100644
--- a/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentsms-permissions.md
+++ b/api-reference/beta/includes/permissions/virtualappointment-sendvirtualappointmentsms-permissions.md
@@ -6,7 +6,7 @@ ms.localizationpriority: medium
|Permission type|Least privileged permissions|Higher privileged permissions|
|:---|:---|:---|
-|Delegated (work or school account)|VirtualAppointment.ReadWrite|Not available.|
+|Delegated (work or school account)|VirtualAppointmentNotification.Send|VirtualAppointment.ReadWrite|
|Delegated (personal Microsoft account)|Not supported.|Not supported.|
|Application|Not supported.|Not supported.|
diff --git a/api-reference/beta/resources/cloudpcdomainjoinconfiguration.md b/api-reference/beta/resources/cloudpcdomainjoinconfiguration.md
index 14e07a665c0..3571f342e41 100644
--- a/api-reference/beta/resources/cloudpcdomainjoinconfiguration.md
+++ b/api-reference/beta/resources/cloudpcdomainjoinconfiguration.md
@@ -18,10 +18,11 @@ Represents a defined configuration of how a provisioned Cloud PC device will be
## Properties
|Property|Type|Description|
|:---|:---|:---|
+|domainJoinType|[cloudPcDomainJoinType](#cloudpcdomainjointype-values)|Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the `hybridAzureADJoin` type, only provide a value for the **onPremisesConnectionId** property and leave the **regionName** property empty. If you choose the `azureADJoin` type, provide a value for either the **onPremisesConnectionId** or the **regionName** property. Possible values are: `azureADJoin`, `hybridAzureADJoin`, `unknownFutureValue`.|
|onPremisesConnectionId|String|The Azure network connection ID that matches the virtual network IT admins want the provisioning policy to use when they create Cloud PCs. You can use this property in both domain join types: _Azure AD joined_ or _Hybrid Microsoft Entra joined_. If you enter an **onPremisesConnectionId**, leave **regionName** as empty.|
|regionGroup|[cloudPcRegionGroup](../resources/cloudpcsupportedregion.md#cloudpcregiongroup-values)|The logical geographic group this region belongs to. Multiple regions can belong to one region group. A customer can select a **regionGroup** when provisioning a Cloud PC, and the Cloud PC will be put in one of the regions in the group based on resource status. For example, the Europe region group contains the Northern Europe and Western Europe regions. Possible values are: `default`, `australia`, `canada`, `usCentral`, `usEast`, `usWest`, `france`, `germany`, `europeUnion`, `unitedKingdom`, `japan`, `asia`, `india`, `southAmerica`, `euap`, `usGovernment`, `usGovernmentDOD`, `unknownFutureValue`, `norway`, `switzerland`, and `southKorea`. Read-only.|
|regionName|String|The supported Azure region where the IT admin wants the provisioning policy to create Cloud PCs. The underlying virtual network will be created and managed by the Windows 365 service. This can only be entered if the IT admin chooses Microsoft Entra joined as the domain join type. If you enter a **regionName**, leave **onPremisesConnectionId** as empty.|
-|type|[cloudPcDomainJoinType](#cloudpcdomainjointype-values)|Specifies how the provisioned Cloud PC will be joined to Microsoft Entra ID. If you choose the `hybridAzureADJoin` type, only provide a value for the **onPremisesConnectionId** property and leave **regionName** as empty. If you choose the `azureADJoin` type, provide a value for either **onPremisesConnectionId** or **regionName**. The possible values are: `azureADJoin`, `hybridAzureADJoin`, `unknownFutureValue`.|
+|type (deprecated)|[cloudPcDomainJoinType](#cloudpcdomainjointype-values)|Specifies the method by which the provisioned Cloud PC joins Microsoft Entra ID. If you choose the `hybridAzureADJoin` type, only provide a value for the **onPremisesConnectionId** property and leave **regionName** as empty. If you choose the `azureADJoin` type, provide a value for either **onPremisesConnectionId** or **regionName**. The possible values are: `azureADJoin`, `hybridAzureADJoin`, `unknownFutureValue`. The **type** property is deprecated and will stop returning data on January 31, 2024. Going forward, use the **domainJoinType** property.|
### cloudPcDomainJoinType values
@@ -36,7 +37,7 @@ Represents a defined configuration of how a provisioned Cloud PC device will be
None.
## JSON representation
-The following is a JSON representation of the resource.
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.cloudPcWindowsSetting",
+ "locale": "String"
+}
+```
diff --git a/api-reference/beta/resources/enums-security.md b/api-reference/beta/resources/enums-security.md
index 393736bf39e..d0444f6e5d2 100644
--- a/api-reference/beta/resources/enums-security.md
+++ b/api-reference/beta/resources/enums-security.md
@@ -1,7 +1,7 @@
---
title: "Security enum values"
-description: "Microsoft Graph security subnamespace enumeration values"
-doc_type: enumPageType"
+description: "Microsoft Graph security subnamespace enumeration values."
+doc_type: enumPageType
ms.localizationpriority: medium
ms.prod: "security"
author: "BenAlfasi"
@@ -11,7 +11,7 @@ author: "BenAlfasi"
Namespace: microsoft.graph.security
-### auditLogQueryStatus values
+### auditLogQueryStatus values
|Member|
|:---|
@@ -22,7 +22,7 @@ Namespace: microsoft.graph.security
|cancelled|
|unknownFutureValue|
-### auditLogRecordType values
+### auditLogRecordType values
|Member|
|:---|
@@ -275,7 +275,7 @@ Namespace: microsoft.graph.security
|mapgOnboard|
|unknownFutureValue|
-### auditLogUserType values
+### auditLogUserType values
@@ -441,6 +441,160 @@ Namespace: microsoft.graph.security
| critical |
| unknownFutureValue |
+### deviceAssetIdentifier values
+
+| Member |
+|:----------------------|
+| deviceId |
+| deviceName |
+| remoteDeviceName |
+| targetDeviceName |
+| destinationDeviceName |
+| unknownFutureValue |
+
+### deviceIdEntityIdentifier values
+
+| Member |
+|:-------------------|
+| deviceId |
+| unknownFutureValue |
+
+### disableUserEntityIdentifier values
+
+| Member |
+|:----------------------------|
+| accountSid |
+| initiatingProcessAccountSid |
+| requestAccountSid |
+| onPremSid |
+| unknownFutureValue |
+
+### emailEntityIdentifier values
+
+| Member |
+|:----------------------|
+| networkMessageId |
+| recipientEmailAddress |
+| unknownFutureValue |
+
+### fileEntityIdentifier values
+
+| Member |
+|:------------------------|
+| sha1 |
+| initiatingProcessSHA1 |
+| sha256 |
+| initiatingProcessSHA256 |
+| unknownFutureValue |
+
+### forceUserPasswordResetEntityIdentifier values
+
+| Member |
+|:----------------------------|
+| accountSid |
+| initiatingProcessAccountSid |
+| requestAccountSid |
+| onPremSid |
+| unknownFutureValue |
+
+### huntingRuleErrorCode values
+
+| Member |
+|:-------------------------|
+| queryExecutionFailed |
+| queryExecutionThrottling |
+| queryExceededResultSize |
+| queryLimitsExceeded |
+| queryTimeout |
+| alertCreationFailed |
+| alertReportNotFound |
+| partialRowsFailed |
+| unknownFutureValue |
+| noImpactedEntity |
+
+### huntingRuleRunStatus values
+
+| Member |
+|:-------------------|
+| running |
+| completed |
+| failed |
+| partiallyFailed |
+| unknownFutureValue |
+
+### isolationType values
+
+| Member |
+|:-------------------|
+| full |
+| selective |
+| unknownFutureValue |
+
+### mailboxAssetIdentifier values
+
+| Member |
+|:----------------------------|
+| accountUpn |
+| fileOwnerUpn |
+| initiatingProcessAccountUpn |
+| lastModifyingAccountUpn |
+| targetAccountUpn |
+| senderFromAddress |
+| senderDisplayName |
+| recipientEmailAddress |
+| senderMailFromAddress |
+| unknownFutureValue |
+
+### markUserAsCompromisedEntityIdentifier values
+
+| Member |
+|:---------------------------------|
+| accountObjectId |
+| initiatingProcessAccountObjectId |
+| servicePrincipalId |
+| recipientObjectId |
+| unknownFutureValue |
+
+### scopeType values
+
+| Member |
+|:-------------------|
+| deviceGroup |
+| unknownFutureValue |
+
+### stopAndQuarantineFileEntityIdentifier values
+
+| Member |
+|:----------------------|
+| deviceId |
+| sha1 |
+| initiatingProcessSHA1 |
+| unknownFutureValue |
+
+### userAssetIdentifier values
+
+| Member |
+|:----------------------------|
+| accountObjectId |
+| accountSid |
+| accountUpn |
+| accountName |
+| accountDomain |
+| accountId |
+| requestAccountSid |
+| requestAccountName |
+| requestAccountDomain |
+| recipientObjectId |
+| processAccountObjectId |
+| initiatingAccountSid |
+| initiatingProcessAccountUpn |
+| initiatingAccountName |
+| initiatingAccountDomain |
+| servicePrincipalId |
+| servicePrincipalName |
+| targetAccountUpn |
+| unknownFutureValue |
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.alertTemplate",
+ "title": "String",
+ "description": "String",
+ "severity": "String",
+ "category": "String",
+ "recommendedActions": "String",
+ "mitreTechniques": [
+ "String"
+ ],
+ "impactedAssets": [
+ {
+ "@odata.type": "microsoft.graph.security.impactedUserAsset"
+ }
+ ]
+}
+```
+
diff --git a/api-reference/beta/resources/security-allowfileresponseaction.md b/api-reference/beta/resources/security-allowfileresponseaction.md
new file mode 100644
index 00000000000..4b6f8997563
--- /dev/null
+++ b/api-reference/beta/resources/security-allowfileresponseaction.md
@@ -0,0 +1,47 @@
+---
+title: "allowFileResponseAction resource type"
+description: "Describes a response action to allow a file to run on devices controlled by Microsoft Defender for Endpoint."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# allowFileResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that allows a file to run on devices controlled by Microsoft Defender for Endpoint.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+
+| Property | Type | Description |
+|------------------|-------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.fileEntityIdentifier](../resources/enums-security.md#fileentityidentifier-values) | Unique identifier for the response action. The possible values are: `sha1`, `initiatingProcessSHA1`, `sha256`, `initiatingProcessSHA256`, `unknownFutureValue`. |
+| deviceGroupNames | String collection | Device groups to which the actions set in the custom detection rule are applied. [More information](/microsoft-365/security/defender-endpoint/machine-groups) |
+
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.allowFileResponseAction",
+ "identifier": "String",
+ "deviceGroupNames": [
+ "String"
+ ]
+}
+```
+
diff --git a/api-reference/beta/resources/security-api-overview.md b/api-reference/beta/resources/security-api-overview.md
index e2d3b7acf4f..3784ec01cd5 100644
--- a/api-reference/beta/resources/security-api-overview.md
+++ b/api-reference/beta/resources/security-api-overview.md
@@ -50,6 +50,17 @@ Use [runHuntingQuery](../api/security-security-runhuntingquery.md) to run a [Kus
6. The maximum query result size of a single request cannot exceed 124 MB. Exceeding the size limit results in HTTP 400 Bad Request with the message "Query execution has exceeded the allowed result size. Optimize your query by limiting the number of results and try again."
+## Custom detections
+You can create advanced hunting [Custom detection rules](/microsoft-365/security/defender/custom-detections-overview) specific to your security operations to allow you to proactively monitor for threats and take action. For instance, you can make custom detection rules that look for known indicators or misconfigured devices. These automatically trigger alerts and any response actions that you specify.
+
+### Quotas
+
+1. [Get multiple rules](../api/security-detectionrule-list.md): 10 rules per minute per application, 300 rules per hour per application, 600 rules per hour per tenant
+2. [Get a single rule](../api/security-detectionrule-get.md): 100 rules per minute per application, 1,500 rules per hour per application, 1,800 rules per hour per tenant
+3. [Create rule](../api/security-detectionrule-post-detectionRules.md): 10 rules per minute per application, 1,500 rules per hour per application, 1,800 rules per hour per tenant
+4. [Update rule](../api/security-detectionrule-update.md): 100 rules per minute per application, 1,500 rules per hour per application, 1,800 rules per hour per tenant
+5. [Delete rule](../api/security-detectionrule-delete.md): 100 rules per minute per application, 1,500 rules per hour per application, 1,800 rules per hour per tenant
+
## Alerts
Alerts are detailed warnings about suspicious activities in a customer's tenant that Microsoft or partner security providers have identified and flagged for action. Attacks typically employ various techniques against different types of entities, such as devices, users, and mailboxes. The result is alerts from multiple security providers for multiple entities in the tenant. Piecing the individual alerts together to gain insight into an attack can be challenging and time-consuming.
diff --git a/api-reference/beta/resources/security-blockfileresponseaction.md b/api-reference/beta/resources/security-blockfileresponseaction.md
new file mode 100644
index 00000000000..e87a9e07797
--- /dev/null
+++ b/api-reference/beta/resources/security-blockfileresponseaction.md
@@ -0,0 +1,45 @@
+---
+title: "blockFileResponseAction resource type"
+description: "Describes a response action that blocks a file from running on devices controlled by Microsoft Defender for Endpoint."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# blockFileResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that blocks a file from running on devices controlled by Microsoft Defender for Endpoint.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|------------------|-------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.fileEntityIdentifier](../resources/enums-security.md#fileentityidentifier-values) | Unique identifier for the response action. The possible values are: `sha1`, `initiatingProcessSHA1`, `sha256`, `initiatingProcessSHA256`, `unknownFutureValue`. |
+| deviceGroupNames | String collection | Device groups to which the actions set in the custom detection rule are applied. [More information](/microsoft-365/security/defender-endpoint/machine-groups) |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.blockFileResponseAction",
+ "identifier": "String",
+ "deviceGroupNames": [
+ "String"
+ ]
+}
+```
+
diff --git a/api-reference/beta/resources/security-collectinvestigationpackageresponseaction.md b/api-reference/beta/resources/security-collectinvestigationpackageresponseaction.md
new file mode 100644
index 00000000000..2d3be85df01
--- /dev/null
+++ b/api-reference/beta/resources/security-collectinvestigationpackageresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "collectInvestigationPackageResponseAction resource type"
+description: "Describes a response action that collects details for an investigation package."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# collectInvestigationPackageResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that collects details for an investigation package.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceIdEntityIdentifier](../resources/enums-security.md#deviceidentityidentifier-values) | Unique identifier for the response action. Default is `deviceId`. The possible values are: `deviceId`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.collectInvestigationPackageResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-detectionaction.md b/api-reference/beta/resources/security-detectionaction.md
new file mode 100644
index 00000000000..713910761ea
--- /dev/null
+++ b/api-reference/beta/resources/security-detectionaction.md
@@ -0,0 +1,51 @@
+---
+title: "detectionAction resource type"
+description: "Describes the actions that will be taken after a detection is made by the custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# detectionAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes the actions that will be taken after a detection is made by a [custom detection rule](../resources/security-detectionrule.md).
+
+## Properties
+| Property | Type | Description |
+|:--------------------|:----------------------------------------------------------------------------------------------|:----------------------------------------------------------------------|
+| alertTemplate | [microsoft.graph.security.alertTemplate](../resources/security-alerttemplate.md) | Template for the generated alert. |
+| organizationalScope | [microsoft.graph.security.organizationalScope](../resources/security-organizationalscope.md) | Groups to which the custom detection rule applies. |
+| responseActions | [microsoft.graph.security.responseAction](../resources/security-responseaction.md) collection | Actions taken on impacted assets as set in the custom detection rule. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.detectionAction",
+ "alertTemplate": {
+ "@odata.type": "microsoft.graph.security.alertTemplate"
+ },
+ "organizationalScope": {
+ "@odata.type": "microsoft.graph.security.organizationalScope"
+ },
+ "responseActions": [
+ {
+ "@odata.type": "microsoft.graph.security.stopAndQuarantineFileResponseAction"
+ }
+ ]
+}
+```
+
diff --git a/api-reference/beta/resources/security-detectionrule.md b/api-reference/beta/resources/security-detectionrule.md
new file mode 100644
index 00000000000..925be35f0f2
--- /dev/null
+++ b/api-reference/beta/resources/security-detectionrule.md
@@ -0,0 +1,86 @@
+---
+title: "detectionRule resource type"
+description: "Represents a custom detection rule written in **Advanced hunting** to automatically recognize security events when they occur, and to trigger alerts and response actions."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# detectionRule resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Custom detection rules are types of protection rules you can design and tweak using [advanced hunting](../api/security-security-runhuntingquery.md) queries.
+These rules let you proactively monitor various events and system states, including suspected breach activity and misconfigured endpoints.
+A custom detection rule automatically recognizes security events when they occur, and triggers alerts and response actions.
+You can set them to run at regular intervals, generating alerts and taking response actions whenever there are matches.
+
+Inherits from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md).
+
+## Methods
+| Method | Return type | Description |
+|:-----------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------|:------------------------------------------------------------------------------------------------------------------------------------|
+| [List detectionRules](../api/security-detectionrule-list.md) | [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) collection | Get a list of the [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) objects and their properties. |
+| [Get detectionRule](../api/security-detectionrule-get.md) | [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) | Read the properties and relationships of a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object. |
+| [Create detectionRule](../api/security-detectionrule-post-detectionRules.md) | [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) | Create a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md). |
+| [Update detectionRule](../api/security-detectionrule-update.md) | [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) | Update the properties of a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object. |
+| [Delete detectionRule](../api/security-detectionrule-delete.md) | None | Delete a [microsoft.graph.security.detectionRule](../resources/security-detectionrule.md) object. |
+
+## Properties
+| Property | Type | Description |
+|:---------------------|:-------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------|
+| createdBy | String | Name of the user or application that created the rule. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| createdDateTime | DateTimeOffset | Timestamp of rule creation. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| detectionAction | [microsoft.graph.security.detectionAction](../resources/security-detectionaction.md) | Complex type representing the actions taken when a detection is made by this rule. |
+| displayName | String | Name of the rule. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| id | String | Unique identifier to represent the rule. Inherited from [microsoft.graph.entity](../resources/entity.md). |
+| isEnabled | Boolean | Indicates whether rule is turned on for the tenant. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| lastModifiedBy | String | Name of user or application who last updated the rule. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| lastModifiedDateTime | DateTimeOffset | Timestamp of when the rule was last updated. Inherited from [microsoft.graph.security.protectionRule](../resources/security-protectionrule.md). |
+| detectorId | String | The ID of the detector that triggered the alert. Also see the 'detectorId' field in [microsoft.graph.security.alert](../resources/security-alert.md). |
+| lastRunDetails | [microsoft.graph.security.runDetails](../resources/security-rundetails.md) | Complex type holding details about the last run of this rule. |
+| queryCondition | [microsoft.graph.security.queryCondition](../resources/security-querycondition.md) | Complex type holding data about the advanced hunting query of this rule. |
+| schedule | [microsoft.graph.security.ruleSchedule](../resources/security-ruleschedule.md) | Complex type holding data about the triggering schedule of this rule. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.detectionRule",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "isEnabled": "Boolean",
+ "detectorId": "String",
+ "createdBy": "String",
+ "createdDateTime": "String (timestamp)",
+ "lastModifiedDateTime": "String (timestamp)",
+ "lastModifiedBy": "String",
+ "queryCondition": {
+ "@odata.type": "microsoft.graph.security.queryCondition"
+ },
+ "schedule": {
+ "@odata.type": "microsoft.graph.security.ruleSchedule"
+ },
+ "lastRunDetails": {
+ "@odata.type": "microsoft.graph.security.runDetails"
+ },
+ "detectionAction": {
+ "@odata.type": "microsoft.graph.security.detectionAction"
+ }
+}
+```
+
diff --git a/api-reference/beta/resources/security-disableuserresponseaction.md b/api-reference/beta/resources/security-disableuserresponseaction.md
new file mode 100644
index 00000000000..aeb6be56bfd
--- /dev/null
+++ b/api-reference/beta/resources/security-disableuserresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "disableUserResponseAction resource type"
+description: "Describes a response action that temporarily prevents a user from logging in to the on premises network."
+author: "mmekler"
+ms.prod: "security"
+doc_type: resourcePageType
+ms.localizationpriority: medium
+---
+
+# disableUserResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that temporarily prevents a user from logging in to the on premises network.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.disableUserEntityIdentifier](../resources/enums-security.md#disableuserentityidentifier-values) | Unique identifier for the response action. The possible values are: `accountSid`, `initiatingProcessAccountSid`, `requestAccountSid`, `onPremSid`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.disableUserResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-forceuserpasswordresetresponseaction.md b/api-reference/beta/resources/security-forceuserpasswordresetresponseaction.md
new file mode 100644
index 00000000000..3dc1ca65899
--- /dev/null
+++ b/api-reference/beta/resources/security-forceuserpasswordresetresponseaction.md
@@ -0,0 +1,42 @@
+---
+title: "forceUserPasswordResetResponseAction resource type"
+description: "Describes a response action that prompts the user to change their password the next time they sign in."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# forceUserPasswordResetResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that prompts the user to change their password the next time they sign in.
+
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:------------------------------------------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.forceUserPasswordResetEntityIdentifier](../resources/enums-security.md#forceuserpasswordresetentityidentifier-values) | Unique identifier for the response action. The possible values are: `accountSid`, `initiatingProcessAccountSid`, `requestAccountSid`, `onPremSid`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.forceUserPasswordResetResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-harddeleteresponseaction.md b/api-reference/beta/resources/security-harddeleteresponseaction.md
new file mode 100644
index 00000000000..c0b3acb2170
--- /dev/null
+++ b/api-reference/beta/resources/security-harddeleteresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "hardDeleteResponseAction resource type"
+description: "Describes a response action that hard-deletes an email message."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# hardDeleteResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that hard-deletes an email message.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.emailEntityIdentifier](../resources/enums-security.md#emailentityidentifier-values) | Unique identifier for the response action. Default is `networkMessageId`,`recipientEmailAddress`. The possible values are: `networkMessageId`, `recipientEmailAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.hardDeleteResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-impactedasset.md b/api-reference/beta/resources/security-impactedasset.md
new file mode 100644
index 00000000000..1c6eed929a1
--- /dev/null
+++ b/api-reference/beta/resources/security-impactedasset.md
@@ -0,0 +1,42 @@
+---
+title: "impactedAsset resource type"
+description: "Represents an asset that was identified in an alert triggered by a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# impactedAsset resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents an asset that was identified in an alert triggered by a [custom detection rule](../resources/security-detectionrule.md).
+
+This type is abstract, and serves as the base type for the following asset types.
+
+* [User](../resources/security-impacteduserasset.md)
+* [Device](../resources/security-impacteddeviceasset.md)
+* [Mailbox](../resources/security-impactedmailboxasset.md)
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.impactedAsset"
+}
+```
+
diff --git a/api-reference/beta/resources/security-impacteddeviceasset.md b/api-reference/beta/resources/security-impacteddeviceasset.md
new file mode 100644
index 00000000000..ce7e05ac883
--- /dev/null
+++ b/api-reference/beta/resources/security-impacteddeviceasset.md
@@ -0,0 +1,41 @@
+---
+title: "impactedDeviceAsset resource type"
+description: "Represents a device that was identified in an alert triggered by a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# impactedDeviceAsset resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a device that was identified in an alert triggered by a [custom detection rule](../resources/security-detectionrule.md).
+
+Inherits from [microsoft.graph.security.impactedAsset](../resources/security-impactedasset.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceAssetIdentifier](../resources/enums-security.md#deviceassetidentifier-values) | Unique identifier for the impacted device asset. The possible values are: `deviceId`, `deviceName`, `remoteDeviceName`, `targetDeviceName`, `destinationDeviceName`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.impactedDeviceAsset",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-impactedmailboxasset.md b/api-reference/beta/resources/security-impactedmailboxasset.md
new file mode 100644
index 00000000000..6f7e9f779af
--- /dev/null
+++ b/api-reference/beta/resources/security-impactedmailboxasset.md
@@ -0,0 +1,41 @@
+---
+title: "impactedMailboxAsset resource type"
+description: "Represents a mailbox that was identified in an alert triggered by a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# impactedMailboxAsset resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a mailbox that was identified in an alert triggered by a [custom detection rule](../resources/security-detectionrule.md).
+
+Inherits from [microsoft.graph.security.impactedAsset](../resources/security-impactedasset.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:----------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.mailboxAssetIdentifier](../resources/enums-security.md#mailboxassetidentifier-values) | Unique identifier for the impacted mailbox asset. The possible values are: `accountUpn`, `fileOwnerUpn`, `initiatingProcessAccountUpn`, `lastModifyingAccountUpn`, `targetAccountUpn`, `senderFromAddress`, `senderDisplayName`, `recipientEmailAddress`, `senderMailFromAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.impactedMailboxAsset",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-impacteduserasset.md b/api-reference/beta/resources/security-impacteduserasset.md
new file mode 100644
index 00000000000..54f11dbaa80
--- /dev/null
+++ b/api-reference/beta/resources/security-impacteduserasset.md
@@ -0,0 +1,41 @@
+---
+title: "impactedUserAsset resource type"
+description: "Represents a user account that was identified in an alert triggered by a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# impactedUserAsset resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a user account that was identified in an alert triggered by a [custom detection rule](../resources/security-detectionrule.md).
+
+Inherits from [microsoft.graph.security.impactedAsset](../resources/security-impactedasset.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:----------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.userAssetIdentifier](../resources/enums-security.md#userassetidentifier-values) | Unique identifier for the impacted user asset. The possible values are: `accountObjectId`, `accountSid`, `accountUpn`, `accountName`, `accountDomain`, `accountId`, `requestAccountSid`, `requestAccountName`, `requestAccountDomain`, `recipientObjectId`, `processAccountObjectId`, `initiatingAccountSid`, `initiatingProcessAccountUpn`, `initiatingAccountName`, `initiatingAccountDomain`, `servicePrincipalId`, `servicePrincipalName`, `targetAccountUpn`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.impactedUserAsset",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-initiateinvestigationresponseaction.md b/api-reference/beta/resources/security-initiateinvestigationresponseaction.md
new file mode 100644
index 00000000000..860849fc070
--- /dev/null
+++ b/api-reference/beta/resources/security-initiateinvestigationresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "initiateInvestigationResponseAction resource type"
+description: "Describes a response action that starts an automated investigation of a device."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# initiateInvestigationResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that starts an automated investigation of a device.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceIdEntityIdentifier](../resources/enums-security.md#deviceidentityidentifier-values) | Unique identifier for the response action. Default is `deviceId`. The possible values are: `deviceId`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.initiateInvestigationResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-isolatedeviceresponseaction.md b/api-reference/beta/resources/security-isolatedeviceresponseaction.md
new file mode 100644
index 00000000000..3c200b03f4f
--- /dev/null
+++ b/api-reference/beta/resources/security-isolatedeviceresponseaction.md
@@ -0,0 +1,44 @@
+---
+title: "isolateDeviceResponseAction resource type"
+description: "Describes a response action that uses Microsoft Defender to apply full network isolation to a device."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# isolateDeviceResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that uses Microsoft Defender to apply full network isolation to a device.
+This response action prevents the device from connecting to any application or service.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:--------------|:--------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceIdEntityIdentifier](../resources/enums-security.md#deviceidentityidentifier-values) | Unique identifier for the response action. Default is `deviceId`. The possible values are: `deviceId`, `unknownFutureValue`. |
+| isolationType | [microsoft.graph.security.isolationType](../resources/enums-security.md#isolationtype-values) | For the isolated device, the type of isolation applied. The possible values are: `full`, `selective`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.isolateDeviceResponseAction",
+ "identifier": "String",
+ "isolationType": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-markuserascompromisedresponseaction.md b/api-reference/beta/resources/security-markuserascompromisedresponseaction.md
new file mode 100644
index 00000000000..e8eac62f861
--- /dev/null
+++ b/api-reference/beta/resources/security-markuserascompromisedresponseaction.md
@@ -0,0 +1,42 @@
+---
+title: "markUserAsCompromisedResponseAction resource type"
+description: "Describes a response action that sets the user's risk level to 'high' in Microsoft Entra ID."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# markUserAsCompromisedResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that sets the user's risk level to "high" in Microsoft Entra ID.
+This response action sets the user's risk level to `high` in Microsoft Entra ID, which triggers the identity protection policies for a `high` risk level.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:----------------------------------------------------------------------------------------------------------------------------------------------|:--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.markUserAsCompromisedEntityIdentifier](../resources/enums-security.md#markuserascompromisedentityidentifier-values) | Unique identifier for the response action. The possible values are: `accountObjectId`, `initiatingProcessAccountObjectId`, `servicePrincipalId`, `recipientObjectId`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.markUserAsCompromisedResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-movetodeleteditemsresponseaction.md b/api-reference/beta/resources/security-movetodeleteditemsresponseaction.md
new file mode 100644
index 00000000000..1a019a68b9c
--- /dev/null
+++ b/api-reference/beta/resources/security-movetodeleteditemsresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "moveToDeletedItemsResponseAction resource type"
+description: "Describes an email response action that moves the email message to the user's Deleted items folder."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# moveToDeletedItemsResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes an email response action that moves the email message to the user's Deleted items folder.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.emailEntityIdentifier](../resources/enums-security.md#emailentityidentifier-values) | Unique identifier for the response action. Default is `networkMessageId`,`recipientEmailAddress`. The possible values are: `networkMessageId`, `recipientEmailAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.moveToDeletedItemsResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-movetoinboxresponseaction.md b/api-reference/beta/resources/security-movetoinboxresponseaction.md
new file mode 100644
index 00000000000..c003f7f7e94
--- /dev/null
+++ b/api-reference/beta/resources/security-movetoinboxresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "moveToInboxResponseAction resource type"
+description: "Describes an email response action that moves the email message to the user's Inbox."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# moveToInboxResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes an email response action that moves the email message to the user's Inbox.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.emailEntityIdentifier](../resources/enums-security.md#emailentityidentifier-values) | Unique identifier for the response action. Default is `networkMessageId`,`recipientEmailAddress`. The possible values are: `networkMessageId`, `recipientEmailAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.moveToInboxResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-movetojunkresponseaction.md b/api-reference/beta/resources/security-movetojunkresponseaction.md
new file mode 100644
index 00000000000..d3004a4c143
--- /dev/null
+++ b/api-reference/beta/resources/security-movetojunkresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "moveToJunkResponseAction resource type"
+description: "Describes an email response action that moves the email message to the user's Junk folder."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# moveToJunkResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes an email response action that moves the email message to the user's Junk folder.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.emailEntityIdentifier](../resources/enums-security.md#emailentityidentifier-values) | Unique identifier for the response action. Default is `networkMessageId`,`recipientEmailAddress`. The possible values are: `networkMessageId`, `recipientEmailAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.moveToJunkResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-organizationalscope.md b/api-reference/beta/resources/security-organizationalscope.md
new file mode 100644
index 00000000000..41ea69a529a
--- /dev/null
+++ b/api-reference/beta/resources/security-organizationalscope.md
@@ -0,0 +1,43 @@
+---
+title: "organizationalScope resource type"
+description: "Represents a scope that specifies which devices are covered by a custom detection rule's detection action."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# organizationalScope resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a scope that specifies which devices are covered by a [custom detection rule's](../resources/security-detectionrule.md) [detection action](../resources/security-detectionaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------|
+| scopeNames | String collection | List of groups to which the custom detection rule applies. |
+| scopeType | [microsoft.graph.security.scopeType](../resources/enums-security.md#scopetype-values) | The type of the organizational scope. The possible values are: `deviceGroup`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.organizationalScope",
+ "scopeType": "String",
+ "scopeNames": [
+ "String"
+ ]
+}
+```
+
diff --git a/api-reference/beta/resources/security-protectionrule.md b/api-reference/beta/resources/security-protectionrule.md
new file mode 100644
index 00000000000..b556ebef80d
--- /dev/null
+++ b/api-reference/beta/resources/security-protectionrule.md
@@ -0,0 +1,57 @@
+---
+title: "protectionRule resource type"
+description: "Represents a rule, which contains basic properties such as ID, name, and so on."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# protectionRule resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a rule, which contains basic properties such as ID, name, and so on.
+This type is abstract.
+
+Inherits from [microsoft.graph.entity](../resources/entity.md).
+
+## Properties
+| Property | Type | Description |
+|:---------------------|:---------------|:-------------------------------------------------------|
+| createdBy | String | Name of the user or application that created the rule. |
+| createdDateTime | DateTimeOffset | Timestamp of rule creation. |
+| displayName | String | Name of the rule. |
+| id | String | Unique identifier to represent the rule. |
+| isEnabled | Boolean | Whether rule is turned on for the tenant. |
+| lastModifiedBy | String | Name of the user or application who last updated the rule. |
+| lastModifiedDateTime | DateTimeOffset | Timestamp of when the rule was last updated. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.protectionRule",
+ "id": "String (identifier)",
+ "displayName": "String",
+ "isEnabled": "Boolean",
+ "createdBy": "String",
+ "createdDateTime": "String (timestamp)",
+ "lastModifiedDateTime": "String (timestamp)",
+ "lastModifiedBy": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-querycondition.md b/api-reference/beta/resources/security-querycondition.md
new file mode 100644
index 00000000000..4e6085305ab
--- /dev/null
+++ b/api-reference/beta/resources/security-querycondition.md
@@ -0,0 +1,41 @@
+---
+title: "queryCondition resource type"
+description: "Represents the advanced hunting query that defines the behavior of a custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# queryCondition resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents the [advanced hunting](../api/security-security-runhuntingquery.md) query that defines the behavior of a [custom detection rule](../resources/security-detectionrule.md).
+
+## Properties
+| Property | Type | Description |
+|:---------------------|:---------------|:---------------------------------------------------------------------------|
+| lastModifiedDateTime | DateTimeOffset | Timestamp of when the query in the custom detection rule was last updated. |
+| queryText | String | Contents of the query. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.queryCondition",
+ "queryText": "String",
+ "lastModifiedDateTime": "String (timestamp)"
+}
+```
+
diff --git a/api-reference/beta/resources/security-responseaction.md b/api-reference/beta/resources/security-responseaction.md
new file mode 100644
index 00000000000..757a3ad898f
--- /dev/null
+++ b/api-reference/beta/resources/security-responseaction.md
@@ -0,0 +1,56 @@
+---
+title: "responseAction resource type"
+description: "Describes an action taken on impacted assets as set in the custom detection rule."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# responseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes an action taken on [impacted assets](../resources/security-impactedasset.md) as set in a [custom detection rule](../resources/security-detectionrule.md). For more information, see [response actions](/microsoft-365/security/defender/custom-detection-rules#4-specify-actions)
+
+This type is abstract and has multiple response action types that are derived from it:
+
+* [Stop and quarantine file](../resources/security-stopandquarantinefileresponseaction.md)
+* [Disable user](../resources/security-disableuserresponseaction.md)
+* [Force user password reset](../resources/security-forceuserpasswordresetresponseaction.md)
+* [Mark user as compromised](../resources/security-markuserascompromisedresponseaction.md)
+* [Collect investigation package](../resources/security-collectinvestigationpackageresponseaction.md)
+* [Initiate investigation](../resources/security-initiateinvestigationresponseaction.md)
+* [Isolate device](../resources/security-isolatedeviceresponseaction.md)
+* [Restrict app execution](../resources/security-restrictappexecutionresponseaction.md)
+* [Run antivirus scan](../resources/security-runantivirusscanresponseaction.md)
+* [Allow file](../resources/security-allowfileresponseaction.md)
+* [Block file](../resources/security-blockfileresponseaction.md)
+* [Hard delete email](../resources/security-harddeleteresponseaction.md)
+* [Soft delete email](../resources/security-softdeleteresponseaction.md)
+* [Move to inbox](../resources/security-movetoinboxresponseaction.md)
+* [Move to deleted items](../resources/security-movetodeleteditemsresponseaction.md)
+* [Move to junk](../resources/security-movetojunkresponseaction.md)
+
+
+## Properties
+None.
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.responseAction"
+}
+```
+
diff --git a/api-reference/beta/resources/security-restrictappexecutionresponseaction.md b/api-reference/beta/resources/security-restrictappexecutionresponseaction.md
new file mode 100644
index 00000000000..910e3a793f9
--- /dev/null
+++ b/api-reference/beta/resources/security-restrictappexecutionresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "restrictAppExecutionResponseAction resource type"
+description: "Describes a response action that sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# restrictAppExecutionResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that sets restrictions on device to allow only files that are signed with a Microsoft-issued certificate to run.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceIdEntityIdentifier](../resources/enums-security.md#deviceidentityidentifier-values) | Unique identifier for the response action. Default is `deviceId`. The possible values are: `deviceId`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.restrictAppExecutionResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-ruleschedule.md b/api-reference/beta/resources/security-ruleschedule.md
new file mode 100644
index 00000000000..2966c93c9f1
--- /dev/null
+++ b/api-reference/beta/resources/security-ruleschedule.md
@@ -0,0 +1,41 @@
+---
+title: "ruleSchedule resource type"
+description: "Represents how often the custom detection rule runs, and when it next runs."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# ruleSchedule resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents how often the [custom detection rule](../resources/security-detectionrule.md) runs, and when it next runs.
+
+## Properties
+| Property | Type | Description |
+|:----------------|:---------------|:--------------------------------------------------------------------------------------------------------------------------------------------------|
+| nextRunDateTime | DateTimeOffset | Timestamp of the custom detection rule's next scheduled run. |
+| period | String | How often the detection rule is set to run. The allowed values are: `0`, `1H`, `3H`, `12H`, or `24H`. "0" signifies the rule is run continuously. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.ruleSchedule",
+ "period": "String",
+ "nextRunDateTime": "String (timestamp)"
+}
+```
+
diff --git a/api-reference/beta/resources/security-runantivirusscanresponseaction.md b/api-reference/beta/resources/security-runantivirusscanresponseaction.md
new file mode 100644
index 00000000000..222f0cde7d5
--- /dev/null
+++ b/api-reference/beta/resources/security-runantivirusscanresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "runAntivirusScanResponseAction resource type"
+description: "Describes a response action that performs a full Microsoft Defender Antivirus scan on the device."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# runAntivirusScanResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes a response action that performs a full Microsoft Defender Antivirus scan on the device.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.deviceIdEntityIdentifier](../resources/enums-security.md#deviceidentityidentifier-values) | Unique identifier for the response action. Default is `deviceId`. The possible values are: `deviceId`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.runAntivirusScanResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-rundetails.md b/api-reference/beta/resources/security-rundetails.md
new file mode 100644
index 00000000000..59dcbcb72cd
--- /dev/null
+++ b/api-reference/beta/resources/security-rundetails.md
@@ -0,0 +1,59 @@
+---
+title: "runDetails resource type"
+description: "Represents an instance of a custom detection rule run."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# runDetails resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents an instance of a [custom detection rule](../resources/security-detectionrule.md) run.
+
+## Properties
+| Property | Type | Description |
+|:----------------|:------------------------------------------------------------------------------------------------------------|:-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| errorCode | [microsoft.graph.security.huntingRuleErrorCode](../resources/enums-security.md#huntingruleerrorcode-values) | Error code of the most recent run that encountered an error. The possible values are: `queryExecutionFailed`, `queryExecutionThrottling`, `queryExceededResultSize`, `queryLimitsExceeded`, `queryTimeout`, `alertCreationFailed`, `alertReportNotFound`, `partialRowsFailed`, `unknownFutureValue`. |
+| failureReason | String | Reason for failure when the custom detection last ran and failed. See the table below. |
+| lastRunDateTime | DateTimeOffset | Timestamp when the custom detection was last run. |
+| status | [microsoft.graph.security.huntingRuleRunStatus](../resources/enums-security.md#huntingrulerunstatus-values) | Status of custom detection when it was last run. The possible values are: `running`, `completed`, `failed`, `partiallyFailed`, `unknownFutureValue`. |
+
+#### Failure Reasons table
+
+| errorCode | Reason |
+|--------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| queryExecutionFailed | An unexpected error occurred during query execution. Contact support if this failure reoccurs. |
+| queryExecutionThrottling | Query execution was throttled due to exceeded tenant resources. |
+| queryExceededResultSize | Result size limit exceeded. Only the first 100 query results were processed. |
+| queryLimitsExceeded | Query execution was preempted. This failure can be due to high CPU and/or memory resource consumption. Optimize your query by following best practices and try again. |
+| queryTimeout | Query execution took longer than the assigned timeout and was aborted. |
+| alertCreationFailed | An unexpected error occurred while generating alerts from query results. Contact support if this failure reoccurs. |
+| alertReportNotFound | An event couldn't be matched to the given Timestamp, DeviceId, or ReportId. Check the query for aggregation expressions on those columns. |
+| partialRowsFailed | Only a subset of query results could be processed to alerts. Contact support if this failure reoccurs. |
+
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.runDetails",
+ "lastRunDateTime": "String (timestamp)",
+ "status": "String",
+ "failureReason": "String",
+ "errorCode": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-softdeleteresponseaction.md b/api-reference/beta/resources/security-softdeleteresponseaction.md
new file mode 100644
index 00000000000..3b86c4954ff
--- /dev/null
+++ b/api-reference/beta/resources/security-softdeleteresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "softDeleteResponseAction resource type"
+description: "Describes the soft delete response action, which moves the email message to a Deleted folder in the cloud but doesn't delete the email message permanently."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# softDeleteResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes the soft delete response action, which moves the email message to a Deleted folder in the cloud but doesn't delete the email message permanently. Only administrators can perform this response action.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:--------------------------------------------------------------------------------------------------------------|:----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.emailEntityIdentifier](../resources/enums-security.md#emailentityidentifier-values) | Unique identifier for the response action. Default is `networkMessageId`,`recipientEmailAddress`. The possible values are: `networkMessageId`, `recipientEmailAddress`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.softDeleteResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/security-stopandquarantinefileresponseaction.md b/api-reference/beta/resources/security-stopandquarantinefileresponseaction.md
new file mode 100644
index 00000000000..8f3c2ab8052
--- /dev/null
+++ b/api-reference/beta/resources/security-stopandquarantinefileresponseaction.md
@@ -0,0 +1,41 @@
+---
+title: "stopAndQuarantineFileResponseAction resource type"
+description: "Describes response action that moves the file from its current location to quarantine."
+author: "mmekler"
+ms.localizationpriority: medium
+ms.prod: "security"
+doc_type: resourcePageType
+---
+
+# stopAndQuarantineFileResponseAction resource type
+
+Namespace: microsoft.graph.security
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Describes response action that moves the file from its current location to quarantine.
+
+Inherits from [microsoft.graph.security.responseAction](../resources/security-responseaction.md).
+
+## Properties
+| Property | Type | Description |
+|:-----------|:----------------------------------------------------------------------------------------------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------|
+| identifier | [microsoft.graph.security.stopAndQuarantineFileEntityIdentifier](../resources/enums-security.md#stopandquarantinefileentityidentifier-values) | Unique identifier for the response action. The possible values are: `deviceId`, `sha1`, `initiatingProcessSHA1`, `unknownFutureValue`. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.security.stopAndQuarantineFileResponseAction",
+ "identifier": "String"
+}
+```
+
diff --git a/api-reference/beta/resources/userregistrationdetails.md b/api-reference/beta/resources/userregistrationdetails.md
index 99354e25b9e..8c94082a733 100644
--- a/api-reference/beta/resources/userregistrationdetails.md
+++ b/api-reference/beta/resources/userregistrationdetails.md
@@ -30,7 +30,7 @@ Inherits from [entity](../resources/entity.md).
|:---|:---|:---|
|defaultMfaMethod|defaultMfaMethodType|The method the user or admin selected as default for performing multifactor authentication for the user. The possible values are: `none`, `mobilePhone`, `alternateMobilePhone`, `officePhone`, `microsoftAuthenticatorPush`, `softwareOneTimePasscode`, `unknownFutureValue`.|
|id|String|User object identifier in Microsoft Entra ID. Inherited from [entity](../resources/entity.md).|
-|isAdmin|Boolean|Indicates whether the user has an admin role in the tenant. This value can be used to check the authentication methods that privileged accounts are registered for and capable of.|
+|isAdmin|Boolean|Indicates whether the user has an [admin role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) in the tenant. This value can be used to check the authentication methods that privileged accounts are registered for and capable of.|
|isMfaCapable|Boolean|Indicates whether the user has registered a strong authentication method for multifactor authentication. The method must be allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
|isMfaRegistered|Boolean|Indicates whether the user has registered a strong authentication method for multifactor authentication. The method may not necessarily be allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
|isPasswordlessCapable|Boolean|Indicates whether the user has registered a passwordless strong authentication method (including FIDO2, Windows Hello for Business, and Microsoft Authenticator (Passwordless)) that is allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
diff --git a/api-reference/beta/toc.yml b/api-reference/beta/toc.yml
index b86893f3805..2974e2e1cae 100644
--- a/api-reference/beta/toc.yml
+++ b/api-reference/beta/toc.yml
@@ -6,6 +6,8 @@ items:
- name: API changelog
href: https://developer.microsoft.com/en-us/graph/changelog
displayName: API changes, API updates, Microsoft Graph API, REST API, REST API updates
+ - name: Quick start
+ href: https://developer.microsoft.com/en-us/graph/quick-start
- name: Authentication and authorization
href: /graph/auth/index?context=graph/api/beta
- name: Permissions reference
@@ -16355,7 +16357,7 @@ items:
href: resources/attacksimulationtrainingusercoverage.md
- name: Get training coverage for users
href: api/securityreportsroot-getattacksimulationtrainingusercoverage.md
- - name: Partner billing reports (preview)
+ - name: Partner billing reports
items:
- name: Overview
href: resources/partners-billing-api-overview.md
@@ -16464,6 +16466,18 @@ items:
href: resources/security-huntingrowresult.md
- name: Single property schema
href: resources/security-singlepropertyschema.md
+ - name: Custom detection rules
+ items:
+ - name: List custom detection rules
+ href: api/security-detectionrule-list.md
+ - name: Get custom detection rule
+ href: api/security-detectionrule-get.md
+ - name: Create custom detection rule
+ href: api/security-detectionrule-post-detectionRules.md
+ - name: Update custom detection rule
+ href: api/security-detectionrule-update.md
+ - name: Delete custom detection rule
+ href: api/security-detectionrule-delete.md
- name: Alerts and incidents
items:
- name: Alert
diff --git a/api-reference/v1.0/api/chatmessage-post.md b/api-reference/v1.0/api/chatmessage-post.md
index 36ba93b178f..1c179baa5fb 100644
--- a/api-reference/v1.0/api/chatmessage-post.md
+++ b/api-reference/v1.0/api/chatmessage-post.md
@@ -13,9 +13,9 @@ Namespace: microsoft.graph
Send a new [chatMessage](../resources/chatmessage.md) in the specified [channel](../resources/channel.md) or a [chat](../resources/chat.md).
-> **Note**: We don't recommend using this API for data migration. It does not have the throughput necessary for a typical migration.
-
-> **Note**: It is a violation of the [terms of use](/legal/microsoft-apis/terms-of-use) to use Microsoft Teams as a log file. Only send messages that people will read.
+> **Notes:**
+> - We don't recommend using this API for data migration. It does not have the throughput necessary for a typical migration.
+> - It is a violation of the [terms of use](/legal/microsoft-apis/terms-of-use) to use Microsoft Teams as a log file. Only send messages that people will read.
[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
@@ -475,7 +475,9 @@ Content-type: application/json
#### Request
The following example shows a request.
->**Note:** The file must already be in SharePoint. To find the file properties, GET the **driveItem** for the file. For example, /drives/{id}/items/{id}. Your attachment ID is the GUID in the **eTag** of the **driveItem**, your attachment **contentURL** is the **webUrl** of the **driveItem**'s folder plus the **driveItem**'s name, and your attachment name is the **driveItem**'s name.
+>**Notes:**
+> - The file must already be in SharePoint. To find the file properties, GET the **driveItem** for the file. For example: `/drives/{id}/items/{id}`. The attachment ID is the GUID in the **eTag** of the **driveItem**. The attachment **contentURL** is the **webUrl** of the **driveItem** folder plus the name of the **driveItem**. The attachment name is the name of the **driveItem**.
+> - Microsoft Graph supports the `OpenUrl` card action. Bots are required for other card actions.
# [HTTP](#tab/http)
@@ -610,7 +612,7 @@ The following example shows a request.
> **Note:** The **temporaryId** in the **hostedContents** collection is a random ID but must be the same across the **body** and **hostedContents** elements. (Notice the **temporaryId** set to `1` and the reference in the body as `../hostedContents/1/$value`.)
-**contentBytes** must be set to binary string Base64-encoded bytes. You can do it in C# by using `Convert.ToBase64String(File.ReadAllBytes("image.png"));`. Microsoft .NET SDK users don't need to convert to Base64 encoded bytes as the SDK handles it for you.
+**contentBytes** must be set to binary string Base64-encoded bytes. You can convert an item to binary Base64-encoded bytes in C# by using `Convert.ToBase64String(File.ReadAllBytes("image.png"));`, for example. Microsoft .NET SDK users don't need to convert to Base64 encoded bytes as the SDK handles it for you.
# [HTTP](#tab/http)
diff --git a/api-reference/v1.0/api/directoryrole-list-members.md b/api-reference/v1.0/api/directoryrole-list-members.md
index 45345dd5389..b9ef7d43519 100644
--- a/api-reference/v1.0/api/directoryrole-list-members.md
+++ b/api-reference/v1.0/api/directoryrole-list-members.md
@@ -37,7 +37,7 @@ GET /directoryRoles/{role-id}/members
GET /directoryRoles(roleTemplateId='{roleTemplateId}')/members
```
## Optional query parameters
-This method supports the [OData query parameters](/graph/query-parameters) to help customize the response.
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response. It returns a default of 1,000 objects and doesn't support pagination using `$top`.
## Request headers
| Name | Type | Description|
|:-----------|:------|:----------|
diff --git a/api-reference/v1.0/api/partners-billing-billedusage-export.md b/api-reference/v1.0/api/partners-billing-billedusage-export.md
new file mode 100644
index 00000000000..49ecdc16df8
--- /dev/null
+++ b/api-reference/v1.0/api/partners-billing-billedusage-export.md
@@ -0,0 +1,94 @@
+---
+title: "billedUsage: export"
+description: "Export the billed Azure usage data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: apiPageType
+---
+
+# billedUsage: export
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Export the billed Azure usage data.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+
+[!INCLUDE [permissions-table](../includes/permissions/partners-permissions.md)]
+
+## HTTP request
+
+
+``` http
+POST /reports/partners/billing/usage/billed/export
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the parameters.
+
+The following table shows the parameters that you can use with this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|attributeSet|[microsoft.graph.partners.billing.attributeSet](../resources/partners-billing-attributeset.md)|Attributes that should be exported. Possible values are: `full`, `basic`, `unknownFutureValue`. The default value is `full`. Choose `full` for a complete response or `basic` for a subset of attributes. Optional.|
+|invoiceId|String|The invoice ID for which the partner requested to export data. Required.|
+
+## Response
+
+If successful, this method returns a `202 Accepted` response code and a `Location` header that contains the URL to the long-running operation. You can check the status of the long-running operation by making a GET request to this URL that returns one of the following objects in the response body: [microsoft.graph.partners.billing.runningOperation](../resources/partners-billing-runningoperation.md), [microsoft.graph.partners.billing.exportSuccessOperation](../resources/partners-billing-exportsuccessoperation.md), or [microsoft.graph.partners.billing.failedOperation](../resources/partners-billing-failedoperation.md).
+
+## Examples
+
+### Request
+
+The following example shows a request.
+
+
+``` http
+POST https://graph.microsoft.com/v1.0/reports/partners/billing/usage/billed/export
+Content-Type: application/json
+
+{
+ "invoiceId" : "G016907411",
+ "attributeSet" : "full"
+}
+```
+
+### Response
+
+The following example shows the response.
+
+
+``` http
+HTTP/1.1 202 OK
+Location: https://graph.microsoft.com/v1.0/reports/partners/billing/operations/9ab9cb54-d07f-4f52-9ea6-a09d7de52c14
+```
diff --git a/api-reference/v1.0/api/partners-billing-manifest-get.md b/api-reference/v1.0/api/partners-billing-manifest-get.md
new file mode 100644
index 00000000000..17a34524997
--- /dev/null
+++ b/api-reference/v1.0/api/partners-billing-manifest-get.md
@@ -0,0 +1,106 @@
+---
+title: "Get manifest"
+description: "Read the properties and relationships of a manifest object."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: apiPageType
+---
+
+# Get manifest
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+
+Read the properties and relationships of a [manifest](../resources/partners-billing-manifest.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+
+[!INCLUDE [permissions-table](../includes/permissions/partners-permissions.md)]
+
+## HTTP request
+
+
+``` http
+GET /reports/partners/billing/manifests/{id}
+```
+
+## Optional query parameters
+
+This method doesn't support any OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [microsoft.graph.partners.billing.manifest](../resources/partners-billing-manifest.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+
+``` http
+GET https://graph.microsoft.com/v1.0/reports/partners/billing/manifests/6fe687d7-1e0f-4bd6-9091-4672691f64bc
+```
+
+### Response
+
+The following example shows the response.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "id": "6fe687d7-1e0f-4bd6-9091-4672691f64bc",
+ "schemaVersion": "1",
+ "dataFormat": "compressedJSON",
+ "createdDateTime": "2023-03-09T06:34:34.87Z",
+ "eTag": "WYjLro78HdMg6vUWR",
+ "partnerTenantId": "0e195b37-4574-4539-bc42-0e539b9684c0",
+ "rootDirectory": "https://adlsreconbuprodeastus201.blob.core.windows.net/billedusagefastpath/v1/PartnerTenantId=0e195b37-4574-4539-bc42-0e539b9684c0/BillingMonth=202310/InvoiceId=G031809528/InvoiceVersion=202311/Fragment=basic/PartitionType=default",
+ "sasToken": "skoid=0c414a25-fd23-4785-815f-1258467f9ab7&sktid=975f013f-7f24-47e8-a7d3-abc4752bf346&skt=2023-12-13T00%3A37%3A17Z&ske=2023-12-14T00%3A37%3A17Z&sks=b&skv=2021-08-06&sv=2021-08-06&se=2023-12-13T12%3A37%3A17Z&sr=d&sp=rl&sdd=7&sig=RpVY0WBGUHJ2APB3N76jtMak8loAWY4oiA0%2FaoJX1bM%3D",
+ "partitionType": "Default",
+ "blobCount": 1,
+ "blobs": [
+ {
+ "name": "part-00049-b016029b-a7a7-4c46-9b5e-c925ac317ac6.c000.json.gz",
+ "partitionValue": "default"
+ }
+ ]
+}
+```
diff --git a/api-reference/v1.0/api/partners-billing-operation-get.md b/api-reference/v1.0/api/partners-billing-operation-get.md
new file mode 100644
index 00000000000..0dd84658696
--- /dev/null
+++ b/api-reference/v1.0/api/partners-billing-operation-get.md
@@ -0,0 +1,187 @@
+---
+title: "Get operation"
+description: "Read the properties and relationships of an operation object."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: apiPageType
+---
+
+# Get operation
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+
+Read the properties and relationships of an [operation](../resources/partners-billing-operation.md) object.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+
+[!INCLUDE [permissions-table](../includes/permissions/partners-permissions.md)]
+
+## HTTP request
+
+
+``` http
+GET /reports/partners/billing/operations/{id}
+```
+
+## Optional query parameters
+
+This method doesn't support any OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If an operation completes successfully, this method returns a `200 OK` response code and a [microsoft.graph.partners.billing.exportSuccessOperation](../resources/partners-billing-exportsuccessoperation.md) object in the response body. The **resourceLocation** navigation property in the response body represents the [microsoft.graph.partners.billing.manifest](../resources/partners-billing-manifest.md) resource for the operation.
+
+If an operation fails, this method returns a `200 OK` response code and a [microsoft.graph.partners.billing.failedOperation](../resources/partners-billing-failedoperation.md) object in the response body.
+
+If an operation is still running, this method returns a `200 OK` response code and a [microsoft.graph.partners.billing.runningOperation](../resources/partners-billing-runningoperation.md) object in the response body.
+
+## Examples
+
+### Example 1: Get operation succeeded
+
+#### Request
+
+The following example shows a request that returns a [microsoft.graph.partners.billing.exportSuccessOperation](../resources/partners-billing-exportsuccessoperation.md) object.
+
+
+``` http
+GET https://graph.microsoft.com/v1.0/reports/partners/billing/operations/6fe687d7-1e0f-4bd6-9091-4672691f64bc
+```
+
+#### Response
+
+The following example shows the response for an operation that completed successfully.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.partners.billing.exportSuccessOperation",
+ "id": "6fe687d7-1e0f-4bd6-9091-4672691f64bc",
+ "status": "succeeded",
+ "createdDateTime": "2023-03-09T08:12:53",
+ "lastActionDateTime": "2023-03-09T08:37:48.5046691Z",
+ "resourceLocation@odata.navigationLink": "https://graph.microsoft.com/v1.0/reports/partners/billing/manifests/8fe347d7-1e0f-4bd6-9091-4672691f32db"
+}
+```
+
+### Example 2: Get operation failed
+
+#### Request
+
+The following example shows a request that returns a [microsoft.graph.partners.billing.failedOperation](../resources/partners-billing-failedoperation.md) object.
+
+
+``` http
+GET https://graph.microsoft.com/v1.0/reports/partners/billing/operations/6fe687d7-1e0f-4bd6-9091-4672691f64bc
+```
+
+#### Response
+
+The following example shows the response for an operation that failed.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.partners.billing.failedOperation",
+ "id": "6fe687d7-1e0f-4bd6-9091-4672691f64bc",
+ "status": "failed",
+ "createdDateTime": "2023-03-09T08:12:53",
+ "lastActionDateTime": "2023-03-09T08:37:48.5046691Z",
+ "error": {
+ "message": "No data available",
+ "code": "5000"
+ }
+}
+```
+
+### Example 3: Get operation is still running
+
+#### Request
+
+The following example shows a request that returns a [microsoft.graph.partners.billing.runningOperation](../resources/partners-billing-runningoperation.md) object.
+
+
+``` http
+GET https://graph.microsoft.com/v1.0/reports/partners/billing/operations/6fe687d7-1e0f-4bd6-9091-4672691f64bc
+```
+
+#### Response
+
+The following example shows the response for an operation that is still running.
+
+>**Note:** The response object shown here might be shortened for readability.
+
+
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+ "@odata.type": "#microsoft.graph.partners.billing.runningOperation",
+ "id": "6fe687d7-1e0f-4bd6-9091-4672691f64bc",
+ "status": "running",
+ "createdDateTime": "2023-03-09T08:12:53",
+ "lastActionDateTime": "2023-03-09T08:37:48.5046691Z"
+}
+```
diff --git a/api-reference/v1.0/api/partners-billing-unbilledusage-export.md b/api-reference/v1.0/api/partners-billing-unbilledusage-export.md
new file mode 100644
index 00000000000..ff3f862fa26
--- /dev/null
+++ b/api-reference/v1.0/api/partners-billing-unbilledusage-export.md
@@ -0,0 +1,97 @@
+---
+title: "unbilledUsage: export"
+description: "Export the unbilled Azure usage data for a specific billing period and a given currency."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: apiPageType
+---
+
+# unbilledUsage: export
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Export the unbilled Azure usage data for a specific billing period and a given currency.
+
+## Permissions
+
+One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).
+
+
+[!INCLUDE [permissions-table](../includes/permissions/partners-permissions.md)]
+
+## HTTP request
+
+
+``` http
+POST /reports/partners/billing/usage/unbilled/export
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required.|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the parameters.
+
+The following table shows the parameters that you can use with this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|attributeSet|[microsoft.graph.partners.billing.attributeSet](../resources/partners-billing-attributeset.md)|Attributes that should be exported. Possible values are: `full`, `basic`, `unknownFutureValue`. The default value is `full`. Choose `full` for a complete response or `basic` for a subset of attributes. Optional.|
+|billingPeriod|[microsoft.graph.partners.billing.billingPeriod](../resources/partners-billing-unbilledusage.md#billingperiod-values)|The billing period for the export data. Possible values are: `current`, `last`, `unknownFutureValue`. Choose `current` for the current billing period and `last` for the last billing period. Required.|
+|currencyCode|String|The currency code for the partner billing. Required.|
+
+## Response
+
+If successful, this method returns a `202 Accepted` response code and a `Location` header that contains the URL to the long-running operation. You can check the status of the long-running operation by making a GET request to this URL that returns one of the following objects in the response body: [microsoft.graph.partners.billing.runningOperation](../resources/partners-billing-runningoperation.md), [microsoft.graph.partners.billing.exportSuccessOperation](../resources/partners-billing-exportsuccessoperation.md), or [microsoft.graph.partners.billing.failedOperation](../resources/partners-billing-failedoperation.md).
+
+## Examples
+
+### Request
+
+The following example shows a request.
+
+
+``` http
+POST https://graph.microsoft.com/v1.0/reports/partners/billing/usage/unbilled/export
+Content-Type: application/json
+
+{
+ "currencyCode": "USD",
+ "attributeSet": "full",
+ "billingPeriod": "current"
+}
+```
+
+### Response
+
+The following example shows the response.
+
+
+``` http
+HTTP/1.1 202 Accepted
+Content-Type: application/json
+Location: https://graph.microsoft.com/v1.0/reports/partners/billing/operations/9ab9cb54-d07f-4f52-9ea6-a09d7de52c14
+```
diff --git a/api-reference/v1.0/includes/alerts-callout-csp-partner-only.md b/api-reference/v1.0/includes/alerts-callout-csp-partner-only.md
new file mode 100644
index 00000000000..ffd32d115de
--- /dev/null
+++ b/api-reference/v1.0/includes/alerts-callout-csp-partner-only.md
@@ -0,0 +1,11 @@
+---
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+ms.topic: include
+---
+
+
+> [!NOTE]
+> This API is available for Cloud Solution Provider (CSP) partners only to access their billed and unbilled reconciliation data for a tenant. To learn more about the CSP program, see [Microsoft Cloud Solution Provider](/partner-center/csp-overview).
+
diff --git a/api-reference/beta/includes/permissions/operation-get-permissions.md b/api-reference/v1.0/includes/permissions/partners-permissions.md
similarity index 100%
rename from api-reference/beta/includes/permissions/operation-get-permissions.md
rename to api-reference/v1.0/includes/permissions/partners-permissions.md
diff --git a/api-reference/v1.0/resources/partners-billing-api-overview.md b/api-reference/v1.0/resources/partners-billing-api-overview.md
new file mode 100644
index 00000000000..d9b86d81925
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-api-overview.md
@@ -0,0 +1,77 @@
+---
+title: "Use the Microsoft Graph API to export partner billing data"
+description: "The partner billing API in Microsoft Graph offers Microsoft direct partners a faster, more efficient way to export their high-volume billed and unbilled Azure usage data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+ms.custom: zt-include
+---
+
+# Use the Microsoft Graph API to export partner billing data
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+As part of the Microsoft Partner Center ecosystem, Microsoft direct partners in the Cloud Solution Provider programs can request to export their billed and unbilled data to Azure Blob Storage asynchronously. this removes the need to maintain an open connection for hours and loop through millions of transactions iteratively. The asynchronous API provides a way to quickly access billing and reconciliation data in manageable chunks.
+
+The partner billing API is defined in the OData subnamespace `microsoft.graph.partners.billing`.
+
+> [!NOTE]
+> Daily-rated usage normally takes 24 hours to appear in the Microsoft Partner Center or to be available through the API.
+
+## Authorization
+
+To export reconciliation data, the calling principal must be in the partner tenant and be granted the appropriate partner billing privilege permissions. The partner billing API supports the following partner permissions.
+
+[!INCLUDE [permissions-table](../includes/permissions/partners-permissions.md)]
+
+
+
+[!INCLUDE [zero-trust](~/../azure_docs/includes/active-directory-zero-trust.md)]
+
+
+
+
+## Common use cases
+
+The partner billing API provides methods and actions that allow Microsoft direct partners to export their high-volume billed and unbilled Azure usage data.
+
+### Billed reconciliation data
+
+| Use case | API |
+|--|--|
+| Create a new export operation to export billed reconciliation data | [billedUsage: export](../api/partners-billing-billedusage-export.md) |
+| Poll for operation status update | [Get operation](../api/partners-billing-operation-get.md) |
+
+### Unbilled reconciliation data
+
+| Use case | API |
+|--|--|
+| Create a new export operation to export unbilled reconciliation data | [unbilledUsage: export](../api/partners-billing-unbilledusage-export.md) |
+| Poll for operation status update | [Get operation](../api/partners-billing-operation-get.md) |
+
+## Asynchronous data retrieval
+
+The download of reconciliation data is a long-running operation that consists of the following operations.
+
+### Usage line-item endpoint
+
+Use the [billedUsage: export](../api/partners-billing-billedusage-export.md) or [unbilledUsage: export](../api/partners-billing-unbilledusage-export.md) API to access billed or unbilled consumption line items. The API returns a `202 Accepted` response code and a `Location` header that contains the URL to the long-running operation. You can check the status of the long-running operation by making a GET request at regular intervals until you receive a success status with a [manifest](../resources/partners-billing-manifest.md) URL.
+
+### Operation status endpoint
+
+Until you receive the success status, keep polling the [Get operation](../api/partners-billing-operation-get.md) API at regular intervals. If the requested data is unavailable, the API response includes a `Retry-After` header that indicates how long you should wait before sending another request. When the operation has completed successfully, the response also provides a [manifest](../resources/partners-billing-manifest.md) with details of the generated files. The manifest provides a storage folder from which actual billing data can be downloaded. The response splits or partitions the files to optimize throughput and I/O parallelism.
+
+
+
diff --git a/api-reference/v1.0/resources/partners-billing-attributeset.md b/api-reference/v1.0/resources/partners-billing-attributeset.md
new file mode 100644
index 00000000000..ed82050855e
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-attributeset.md
@@ -0,0 +1,94 @@
+---
+title: "attributeSet enum type"
+description: "Represents attributes for exported data sets in the Microsoft Graph partner billing API."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: enumPageTypes
+---
+
+# attributeSet enum type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents attributes for exported data sets in the Microsoft Graph partner billing API. The default value is `full`. Choose `full` for a complete response or `basic` for a subset of attributes.
+
+## Members
+
+| Member | Value | Description |
+|:-------------------|:------|:-------------------------------------------------|
+| full | 1 | All attributes in the exported data. |
+| basic | 2 | Only basic attributes in the exported data. |
+| unknownFutureValue | 3 | Evolvable enumeration sentinel value. Don't use. |
+
+### Attributes
+
+The [billedUsage: export](../api/partners-billing-billedusage-export.md) or [unbilledUsage: export](../api/partners-billing-unbilledusage-export.md) API response with the `full` or `basic` request parameter returns the following attributes.
+
+| Attribute | Full | Basic |
+|:------------------------------|:-----|:------|
+| AdditionalInfo | Yes | Yes |
+| AvailabilityId | Yes | No |
+| BenefitID | Yes | No |
+| BenefitOrderID | Yes | Yes |
+| BenefitType | Yes | Yes |
+| BillingCurrency | Yes | Yes |
+| BillingPreTaxTotal | Yes | Yes |
+| ChargeEndDate | Yes | Yes |
+| ChargeStartDate | Yes | Yes |
+| ChargeType | Yes | Yes |
+| ConsumedService | Yes | No |
+| CreditPercentage | Yes | Yes |
+| CreditType | Yes | Yes |
+| CustomerCountry | Yes | No |
+| CustomerDomainName | Yes | No |
+| CustomerId | Yes | Yes |
+| CustomerName | Yes | Yes |
+| EffectiveUnitPrice | Yes | Yes |
+| EntitlementDescription | Yes | No |
+| EntitlementId | Yes | Yes |
+| InvoiceNumber | Yes | Yes |
+| MeterCategory | Yes | No |
+| MeterId | Yes | No |
+| MeterName | Yes | No |
+| MeterRegion | Yes | No |
+| MeterSubCategory | Yes | No |
+| MeterType | Yes | No |
+| MpnId | Yes | No |
+| PartnerEarnedCreditPercentage | Yes | No |
+| PartnerId | Yes | Yes |
+| PartnerName | Yes | Yes |
+| PCToBCExchangeRate | Yes | Yes |
+| PricingCurrency | Yes | Yes |
+| PricingPreTaxTotal | Yes | Yes |
+| ProductId | Yes | Yes |
+| ProductName | Yes | No |
+| PublisherId | Yes | No |
+| PublisherName | Yes | Yes |
+| Quantity | Yes | Yes |
+| ResourceGroup | Yes | No |
+| ResourceLocation | Yes | No |
+| ResourceURI | Yes | Yes |
+| ServiceInfo1 | Yes | No |
+| ServiceInfo2 | Yes | No |
+| SkuId | Yes | Yes |
+| SkuName | Yes | Yes |
+| SubscriptionDescription | Yes | No |
+| SubscriptionId | Yes | Yes |
+| Tags | Yes | No |
+| Tier2MpnId | Yes | No |
+| Unit | Yes | No |
+| UnitPrice | Yes | Yes |
+| UnitType | Yes | Yes |
+| UsageDate | Yes | Yes |
+
+
diff --git a/api-reference/v1.0/resources/partners-billing-azureusage.md b/api-reference/v1.0/resources/partners-billing-azureusage.md
new file mode 100644
index 00000000000..a82de3a6421
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-azureusage.md
@@ -0,0 +1,49 @@
+---
+title: "azureUsage resource type"
+description: "Represents details for billed and unbilled Azure usage data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# azureUsage resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents details for billed and unbilled Azure usage data.
+
+## Methods
+
+None.
+
+## Properties
+
+None.
+
+## Relationships
+
+|Relationship|Type|Description|
+|:---|:---|:---|
+|billed|[microsoft.graph.partners.billing.billedUsage](partners-billing-billedusage.md)|Represents details for billed Azure usage data.|
+|unbilled|[microsoft.graph.partners.billing.unbilledUsage](partners-billing-unbilledusage.md)|Represents details for unbilled Azure usage data.|
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.azureUsage"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-billedusage.md b/api-reference/v1.0/resources/partners-billing-billedusage.md
new file mode 100644
index 00000000000..c609d55165d
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-billedusage.md
@@ -0,0 +1,48 @@
+---
+title: "billedUsage resource type"
+description: "Represents details for billed Azure usage data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# billedUsage resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents details for billed Azure usage data.
+
+## Methods
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[export](../api/partners-billing-billedusage-export.md)|[microsoft.graph.partners.billing.operation](partners-billing-operation.md)|Export the billed Azure usage data.|
+
+## Properties
+
+None.
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.billedUsage"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-billing.md b/api-reference/v1.0/resources/partners-billing-billing.md
new file mode 100644
index 00000000000..6fba268b799
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-billing.md
@@ -0,0 +1,50 @@
+---
+title: "billing resource type"
+description: "Represents billing details for billed and unbilled data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# billing resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents billing details for billed and unbilled data.
+
+## Methods
+
+None.
+
+## Properties
+
+None.
+
+## Relationships
+
+|Relationship|Type|Description|
+|:---|:---|:---|
+|manifests|[microsoft.graph.partners.billing.manifest](partners-billing-manifest.md) collection|Represents metadata for the exported data.|
+|operations|[microsoft.graph.partners.billing.operation](partners-billing-operation.md) collection|Represents an operation to export the billing data of a partner.|
+|usage|[microsoft.graph.partners.billing.azureUsage](partners-billing-azureusage.md)|Represents details for billed and unbilled Azure usage data.|
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.billing"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-blob.md b/api-reference/v1.0/resources/partners-billing-blob.md
new file mode 100644
index 00000000000..5113d7519ae
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-blob.md
@@ -0,0 +1,43 @@
+---
+title: "blob resource type"
+description: "Represents a billing blob that contains exported data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# blob resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents a billing blob that contains exported data.
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|name|String|The blob name.|
+|partitionValue|String|The partition that contains the file. A large partition is split into multiple files, each with the same **partitionValue**.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "name": "String",
+ "partitionValue": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-exportsuccessoperation.md b/api-reference/v1.0/resources/partners-billing-exportsuccessoperation.md
new file mode 100644
index 00000000000..abe2249af93
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-exportsuccessoperation.md
@@ -0,0 +1,55 @@
+---
+title: "exportSuccessOperation resource type"
+description: "Represents an export operation that is completed successfully."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# exportSuccessOperation resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents an export operation that is completed successfully.
+
+Inherits from [operation](../resources/partners-billing-operation.md).
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|createdDateTime|DateTimeOffset|The start time of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|id|String|The unique identifier for the **exportSuccessOperation**. Inherited from [operation](../resources/partners-billing-operation.md).|
+|lastActionDateTime|DateTimeOffset|The time of the last action of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|status|microsoft.graph.longRunningOperationStatus|The status of the operation. Supports a subset of the values for **longRunningOperationStatus**. Possible value is: `completed`. Inherited from [operation](../resources/partners-billing-operation.md).|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:---|:---|:---|
+|resourceLocation|[microsoft.graph.partners.billing.manifest](../resources/partners-billing-manifest.md)|Metadata for the exported files.|
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.exportSuccessOperation",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastActionDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-failedoperation.md b/api-reference/v1.0/resources/partners-billing-failedoperation.md
new file mode 100644
index 00000000000..ad4b61ea260
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-failedoperation.md
@@ -0,0 +1,55 @@
+---
+title: "failedOperation resource type"
+description: "Represents an export operation that failed to complete."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# failedOperation resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents an export operation that failed to complete.
+
+Inherits from [operation](../resources/partners-billing-operation.md).
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|createdDateTime|DateTimeOffset|The start time of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|id|String|The unique identifier for the **failedOperation**. Inherited from [operation](../resources/partners-billing-operation.md).|
+|lastActionDateTime|DateTimeOffset|The time of the last action of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|status|microsoft.graph.longRunningOperationStatus|The status of the operation. Supports a subset of the values for **longRunningOperationStatus**. Possible value is: `failed`. Inherited from [operation](../resources/partners-billing-operation.md).|
+
+## Relationships
+
+|Relationship|Type|Description|
+|:---|:---|:---|
+|error|[microsoft.graph.publicError](../resources/publicerror.md)|Information about the error that caused the failure.|
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.failedOperation",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastActionDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-manifest.md b/api-reference/v1.0/resources/partners-billing-manifest.md
new file mode 100644
index 00000000000..e1ee6a37070
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-manifest.md
@@ -0,0 +1,72 @@
+---
+title: "manifest resource type"
+description: "Represents metadata for the exported data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# manifest resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents metadata for the exported data. Use the metadata to get details of the file you want to download from an Azure Blob Storage.
+
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[Get manifest](../api/partners-billing-manifest-get.md)|[microsoft.graph.partners.billing.manifest](../resources/partners-billing-manifest.md)|Read the properties and relationships of a [manifest](../resources/partners-billing-manifest.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|blobCount|Int32|The total file count for this partner tenant ID.|
+|blobs|[microsoft.graph.partners.billing.blob](../resources/partners-billing-blob.md) collection|A collection of blob objects that contain details of all the files for the partner tenant ID.|
+|createdDateTime|DateTimeOffset|The date and time when a manifest resource was created. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|dataFormat|String|The billing data file format. The possible value is: `compressedJSONLines`. Each blob is a compressed file and data in the file is in [JSON lines](https://jsonlines.org/) format. Decompress the file to access the data.|
+|eTag|String|Version of data represented by the manifest. Any change in **eTag** indicates a new data version.|
+|id|String|The unique identifier for the **manifest**. Inherited from [entity](../resources/entity.md).|
+|partitionType|String|Indicates the division of data. If a given partition has more than the supported number, the data is split into multiple files, each file representing a specific **partitionValue**. By default, the data in the file is partitioned by the number of line items.|
+|partnerTenantId|String|The Microsoft Entra tenant ID of the partner.|
+|rootDirectory|String|The root directory that contains all the files.|
+|sasToken|String|The SAS token for accessing the directory or an individual file in the directory.|
+|schemaVersion|String|The version of the manifest schema.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "blobCount": "Int32",
+ "blobs": [{"@odata.type": "microsoft.graph.partners.billing.blob"}],
+ "createdDateTime": "String (timestamp)",
+ "dataFormat": "String",
+ "eTag": "String",
+ "id": "String (identifier)",
+ "partitionType": "String",
+ "partnerTenantId": "String",
+ "rootDirectory": "String",
+ "sasToken": "String",
+ "schemaVersion": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-operation.md b/api-reference/v1.0/resources/partners-billing-operation.md
new file mode 100644
index 00000000000..ebc97136b1f
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-operation.md
@@ -0,0 +1,61 @@
+---
+title: "operation resource type"
+description: "Represents an operation to export the billing data of a partner."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# operation resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents an operation to export the billing data of a partner.
+
+Base type of [exportSuccessOperation](../resources/partners-billing-exportsuccessoperation.md), [failedOperation](../resources/partners-billing-failedoperation.md), and [runningOperation](../resources/partners-billing-runningoperation.md).
+
+Inherits from [entity](../resources/entity.md).
+
+## Methods
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[Get operation](../api/partners-billing-operation-get.md)|[microsoft.graph.partners.billing.operation](../resources/partners-billing-operation.md)|Read the properties and relationships of an [operation](../resources/partners-billing-operation.md) object.|
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|createdDateTime|DateTimeOffset|The start time of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|id|String|The unique identifier for the **operation**. Inherited from [entity](../resources/partners-billing-operation.md).|
+|lastActionDateTime|DateTimeOffset|The time of the last action of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
+|status|microsoft.graph.longRunningOperationStatus|The status of the operation. Possible values are: `notStarted`, `running`, `completed`, `failed`, `unknownFutureValue`.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.operation",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastActionDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-runningoperation.md b/api-reference/v1.0/resources/partners-billing-runningoperation.md
new file mode 100644
index 00000000000..099bee2cc92
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-runningoperation.md
@@ -0,0 +1,53 @@
+---
+title: "runningOperation resource type"
+description: "Represents an export operation that is still running, which indicates that the files aren't ready yet."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# runningOperation resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents an export operation that is still running, which indicates that the files aren't ready yet.
+
+Inherits from [operation](../resources/partners-billing-operation.md).
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|createdDateTime|DateTimeOffset|The start time of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|id|String|The unique identifier for the **runningOperation**. Inherited from [operation](../resources/partners-billing-operation.md).|
+|lastActionDateTime|DateTimeOffset|The time of the last action of the operation. The timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Inherited from [operation](../resources/partners-billing-operation.md).|
+|status|microsoft.graph.longRunningOperationStatus|The status of the operation. Supports a subset of the values for **longRunningOperationStatus**. Possible values are: `notStarted`, `running`. Inherited from [operation](../resources/partners-billing-operation.md).|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.runningOperation",
+ "createdDateTime": "String (timestamp)",
+ "id": "String (identifier)",
+ "lastActionDateTime": "String (timestamp)",
+ "status": "String"
+}
+```
diff --git a/api-reference/v1.0/resources/partners-billing-unbilledusage.md b/api-reference/v1.0/resources/partners-billing-unbilledusage.md
new file mode 100644
index 00000000000..ae73a908257
--- /dev/null
+++ b/api-reference/v1.0/resources/partners-billing-unbilledusage.md
@@ -0,0 +1,56 @@
+---
+title: "unbilledUsage resource type"
+description: "Represents details for unbilled Azure usage data."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# unbilledUsage resource type
+
+Namespace: microsoft.graph.partners.billing
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents details for unbilled Azure usage data.
+
+## Methods
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[export](../api/partners-billing-unbilledusage-export.md)|[microsoft.graph.partners.billing.operation](partners-billing-operation.md)|Export the unbilled Azure usage data for a specific billing period and a given currency.|
+
+## Properties
+
+None.
+
+### billingPeriod values
+
+| Member | Description |
+|:-------------------|:-------------------------------------------------|
+| current | The current billing period. |
+| last | The billing period for the last month. |
+| unknownFutureValue | Evolvable enumeration sentinel value. Don't use. |
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners.billing.unbilledUsage"
+}
+```
diff --git a/api-reference/v1.0/resources/partners.md b/api-reference/v1.0/resources/partners.md
new file mode 100644
index 00000000000..293a34a1326
--- /dev/null
+++ b/api-reference/v1.0/resources/partners.md
@@ -0,0 +1,49 @@
+---
+title: "partners resource type"
+description: "Represents billing details for a Microsoft direct partner."
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+doc_type: resourcePageType
+---
+
+# partners resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
+
+Represents billing details for a Microsoft direct partner.
+
+## Methods
+
+None.
+
+## Properties
+
+None.
+
+## Relationships
+
+|Relationship|Type|Description|
+|:---|:---|:---|
+|billing|[microsoft.graph.partners.billing.billing](partners-billing-billing.md)|Represents billing details for billed and unbilled data.|
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+
+
+
+``` json
+{
+ "@odata.type": "#microsoft.graph.partners"
+}
+```
diff --git a/api-reference/v1.0/resources/reportroot.md b/api-reference/v1.0/resources/reportroot.md
index 5c3215c743b..db3a6657358 100644
--- a/api-reference/v1.0/resources/reportroot.md
+++ b/api-reference/v1.0/resources/reportroot.md
@@ -34,6 +34,7 @@ None.
| monthlyPrintUsageByPrinter | [printUsageByPrinter](../resources/printusagebyprinter.md) collection | Retrieve a list of monthly print usage summaries, grouped by printer. |
| monthlyPrintUsageByUser | [printUsageByUser](../resources/printusagebyuser.md) collection | Retrieve a list of monthly print usage summaries, grouped by user. |
| security | [securityReportsRoot](../resources/securityreportsroot.md) | Represents an abstract type that contains resources for attack simulation and training reports. |
+| partners | [partners](../resources/partners.md) | Represents billing details for a Microsoft direct partner. |
## JSON representation
diff --git a/api-reference/v1.0/resources/riskyuser.md b/api-reference/v1.0/resources/riskyuser.md
index 0bb1116eaf3..1c58fce330c 100644
--- a/api-reference/v1.0/resources/riskyuser.md
+++ b/api-reference/v1.0/resources/riskyuser.md
@@ -35,11 +35,11 @@ For more information about risk events, see [Microsoft Entra ID Protection](/azu
|:---|:---|:---|
|id|String|Unique ID of the user at risk.|
|isDeleted|Boolean|Indicates whether the user is deleted. Possible values are: `true`, `false`.|
-|isProcessing|Boolean|Indicates whether a user's risky state is being processed by the backend.|
+|isProcessing|Boolean|Indicates whether a user's risky state is being processed by the backend. Supports `$filter` (`eq`).|
|riskDetail|riskDetail|Details of the detected risk. Possible values are: `none`, `adminGeneratedTemporaryPassword`, `userPerformedSecuredPasswordChange`, `userPerformedSecuredPasswordReset`, `adminConfirmedSigninSafe`, `aiConfirmedSigninSafe`, `userPassedMFADrivenByRiskBasedPolicy`, `adminDismissedAllRiskForUser`, `adminConfirmedSigninCompromised`, `hidden`, `adminConfirmedUserCompromised`, `unknownFutureValue`.|
-|riskLastUpdatedDateTime|DateTimeOffset|The date and time that the risky user was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`.|
-|riskLevel|riskLevel|Level of the detected risky user. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`.|
-|riskState|riskState|State of the user's risk. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`.|
+|riskLastUpdatedDateTime|DateTimeOffset|The date and time that the risky user was last updated. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Supports `$filter` (`eq`, `gt`, `lt`).|
+|riskLevel|riskLevel|Level of the detected risky user. Possible values are: `low`, `medium`, `high`, `hidden`, `none`, `unknownFutureValue`. Supports `$filter` (`eq`).|
+|riskState|riskState|State of the user's risk. Possible values are: `none`, `confirmedSafe`, `remediated`, `dismissed`, `atRisk`, `confirmedCompromised`, `unknownFutureValue`. Supports `$filter` (`eq`).|
|userDisplayName|String|Risky user display name.|
|userPrincipalName|String|Risky user principal name.|
diff --git a/api-reference/v1.0/resources/userregistrationdetails.md b/api-reference/v1.0/resources/userregistrationdetails.md
index 766b0fee519..506e7429cd1 100644
--- a/api-reference/v1.0/resources/userregistrationdetails.md
+++ b/api-reference/v1.0/resources/userregistrationdetails.md
@@ -27,7 +27,7 @@ Inherits from [entity](../resources/entity.md).
|Property|Type|Description|
|:---|:---|:---|
|id|String|User object identifier in Microsoft Entra ID. Inherited from [entity](../resources/entity.md).|
-|isAdmin|Boolean|Indicates whether the user has an admin role in the tenant. This value can be used to check the authentication methods that privileged accounts are registered for and capable of.|
+|isAdmin|Boolean|Indicates whether the user has an [admin role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) in the tenant. This value can be used to check the authentication methods that privileged accounts are registered for and capable of.|
|isMfaCapable|Boolean|Indicates whether the user has registered a strong authentication method for multifactor authentication. The method must be allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
|isMfaRegistered|Boolean|Indicates whether the user has registered a strong authentication method for multifactor authentication. The method may not necessarily be allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
|isPasswordlessCapable|Boolean|Indicates whether the user has registered a passwordless strong authentication method (including FIDO2, Windows Hello for Business, and Microsoft Authenticator (Passwordless)) that is allowed by the [authentication methods policy](../resources/authenticationmethodspolicy.md). Supports `$filter` (`eq`).|
diff --git a/api-reference/v1.0/toc.yml b/api-reference/v1.0/toc.yml
index 1cea6c49244..7fc7edd15de 100644
--- a/api-reference/v1.0/toc.yml
+++ b/api-reference/v1.0/toc.yml
@@ -6,6 +6,8 @@ items:
- name: API changelog
href: https://developer.microsoft.com/en-us/graph/changelog
displayName: API changes, API updates, Microsoft Graph API, REST API, REST API updates
+ - name: Quick start
+ href: https://developer.microsoft.com/en-us/graph/quick-start
- name: Authentication and authorization
href: /graph/auth/index?context=graph/api/1.0
- name: Permissions reference
@@ -7543,6 +7545,34 @@ items:
href: resources/attacksimulationtrainingusercoverage.md
- name: Get training coverage for users
href: api/securityreportsroot-getattacksimulationtrainingusercoverage.md
+ - name: Partner billing reports
+ items:
+ - name: Overview
+ href: resources/partners-billing-api-overview.md
+ - name: Billed usage
+ items:
+ - name: Billed usage
+ href: resources/partners-billing-billedusage.md
+ - name: Export
+ href: api/partners-billing-billedusage-export.md
+ - name: Manifest
+ items:
+ - name: Manifest
+ href: resources/partners-billing-manifest.md
+ - name: Get
+ href: api/partners-billing-manifest-get.md
+ - name: Operation
+ items:
+ - name: Operation
+ href: resources/partners-billing-operation.md
+ - name: Get
+ href: api/partners-billing-operation-get.md
+ - name: Unbilled usage
+ items:
+ - name: Unbilled usage
+ href: resources/partners-billing-unbilledusage.md
+ - name: Export
+ href: api/partners-billing-unbilledusage-export.md
- name: Search
items:
- name: Query
diff --git a/apidoctor.validation.yml b/apidoctor.validation.yml
index dd00d0ff2a8..71d227506b5 100644
--- a/apidoctor.validation.yml
+++ b/apidoctor.validation.yml
@@ -6,72 +6,112 @@
trigger:
branches:
include:
- - live
- - main
+ - live
+ - main
paths:
include:
- - api-reference/*
-
+ - api-reference/*
+
pr:
branches:
include:
- - live
- - main
+ - live
+ - main
paths:
include:
- - api-reference/*
-
-pool:
- vmImage: 'windows-latest'
-
+ - api-reference/*
+
parameters:
- name: useNuGetPackage
displayName: "Use API Doctor NuGet Package (If disabled, source code from GitHub will be used)?"
type: boolean
default: true
-
+
- name: apiDoctorNuGetVersion
default: "1.2.2312.152"
displayName: "API Doctor NuGet Package Version"
-
+
- name: apiDoctorGitRepoUrl
default: "https://github.com/OneDrive/apidoctor.git"
displayName: "API Doctor Git Repo URL"
-
+
- name: apiDoctorGitBranch
default: "master"
displayName: "API Doctor Git branch"
-steps:
- - checkout: self
- displayName: 'Checkout Microsoft Graph docs'
- clean: true
- fetchDepth: 1
-
- - task: UseDotNet@2
- displayName: 'Use .NET Core SDK 6.x'
- inputs:
- version: 6.x
-
- - task: PowerShell@2
- displayName: 'Run API Doctor Script'
- env:
- USE_NUGET_PACKAGE: ${{ parameters.useNuGetPackage }}
- API_DOCTOR_NUGET_VERSION: ${{ parameters.apiDoctorNuGetVersion }}
- API_DOCTOR_GIT_REPO_URL: ${{ parameters.apiDoctorGitRepoUrl }}
- API_DOCTOR_GIT_BRANCH: ${{ parameters.apiDoctorGitBranch }}
- inputs:
- filePath: Test-Docs.ps1
- arguments: -cleanUp
- script: |
- Write-Host "Executing API Doctor script with the following parameters:"
-
- if($env:USE_NUGET_PACKAGE -eq 'True') {
- Write-Host " - API Doctor NuGet Version: $($env:API_DOCTOR_NUGET_VERSION)"
- }
- else
- {
- Write-Host "API Doctor Git Repo:"
- Write-Host "- URL: $($env:API_DOCTOR_GIT_REPO_URL)"
- Write-Host "- Branch: $($env:API_DOCTOR_GIT_BRANCH)"
- }
+resources:
+ repositories:
+ - repository: 1ESPipelineTemplates
+ type: git
+ name: 1ESPipelineTemplates/1ESPipelineTemplates
+ ref: refs/tags/release
+
+extends:
+ template: v1/1ES.Official.PipelineTemplate.yml@1ESPipelineTemplates
+ parameters:
+ pool:
+ name: Azure-Pipelines-1ESPT-ExDShared
+ image: windows-2022
+ os: windows
+ sdl:
+ credscan:
+ suppressionsFile: $(Build.SourcesDirectory)\.azure-pipelines\.config\CredScanSuppressions.json
+ customBuildTags:
+ - ES365AIMigrationTooling
+
+ stages:
+ - stage: ValidateDocs
+ displayName: "Validate docs"
+ jobs:
+ - job: RunAPIDoctorScript
+ displayName: "Run API Doctor script"
+ variables:
+ USE_NUGET_PACKAGE: ${{ parameters.useNuGetPackage }}
+ API_DOCTOR_NUGET_VERSION: ${{ parameters.apiDoctorNuGetVersion }}
+ API_DOCTOR_GIT_REPO_URL: ${{ parameters.apiDoctorGitRepoUrl }}
+ API_DOCTOR_GIT_BRANCH: ${{ parameters.apiDoctorGitBranch }}
+ steps:
+ - pwsh: |
+ Write-Host "Executing API Doctor script with the following parameters:"
+ if ($env:USE_NUGET_PACKAGE -eq $true) {
+ if ([string]::IsNullOrWhiteSpace($env:USE_NUGET_PACKAGE)) {
+ Write-Host "API Doctor NuGet package version has not been set. Aborting..."
+ exit 1
+ }
+ Write-Host " - API Doctor NuGet Version: $($env:API_DOCTOR_NUGET_VERSION)"
+ }
+ else {
+ if ([string]::IsNullOrWhiteSpace($env:API_DOCTOR_GIT_REPO_URL)) {
+ Write-Host "API Doctor Git Repo URL has not been set. Aborting..."
+ exit 1
+ }
+ Write-Host " - API Doctor Git Repo URL: $($env:API_DOCTOR_GIT_REPO_URL)"
+ Write-Host " - API Doctor Git Branch: $($env:API_DOCTOR_GIT_BRANCH)"
+ }
+ displayName: "Evaluate pipeline parameters"
+
+ - checkout: self
+ displayName: "Checkout Microsoft Graph docs"
+ clean: true
+ fetchDepth: 1
+
+ - task: UseDotNet@2
+ displayName: "Use .NET Core SDK 6.x"
+ inputs:
+ version: 6.x
+
+ - task: PowerShell@2
+ displayName: "Validate v1.0 docs"
+ env:
+ DOCS_SUB_PATH: \api-reference\v1.0
+ inputs:
+ filePath: Test-Docs.ps1
+ arguments: -cleanUp
+
+ - task: PowerShell@2
+ displayName: "Validate beta docs"
+ env:
+ DOCS_SUB_PATH: \api-reference\beta
+ inputs:
+ filePath: Test-Docs.ps1
+ arguments: -cleanUp
diff --git a/changelog/Microsoft.CloudManagedDesktop.json b/changelog/Microsoft.CloudManagedDesktop.json
index 2110f48d24f..9747e78d8c2 100644
--- a/changelog/Microsoft.CloudManagedDesktop.json
+++ b/changelog/Microsoft.CloudManagedDesktop.json
@@ -1,5 +1,55 @@
{
"changelog": [
+ {
+ "ChangeList": [
+ {
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "ApiChange": "Method",
+ "ChangedApiName": "getShiftWorkCloudPcAccessState",
+ "ChangeType": "Change",
+ "Description": "Changed the deprecation date for the [getShiftWorkCloudPcAccessState](https://learn.microsoft.com/en-us/graph/api/cloudpc-getShiftWorkCloudPcAccessState?view=graph-rest-beta) method of the [cloudPC](https://learn.microsoft.com/en-us/graph/api/resources/cloudpc?view=graph-rest-beta) resource to April 24, 2024. Going forward, use the [getFrontlineCloudPcAccessState](https://learn.microsoft.com/en-us/graph/api/cloudpc-getFrontlineCloudPcAccessState?view=graph-rest-beta) API.",
+ "Target": "cloudPC"
+ },
+ {
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "ApiChange": "Method",
+ "ChangedApiName": "getSharedUseLicenseUsageReport",
+ "ChangeType": "Change",
+ "Description": "Changed the deprecation date of the [getSharedUseLicenseUsageReport](https://learn.microsoft.com/en-us/graph/api/cloudpcreports-getSharedUseLicenseUsageReport?view=graph-rest-beta) method of the [cloudPcReports](https://learn.microsoft.com/en-us/graph/api/resources/cloudpcreports?view=graph-rest-beta) resource to April 24, 2024",
+ "Target": "cloudPcReports"
+ },
+ {
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "ApiChange": "Method",
+ "ChangedApiName": "cloudPcSharedUseServicePlan",
+ "ChangeType": "Change",
+ "Description": "Changed the deprecation date of the [cloudPcSharedUseServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcSharedUseServicePlan?view=graph-rest-beta) resource and related operations and methods to April 24, 2024. Going forward, use the [cloudPcFrontLineServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcFrontLineServicePlan?view=graph-rest-beta) resource and supported methods.",
+ "Target": "cloudPcSharedUseServicePlan"
+ },
+ {
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "ApiChange": "Method",
+ "ChangedApiName": "cloudPcSharedUseServicePlans",
+ "ChangeType": "Change",
+ "Description": "Changed the deprecation date of the [cloudPcSharedUseServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcSharedUseServicePlan?view=graph-rest-beta) resource and related operations and methods to April 24, 2024. Going forward, use the [cloudPcFrontLineServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcFrontLineServicePlan?view=graph-rest-beta) resource and supported methods.",
+ "Target": "cloudPcSharedUseServicePlan"
+ },
+ {
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "ApiChange": "Resource",
+ "ChangedApiName": "cloudPcSharedUseServicePlan",
+ "ChangeType": "Change",
+ "Description": "Changed the deprecation date of the [cloudPcSharedUseServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcSharedUseServicePlan?view=graph-rest-beta) resource and related operations and methods to April 24, 2024. Going forward, use the [cloudPcFrontLineServicePlan](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcFrontLineServicePlan?view=graph-rest-beta) resource and supported methods.",
+ "Target": "cloudPcSharedUseServicePlan"
+ }
+ ],
+ "Id": "45fa9a2d-71fd-4e4d-943e-617cd5d926c7",
+ "Cloud": "Prod",
+ "Version": "beta",
+ "CreatedDateTime": "2024-01-30T23:00:30.7596296Z",
+ "WorkloadArea": "Device and app management",
+ "SubArea": "Cloud PC"
+ },
{
"ChangeList": [
{
@@ -318,6 +368,104 @@
"WorkloadArea": "Device and app management",
"SubArea": "Cloud PC"
},
+ {
+ "ChangeList": [
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Member",
+ "ChangedApiName": "unknownFutureValue",
+ "ChangeType": "Addition",
+ "Description": "Added the `unknownFutureValue` member to the **cloudPcProvisioningPolicyImageType** enumeration.",
+ "Target": "cloudPcProvisioningPolicyImageType"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Enum type",
+ "ChangedApiName": "cloudPcRestorePointFrequencyType",
+ "ChangeType": "Addition",
+ "Description": "Added the **cloudPcRestorePointFrequencyType** enumeration type.",
+ "Target": "cloudPcRestorePointFrequencyType"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "windowsSetting",
+ "ChangeType": "Addition",
+ "Description": "Added the **windowsSetting** property to the [cloudPcProvisioningPolicy](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcProvisioningPolicy?view=graph-rest-beta) resource.",
+ "Target": "cloudPcProvisioningPolicy"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "windowsSettings",
+ "ChangeType": "Deprecation",
+ "Description": "Deprecated the **windowsSettings** property of the [cloudPcProvisioningPolicy](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcProvisioningPolicy?view=graph-rest-beta) resource. The **windowsSettings** property will stop returning data on January 31, 2024. Going forward, use the **windowsSetting** property.",
+ "Target": "cloudPcProvisioningPolicy"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "domainJoinType",
+ "ChangeType": "Addition",
+ "Description": "Added the **domainJoinType** property to the [cloudPcDomainJoinConfiguration](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcDomainJoinConfiguration?view=graph-rest-beta) resource.",
+ "Target": "cloudPcDomainJoinConfiguration"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "type",
+ "ChangeType": "Deprecation",
+ "Description": "Deprecated the **type** property of the [cloudPcDomainJoinConfiguration](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcDomainJoinConfiguration?view=graph-rest-beta) resource. The **type** property will stop returning data on January 31, 2024. Going forward, use the **domainJoinType** property.",
+ "Target": "cloudPcDomainJoinConfiguration"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "managedType",
+ "ChangeType": "Addition",
+ "Description": "Added the **managedType** property to the [microsoftManagedDesktop](https://learn.microsoft.com/en-us/graph/api/resources/microsoftManagedDesktop?view=graph-rest-beta) resource.",
+ "Target": "microsoftManagedDesktop"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "type",
+ "ChangeType": "Deprecation",
+ "Description": "Deprecated the **type** property of the [microsoftManagedDesktop](https://learn.microsoft.com/en-us/graph/api/resources/microsoftManagedDesktop?view=graph-rest-beta) resource. The **type** property will stop returning data on January 31, 2024. Going forward, use the **managedType** property.",
+ "Target": "microsoftManagedDesktop"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "frequencyType",
+ "ChangeType": "Addition",
+ "Description": "Added the **frequencyType** property to the [cloudPcRestorePointSetting](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcRestorePointSetting?view=graph-rest-beta) resource.",
+ "Target": "cloudPcRestorePointSetting"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Property",
+ "ChangedApiName": "frequencyInHours",
+ "ChangeType": "Deprecation",
+ "Description": "Deprecated the **frequencyInHours** property of the [cloudPcRestorePointSetting](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcRestorePointSetting?view=graph-rest-beta) resource. The **frequencyInHours** property will stop returning data on January 31, 2024. Going forward, use the **frequencyType** property.",
+ "Target": "cloudPcRestorePointSetting"
+ },
+ {
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "ApiChange": "Resource",
+ "ChangedApiName": "cloudPcWindowsSetting",
+ "ChangeType": "Addition",
+ "Description": "Added the [cloudPcWindowsSetting](https://learn.microsoft.com/en-us/graph/api/resources/cloudPcWindowsSetting?view=graph-rest-beta) resource type.",
+ "Target": "cloudPcWindowsSetting"
+ }
+ ],
+ "Id": "5fd3c568-b345-4b52-943b-3e5726ef6ec5",
+ "Cloud": "Prod",
+ "Version": "beta",
+ "CreatedDateTime": "2024-01-30T06:58:17.7596296Z",
+ "WorkloadArea": "Device and app management",
+ "SubArea": "Cloud PC"
+ },
{
"ChangeList": [
{
@@ -963,6 +1111,14 @@
"ChangeType": "Addition",
"Description": "Added the **domainJoinConfigurations** property to the [cloudPcProvisioningPolicy](https://learn.microsoft.com/en-us/graph/api/resources/cloudpcprovisioningpolicy?view=graph-rest-beta) resource.",
"Target": "cloudPcProvisioningPolicy"
+ },
+ {
+ "Id": "32581844-a1d3-11ed-a8fc-0242ac120002",
+ "ApiChange": "Property",
+ "ChangedApiName": "domainJoinConfiguration",
+ "ChangeType": "Deprecation",
+ "Description": "Deprecated the **domainJoinConfiguration** property of the [cloudPcProvisioningPolicy](https://learn.microsoft.com/en-us/graph/api/resources/cloudpcprovisioningpolicy?view=graph-rest-beta) resource. The **domainJoinConfiguration** property stopped returning data on June 30, 2023. Going forward, use the **domainJoinConfigurations** property.",
+ "Target": "cloudPcProvisioningPolicy"
}
],
"Id": "32581844-a1d3-11ed-a8fc-0242ac120002",
diff --git a/changelog/Microsoft.DirectoryServices.json b/changelog/Microsoft.DirectoryServices.json
index 1ffdcd927bb..180a300dee9 100644
--- a/changelog/Microsoft.DirectoryServices.json
+++ b/changelog/Microsoft.DirectoryServices.json
@@ -1,5 +1,31 @@
{
"changelog": [
+ {
+ "ChangeList": [
+ {
+ "Id": "4a813244-6ed7-414e-be31-a56e49d52e09",
+ "ApiChange": "Permission",
+ "ChangedApiName": "OrganizationalBranding.Read.All",
+ "ChangeType": "Addition",
+ "Description": "Added support for the `OrganizationalBranding.Read.All` delegated and application permissions to the read operations of [organizationalBranding](https://learn.microsoft.com/graph/api/resources/organizationalbranding?view=graph-rest-1.0). Instead of using the `Organization.Read.All` permission to read tenant branding information, we recommend that you use the more granular and lesser privileged `OrganizationalBranding.Read.All` permission.",
+ "Target": "organizationalBranding"
+ },
+ {
+ "Id": "4a813244-6ed7-414e-be31-a56e49d52e09",
+ "ApiChange": "Permission",
+ "ChangedApiName": "OrganizationalBranding.ReadWrite.All",
+ "ChangeType": "Addition",
+ "Description": "Added support for the `OrganizationalBranding.ReadWrite.All` delegated and application permissions to the read and write operations of [organizationalBranding](https://learn.microsoft.com/graph/api/resources/organizationalbranding?view=graph-rest-1.0). Instead of using the `Organization.ReadWrite.All` permission to manage tenant branding, we recommend that you use the more granular and lesser privileged `OrganizationalBranding.ReadWrite.All` permission.",
+ "Target": "organizationalBranding"
+ }
+ ],
+ "Id": "4a813244-6ed7-414e-be31-a56e49d52e09",
+ "Cloud": "Prod",
+ "Version": "v1.0",
+ "CreatedDateTime": "2024-01-31T00:00:00.304139Z",
+ "WorkloadArea": "Identity and access",
+ "SubArea": "Identity and sign-in"
+ },
{
"ChangeList": [
{
@@ -469,7 +495,7 @@
"Cloud": "Prod",
"Version": "beta",
"CreatedDateTime": "2023-05-25T12:20:25.2552661Z",
- "WorkloadArea": "Reports and audit",
+ "WorkloadArea": "Reports",
"SubArea": "Identity and access reports"
},
{
diff --git a/changelog/Microsoft.M365.Defender.json b/changelog/Microsoft.M365.Defender.json
index c7c60d1bcc4..89590e57d5a 100644
--- a/changelog/Microsoft.M365.Defender.json
+++ b/changelog/Microsoft.M365.Defender.json
@@ -1509,6 +1509,368 @@
"CreatedDateTime": "2023-11-08T08:39:06.2667542Z",
"WorkloadArea": "Security",
"SubArea": "Alerts and incidents"
+ },
+ {
+ "ChangeList": [
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "rules",
+ "ChangeType": "Addition",
+ "Description": "Added the **rules** relationship to the [security](https://learn.microsoft.com/en-us/graph/api/resources/security?view=graph-rest-beta) resource.",
+ "Target": "security"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "deviceAssetIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **deviceAssetIdentifier** enumeration type.",
+ "Target": "deviceAssetIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "deviceIdEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **deviceIdEntityIdentifier** enumeration type.",
+ "Target": "deviceIdEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "disableUserEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **disableUserEntityIdentifier** enumeration type.",
+ "Target": "disableUserEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "emailEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **emailEntityIdentifier** enumeration type.",
+ "Target": "emailEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "fileEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **fileEntityIdentifier** enumeration type.",
+ "Target": "fileEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "forceUserPasswordResetEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **forceUserPasswordResetEntityIdentifier** enumeration type.",
+ "Target": "forceUserPasswordResetEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "huntingRuleErrorCode",
+ "ChangeType": "Addition",
+ "Description": "Added the **huntingRuleErrorCode** enumeration type.",
+ "Target": "huntingRuleErrorCode"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "huntingRuleRunStatus",
+ "ChangeType": "Addition",
+ "Description": "Added the **huntingRuleRunStatus** enumeration type.",
+ "Target": "huntingRuleRunStatus"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "isolationType",
+ "ChangeType": "Addition",
+ "Description": "Added the **isolationType** enumeration type.",
+ "Target": "isolationType"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "mailboxAssetIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **mailboxAssetIdentifier** enumeration type.",
+ "Target": "mailboxAssetIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "markUserAsCompromisedEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **markUserAsCompromisedEntityIdentifier** enumeration type.",
+ "Target": "markUserAsCompromisedEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "scopeType",
+ "ChangeType": "Addition",
+ "Description": "Added the **scopeType** enumeration type.",
+ "Target": "scopeType"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "stopAndQuarantineFileEntityIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **stopAndQuarantineFileEntityIdentifier** enumeration type.",
+ "Target": "stopAndQuarantineFileEntityIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Enumeration",
+ "ChangedApiName": "userAssetIdentifier",
+ "ChangeType": "Addition",
+ "Description": "Added the **userAssetIdentifier** enumeration type.",
+ "Target": "userAssetIdentifier"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "alertTemplate",
+ "ChangeType": "Addition",
+ "Description": "Added the [alertTemplate](https://learn.microsoft.com/en-us/graph/api/resources/security-alertTemplate?view=graph-rest-beta) resource type.",
+ "Target": "alertTemplate"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "allowFileResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [allowFileResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-allowFileResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "allowFileResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "blockFileResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [blockFileResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-blockFileResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "blockFileResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "collectInvestigationPackageResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [collectInvestigationPackageResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-collectInvestigationPackageResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "collectInvestigationPackageResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "detectionAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [detectionAction](https://learn.microsoft.com/en-us/graph/api/resources/security-detectionAction?view=graph-rest-beta) resource type.",
+ "Target": "detectionAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "disableUserResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [disableUserResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-disableUserResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "disableUserResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "forceUserPasswordResetResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [forceUserPasswordResetResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-forceUserPasswordResetResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "forceUserPasswordResetResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "hardDeleteResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [hardDeleteResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-hardDeleteResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "hardDeleteResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "impactedAsset",
+ "ChangeType": "Addition",
+ "Description": "Added the [impactedAsset](https://learn.microsoft.com/en-us/graph/api/resources/security-impactedAsset?view=graph-rest-beta) resource type.",
+ "Target": "impactedAsset"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "impactedDeviceAsset",
+ "ChangeType": "Addition",
+ "Description": "Added the [impactedDeviceAsset](https://learn.microsoft.com/en-us/graph/api/resources/security-impactedDeviceAsset?view=graph-rest-beta) resource type.",
+ "Target": "impactedDeviceAsset"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "impactedMailboxAsset",
+ "ChangeType": "Addition",
+ "Description": "Added the [impactedMailboxAsset](https://learn.microsoft.com/en-us/graph/api/resources/security-impactedMailboxAsset?view=graph-rest-beta) resource type.",
+ "Target": "impactedMailboxAsset"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "impactedUserAsset",
+ "ChangeType": "Addition",
+ "Description": "Added the [impactedUserAsset](https://learn.microsoft.com/en-us/graph/api/resources/security-impactedUserAsset?view=graph-rest-beta) resource type.",
+ "Target": "impactedUserAsset"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "initiateInvestigationResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [initiateInvestigationResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-initiateInvestigationResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "initiateInvestigationResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "isolateDeviceResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [isolateDeviceResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-isolateDeviceResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "isolateDeviceResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "markUserAsCompromisedResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [markUserAsCompromisedResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-markUserAsCompromisedResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "markUserAsCompromisedResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "moveToDeletedItemsResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [moveToDeletedItemsResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-moveToDeletedItemsResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "moveToDeletedItemsResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "moveToInboxResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [moveToInboxResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-moveToInboxResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "moveToInboxResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "moveToJunkResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [moveToJunkResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-moveToJunkResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "moveToJunkResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "organizationalScope",
+ "ChangeType": "Addition",
+ "Description": "Added the [organizationalScope](https://learn.microsoft.com/en-us/graph/api/resources/security-organizationalScope?view=graph-rest-beta) resource type.",
+ "Target": "organizationalScope"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "queryCondition",
+ "ChangeType": "Addition",
+ "Description": "Added the [queryCondition](https://learn.microsoft.com/en-us/graph/api/resources/security-queryCondition?view=graph-rest-beta) resource type.",
+ "Target": "queryCondition"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "responseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [responseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-responseAction?view=graph-rest-beta) resource type.",
+ "Target": "responseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "restrictAppExecutionResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [restrictAppExecutionResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-restrictAppExecutionResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "restrictAppExecutionResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "ruleSchedule",
+ "ChangeType": "Addition",
+ "Description": "Added the [ruleSchedule](https://learn.microsoft.com/en-us/graph/api/resources/security-ruleSchedule?view=graph-rest-beta) resource type.",
+ "Target": "ruleSchedule"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "runAntivirusScanResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [runAntivirusScanResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-runAntivirusScanResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "runAntivirusScanResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "runDetails",
+ "ChangeType": "Addition",
+ "Description": "Added the [runDetails](https://learn.microsoft.com/en-us/graph/api/resources/security-runDetails?view=graph-rest-beta) resource type.",
+ "Target": "runDetails"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "softDeleteResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [softDeleteResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-softDeleteResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "softDeleteResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "stopAndQuarantineFileResponseAction",
+ "ChangeType": "Addition",
+ "Description": "Added the [stopAndQuarantineFileResponseAction](https://learn.microsoft.com/en-us/graph/api/resources/security-stopAndQuarantineFileResponseAction?view=graph-rest-beta) resource type.",
+ "Target": "stopAndQuarantineFileResponseAction"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "detectionRule",
+ "ChangeType": "Addition",
+ "Description": "Added the [detectionRule](https://learn.microsoft.com/en-us/graph/api/resources/security-detectionRule?view=graph-rest-beta) resource",
+ "Target": "detectionRule"
+ },
+ {
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "ApiChange": "Resource",
+ "ChangedApiName": "protectionRule",
+ "ChangeType": "Addition",
+ "Description": "Added the [protectionRule](https://learn.microsoft.com/en-us/graph/api/resources/security-protectionRule?view=graph-rest-beta) resource",
+ "Target": "protectionRule"
+ }
+ ],
+ "Id": "1bf25d8e-ee00-481e-a3cc-e5c58e6ec62d",
+ "Cloud": "Prod",
+ "Version": "beta",
+ "CreatedDateTime": "2023-06-27T09:38:57.9798452Z",
+ "WorkloadArea": "Microsoft.M365.Defender",
+ "SubArea": ""
}
]
}
diff --git a/changelog/Microsoft.Partner.Billing.json b/changelog/Microsoft.Partner.Billing.json
index b96ed41217e..09cdb621413 100644
--- a/changelog/Microsoft.Partner.Billing.json
+++ b/changelog/Microsoft.Partner.Billing.json
@@ -1,7 +1,7 @@
-{
+{
"changelog": [
{
- "ChangeList": [
+ "ChangeList": [
{
"Id": "7c2c17ad-d53f-4573-bc55-3f5738450f30",
"ApiChange": "Enum type",
@@ -25,7 +25,7 @@
"ChangeType": "Addition",
"Description": "Added the [blob](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-blob?view=graph-rest-beta) resource type.",
"Target": "blob"
- },
+ },
{
"Id": "7c2c17ad-d53f-4573-bc55-3f5738450f30",
"ApiChange": "Resource",
@@ -121,6 +121,128 @@
"CreatedDateTime": "2024-01-16T08:51:46.3920632Z",
"WorkloadArea": "Reports",
"SubArea": "Partner billing reports"
+ },
+ {
+ "ChangeList": [
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Enum type",
+ "ChangedApiName": "attributeSet",
+ "ChangeType": "Addition",
+ "Description": "Added the **attributeSet** enumeration type.",
+ "Target": "attributeSet"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Enum type",
+ "ChangedApiName": "billingPeriod",
+ "ChangeType": "Addition",
+ "Description": "Added the **billingPeriod** enumeration type.",
+ "Target": "billingPeriod"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "blob",
+ "ChangeType": "Addition",
+ "Description": "Added the [blob](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-blob?view=graph-rest-1.0) resource type.",
+ "Target": "blob"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "exportSuccessOperation",
+ "ChangeType": "Addition",
+ "Description": "Added the [exportSuccessOperation](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-exportSuccessOperation?view=graph-rest-1.0) resource type.",
+ "Target": "exportSuccessOperation"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "failedOperation",
+ "ChangeType": "Addition",
+ "Description": "Added the [failedOperation](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-failedOperation?view=graph-rest-1.0) resource type.",
+ "Target": "failedOperation"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "manifest",
+ "ChangeType": "Addition",
+ "Description": "Added the [manifest](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-manifest?view=graph-rest-1.0) resource and a supported method.",
+ "Target": "manifest"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "operation",
+ "ChangeType": "Addition",
+ "Description": "Added the [operation](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-operation?view=graph-rest-1.0) resource and a supported method.",
+ "Target": "operation"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "runningOperation",
+ "ChangeType": "Addition",
+ "Description": "Added the [runningOperation](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-runningOperation?view=graph-rest-1.0) resource type.",
+ "Target": "runningOperation"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "partners",
+ "ChangeType": "Addition",
+ "Description": "Added the [partners](https://learn.microsoft.com/en-us/graph/api/resources/partners?view=graph-rest-1.0) resource type.",
+ "Target": "partners"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "billing",
+ "ChangeType": "Addition",
+ "Description": "Added the [billing](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-billing?view=graph-rest-1.0) resource type.",
+ "Target": "billing"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "azureUsage",
+ "ChangeType": "Addition",
+ "Description": "Added the [azureUsage](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-azureUsage?view=graph-rest-1.0) resource type.",
+ "Target": "azureUsage"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "billedUsage",
+ "ChangeType": "Addition",
+ "Description": "Added the [billedUsage](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-billedUsage?view=graph-rest-1.0) resource and a supported method.",
+ "Target": "billedUsage"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Resource",
+ "ChangedApiName": "unbilledUsage",
+ "ChangeType": "Addition",
+ "Description": "Added the [unbilledUsage](https://learn.microsoft.com/en-us/graph/api/resources/partners-billing-unbilledUsage?view=graph-rest-1.0) resource and a supported method.",
+ "Target": "unbilledUsage"
+ },
+ {
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "ApiChange": "Relationship",
+ "ChangedApiName": "partners",
+ "ChangeType": "Addition",
+ "Description": "Added the **partners** relationship to the [reportRoot](https://learn.microsoft.com/en-us/graph/api/resources/reportRoot?view=graph-rest-1.0) resource.",
+ "Target": "reportRoot"
+ }
+ ],
+ "Id": "abf7f5a2-4842-4016-a573-08731f5cb362",
+ "Cloud": "Prod",
+ "Version": "v1.0",
+ "CreatedDateTime": "2024-01-31T08:51:46.3920632Z",
+ "WorkloadArea": "Reports",
+ "SubArea": "Partner billing reports"
}
]
}
diff --git a/concepts/data-connect-datasets.md b/concepts/data-connect-datasets.md
index b235b8b80ec..80b8dc805af 100644
--- a/concepts/data-connect-datasets.md
+++ b/concepts/data-connect-datasets.md
@@ -5,6 +5,7 @@ author: "michaelvenables"
ms.author: "rimisra"
ms.localizationpriority: high
ms.prod: "data-connect"
+#Customer intent: As a data analyst, I want to understand the datasets, regions, and storage locations supported by Microsoft Graph Data Connect, so that I can determine if it meets my data analysis needs.
---
# Datasets, regions, and sinks supported by Microsoft Graph Data Connect
@@ -43,8 +44,8 @@ Microsoft Graph Data Connect currently supports the following datasets. To view
| Dataset name | Description | Learn more |
| --- | --- | --- |
-| Contact_v0 | Provides contact details available from each user’s address book. | [Contact_v0 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-contact.md) |
-| Contact_v1 | Provides the contact details available from each user’s address book. | [Contact_v1 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-contact1.md) |
+| Contact_v0 | Provides contact details available from each user's address book. | [Contact_v0 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-contact.md) |
+| Contact_v1 | Provides the contact details available from each user's address book. | [Contact_v1 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-contact1.md) |
### Devices and Licenses
| Dataset name | Description | Learn more |
@@ -85,7 +86,7 @@ Microsoft Graph Data Connect currently supports the following datasets. To view
| --- | --- | --- |
| Inbox_v1 | Provides the messages from users' mail folders. | [Inbox_v1 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-inbox.md) |
| Mailfolder_v0 | Provides information on all the folders created in a user's mailbox. | [Mailfolder_v0 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-mailfolder.md) |
-| Mailfolder_v2 | Provides the information on all mail folders created in a user’s mailbox. | [Mailfolder_v2 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-mailfolder2.md) |
+| Mailfolder_v2 | Provides the information on all mail folders created in a user's mailbox. | [Mailfolder_v2 dataset](https://github.com/microsoftgraph/dataconnect-solutions/blob/main/Datasets/data-connect-dataset-mailfolder2.md) |
### Mailbox settings
@@ -207,4 +208,4 @@ The following table indicates the areas that are supported for the corresponding
## See also
- [Azure Synapse and Azure Data Factory connector for Microsoft 365 data](/azure/data-factory/connector-office-365)
-- [Policies and billing](data-connect-policies.md)
+
diff --git a/concepts/extensibility-overview.md b/concepts/extensibility-overview.md
index a40e7592ac1..d81643b11ca 100644
--- a/concepts/extensibility-overview.md
+++ b/concepts/extensibility-overview.md
@@ -1049,7 +1049,7 @@ The following table compares the extension types, which should help you decide w
| Managed via | Microsoft Graph
Exchange admin center | Microsoft Graph | Microsoft Graph | Microsoft Graph |
| Sync data from on-premises to extensions using [AD connect][] | Yes, for users | [Yes][ADConnect-YES] | No | No |
| Create [dynamic membership rules][] using custom extension properties and data | [Yes][DynamicMembership-YES] | [Yes][DynamicMembership-YES] | No | No |
-| Usable for customizing token claims | Yes | [Yes][DirectoryExt-CustomClaims] | No | No |
+| Usable for customizing token claims | Yes | Yes ([1][DirectoryExt-CustomClaims-Concept], [2][DirectoryExt-CustomClaims-HowTo]) | No | No |
| Available in Azure AD B2C | Yes | [Yes][B2CDirectoryExt] | Yes | Yes |
| Limits | 15 predefined attributes per user or device resource instance | 100 extension values per resource instance | Maximum of five definitions per owner app
100 extension values per resource instance (directory objects only) | Two open extensions per creator app per resource instance2
Max. of 2 Kb per open extension2 For Outlook resources, each open extension is stored in a [MAPI named property][MAPI-named-property]3 |
@@ -1087,10 +1087,11 @@ The same privileges that your app requires to read from or write to a resource i
[todoTask]: /graph/api/resources/todotask
[todoTaskList]: /graph/api/resources/todotasklist
[servicePrincipal]: /graph/api/resources/serviceprincipal
-[AD connect]: /azure/active-directory/hybrid/whatis-hybrid-identity?context=/azure/active-directory/enterprise-users/context/ugr-context
-[ADConnect-YES]: /azure/active-directory/hybrid/how-to-connect-sync-feature-directory-extensions
-[dynamic membership rules]: /azure/active-directory/enterprise-users/groups-dynamic-membership
-[DynamicMembership-YES]: /azure/active-directory/enterprise-users/groups-dynamic-membership#extension-properties-and-custom-extension-properties
-[DirectoryExt-CustomClaims]: /azure/active-directory/develop/active-directory-optional-claims#configuring-directory-extension-optional-claims
+[AD connect]: /entra/identity/hybrid/whatis-hybrid-identity?context=%2Fazure%2Factive-directory%2Fenterprise-users%2Fcontext%2Fugr-context
+[ADConnect-YES]: /entra/identity/hybrid/connect/how-to-connect-sync-feature-directory-extensions
+[dynamic membership rules]: /entra/identity/users/groups-dynamic-membership
+[DynamicMembership-YES]: /entra/identity/users/groups-dynamic-membership#extension-properties-and-custom-extension-properties
+[DirectoryExt-CustomClaims-Concept]: /entra/identity-platform/schema-extensions
+[DirectoryExt-CustomClaims-HowTo]: /entra/identity-platform/optional-claims#configure-directory-extension-optional-claims
[B2CDirectoryExt]: /azure/active-directory-b2c/user-profile-attributes#extension-attributes
[MAPI-named-property]: /office/client-developer/outlook/mapi/mapi-named-properties
diff --git a/concepts/partners-billing-concept-overview.md b/concepts/partners-billing-concept-overview.md
index 5c8ddea2e71..efcf1fb40ed 100644
--- a/concepts/partners-billing-concept-overview.md
+++ b/concepts/partners-billing-concept-overview.md
@@ -1,12 +1,14 @@
---
-title: "Use the partner billing API in Microsoft Graph to access billing data (preview)"
+title: "Use the partner billing API in Microsoft Graph to access billing data"
description: "Learn how to use the partner billing API in Microsoft Graph to facilitate the export of billing data."
author: "abhishek-singh-ms"
ms.localizationpriority: medium
ms.prod: "reports"
---
-# Use the partner billing API in Microsoft Graph to access billing data (preview)
+# Use the partner billing API in Microsoft Graph to access billing data
+
+[!INCLUDE [alerts-callout-csp-partner-only](../includes/alerts-callout-csp-partner-only.md)]
The partner billing API in Microsoft Graph allow Microsoft direct partners in the Cloud Solution Provider programs to export their high-volume billed and unbilled data asynchronously. This removes the need to maintain an open connection for hours and loop through millions of transactions iteratively. Asynchronous APIs enable fast, efficient retrieval of billing and reconciliation data in manageable chunks for quicker reconciliation.
@@ -43,9 +45,10 @@ Use the [Get operation](/graph/api/partners-billing-operation-get) endpoint to p
Looking for the API reference for this service?
-[Partner billing API in Microsoft Graph beta](/graph/api/resources/partners-billing-api-overview?view=graph-rest-beta&preserve-view=true)
+- [Partner billing API in Microsoft Graph v1.0](/graph/api/resources/partners-billing-api-overview?view=graph-rest-1.0&preserve-view=true)
+- [Partner billing API in Microsoft Graph beta](/graph/api/resources/partners-billing-api-overview?view=graph-rest-beta&preserve-view=true)
## Next steps
-- To learn more about the partner billing API, see [Use the Microsoft Graph API to export partner billing data (preview)](/graph/api/resources/partners-billing-api-overview?view=graph-rest-beta&preserve-view=true).
+- To learn more about the partner billing API, see [Use the Microsoft Graph API to export partner billing data](/graph/api/resources/partners-billing-api-overview).
- Try the partner billing API in [Graph Explorer](https://developer.microsoft.com/graph/graph-explorer).
diff --git a/concepts/reportroot-concept-overview.md b/concepts/reportroot-concept-overview.md
index 16596174e27..fcff78ac451 100644
--- a/concepts/reportroot-concept-overview.md
+++ b/concepts/reportroot-concept-overview.md
@@ -52,7 +52,7 @@ You can use the reports API to access the data sets listed in the following tabl
| Microsoft 365 (general) | [Activations](/graph/api/resources/office-365-activations-reports)
[Active users](/graph/api/resources/office-365-active-users-reports)
[Apps usage](/graph/api/resources/microsoft-365-apps-usage-report)
[Browser usage (preview)](/graph/api/resources/microsoft-365-browser-usage-report)
[Groups activity](/graph/api/resources/office-365-groups-activity-reports) |
| OneDrive | [Activity](/graph/api/resources/onedrive-activity-reports)
[Usage](/graph/api/resources/onedrive-usage-reports) |
| Outlook | [Activity](/graph/api/resources/email-activity-reports)
[App usage](/graph/api/resources/email-app-usage-reports)
[Mailbox usage](/graph/api/resources/mailbox-usage-reports) |
-| Partner billing | [Billed usage (preview)](/graph/api/resources/partners-billing-billedusage)
[Unbilled usage (preview)](/graph/api/resources/partners-billing-unbilledusage) |
+| Partner billing | [Billed usage](/graph/api/resources/partners-billing-billedusage)
[Unbilled usage](/graph/api/resources/partners-billing-unbilledusage) |
| SharePoint | [Activity](/graph/api/resources/sharepoint-activity-reports)
[Site usage](/graph/api/resources/sharepoint-site-usage-reports) |
| Skype for Business | [Activity](/graph/api/resources/skype-for-business-activity-reports)
[Device usage](/graph/api/resources/skype-for-business-device-usage-reports)
[Organizer activity](/graph/api/resources/skype-for-business-organizer-activity-reports)
[Participant activity](/graph/api/resources/skype-for-business-participant-activity-reports)
[Peer to peer activity](/graph/api/resources/skype-for-business-peer-to-peer-activity) |
| Yammer | [Activity](/graph/api/resources/yammer-activity-reports)
[Device usage](/graph/api/resources/yammer-device-usage-reports)
[Groups activity](/graph/api/resources/yammer-groups-activity-reports) |
@@ -64,6 +64,8 @@ Looking for the API reference for this service?
- [Identity and access reports API in Microsoft Graph beta](/graph/api/resources/report-identity-access?view=graph-rest-beta&preserve-view=true)
- [Microsoft 365 usage reports API in Microsoft Graph v1.0](/graph/api/resources/report?view=graph-rest-1.0&preserve-view=true)
- [Microsoft 365 usage reports API in Microsoft Graph beta](/graph/api/resources/report?view=graph-rest-beta&preserve-view=true)
+- [Partner billing reports API in Microsoft Graph v1.0](/graph/api/resources/partners-billing-api-overview?view=graph-rest-1.0&preserve-view=true)
+- [Partner billing reports API in Microsoft Graph beta](/graph/api/resources/partners-billing-api-overview?view=graph-rest-beta&preserve-view=true)
## Next steps
diff --git a/concepts/search-concept-display-layout.md b/concepts/search-concept-display-layout.md
index 74abf93bcd5..c9d263f22f1 100644
--- a/concepts/search-concept-display-layout.md
+++ b/concepts/search-concept-display-layout.md
@@ -5,6 +5,7 @@ author: "yiwenwang"
ms.author: "yiwenwang"
ms.localizationpriority: medium
ms.prod: "search"
+#Customer intent: As a developer, I want to use the Microsoft Search API to manage layout templates for search results, so that I can customize the display and behavior of different types of search results on search result pages.
---
# Use the Microsoft Search API to manage layout templates for search results
diff --git a/concepts/toc.yml b/concepts/toc.yml
index c108e00fc75..7dffcd0a3a8 100644
--- a/concepts/toc.yml
+++ b/concepts/toc.yml
@@ -788,7 +788,7 @@ items:
displayName: report, reports
- name: Authorization for Microsoft 365 usage reports
href: reportroot-authorization.md
- - name: Partner billing (preview)
+ - name: Partner billing
href: partners-billing-concept-overview.md
- name: Search
items:
diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md
index a65bcdd1e4a..d79f0d3914c 100644
--- a/concepts/whats-new-overview.md
+++ b/concepts/whats-new-overview.md
@@ -30,6 +30,15 @@ Use the **webURL** property to get the deep link URL of an [educationSubmission]
Through the **attributes** property of the [accessPackageResource resource type](/graph/api/resources/accesspackageresource), you can now view details of the attributes that are collected from the requestor and sent to the resource application.
+### Reports | Partner billing reports
+
+The new partner billing API in Microsoft Graph offers Microsoft direct partners a faster, more efficient way to export their high-volume billed and unbilled Azure usage data. Partners can quickly create export operations, monitor their status, and retrieve manifests using the following APIs:
+
+- [billedUsage: export](/graph/api/partners-billing-billedusage-export)
+- [unbilledUsage: export](/graph/api/partners-billing-unbilledusage-export)
+- [Get operation](/graph/api/partners-billing-operation-get)
+- [Get manifest](/graph/api/partners-billing-manifest-get)
+
### Teamwork and communications | Calls and online meetings
Communications servers can publish [deltaParticipants](/graph/api/resources/deltaParticipants) notifications for the creation, update, or deletion of a [participant](/graph/api/resources/participant) in a [call](/graph/api/resources/call). For more information, see [JSON payload examples](/graph/api/application-post-calls#notification---roster) of notifications with delta roster disabled or enabled.
@@ -54,6 +63,10 @@ The following properties are deprecated:
- **sku** and **skuDisplayName** properties on [cloudPcGalleryImage](/graph/api/resources/cloudpcgalleryimage?view=graph-rest-beta&preserve-view=true) in favor of the **skuName** property.
- **statusDetails** property on [cloudPcDeviceImage](/graph/api/resources/cloudpcdeviceimage?view=graph-rest-beta&preserve-view=true) in favor of the **errorCode** property, to identify why an upload failed. The **errorCode** property is of type [cloudPcDeviceImageErrorCode](/graph/api/resources/cloudpcdeviceimage#cloudpcdeviceimageerrorcode-values?view=graph-rest-beta&preserve-view=true).
- **id** property on [cloudPcSourceDeviceImage](/graph/api/resources/cloudpcsourcedeviceimage?view=graph-rest-beta&preserve-view=true) in favor of the **resourceId** property, to get the fully qualified unique identifier of the source image resource in Azure.
+- **windowsSettings** property on [cloudPcProvisioningPolicy](/graph/api/resources/cloudpcprovisioningpolicy?view=graph-rest-beta&preserve-view=true) in favor of the **windowsSetting** property.
+- **type** property on [cloudPcDomainJoinConfiguration](/graph/api/resources/cloudpcdomainjoinconfiguration?view=graph-rest-beta&preserve-view=true) in favor of the **domainJoinType** property.
+- **type** property on [microsoftManagedDesktop](/graph/api/resources/microsoftmanageddesktop?view=graph-rest-beta&preserve-view=true) in favor of the **managedType** property.
+- **frequencyInHours** property on [cloudPcRestorePointSetting](/graph/api/resources/cloudpcrestorepointsetting?view=graph-rest-beta&preserve-view=true) in favor of the **frequencyType** property.
### Identity and access | Governance
diff --git a/concepts/windowsupdates-deploy-expedited-update.md b/concepts/windowsupdates-deploy-expedited-update.md
index 4977004d13e..b5d3ff0b7e3 100644
--- a/concepts/windowsupdates-deploy-expedited-update.md
+++ b/concepts/windowsupdates-deploy-expedited-update.md
@@ -25,6 +25,7 @@ Expedited quality updates also have the following characteristics:
* Devices meet the [prerequisites for the deployment service](windowsupdates-concept-overview.md#prerequisites).
* Devices have installed the update described in [KB4023057 - Update for Windows 10 Update Service components](https://support.microsoft.com/topic/kb4023057-update-for-windows-10-update-service-components-fccad0ca-dc10-2e46-9ed1-7e392450fb3a) (or newer).
+* To verify that your devices meet the prerequisites for receiving an expedited update, use the [Readiness test for expediting updates](/windows/deployment/update/deployment-service-expedited-updates#readiness-test-for-expediting-updates).
## Step 1: (Optional) Get a list of expeditable updates
diff --git a/includes/alerts-callout-csp-partner-only.md b/includes/alerts-callout-csp-partner-only.md
new file mode 100644
index 00000000000..ffd32d115de
--- /dev/null
+++ b/includes/alerts-callout-csp-partner-only.md
@@ -0,0 +1,11 @@
+---
+author: "sourishdeb"
+ms.localizationpriority: medium
+ms.prod: "reports"
+ms.topic: include
+---
+
+
+> [!NOTE]
+> This API is available for Cloud Solution Provider (CSP) partners only to access their billed and unbilled reconciliation data for a tenant. To learn more about the CSP program, see [Microsoft Cloud Solution Provider](/partner-center/csp-overview).
+