Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.
For more detailed API-level updates, see the Microsoft Graph API changelog.
For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.
Important
Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.
June 2026: New and generally available
Applications | Service principal
Evaluate applications in the Microsoft Entra application gallery by using the applicationTemplate resource type, including the riskScore and riskFactors properties for risk assessment.
Files | Reports
- Added the getSharePointApiUsage method to the reportRoot resource to retrieve aggregated OneDrive and SharePoint API usage metrics for a tenant.
- Upsert (create or update) up to 40 permissions on a fileStorageContainer in a single request. The limit increased from 10 to 40 permission objects per request.
Groups
- Added the accessType, isFavorite, unseenConversationsCount, and unseenMessagesCount properties to the group resource. Use these properties to manage access settings and track conversation activity for Microsoft 365 groups. Added the groupAccessType enumeration type to support the accessType property on the group resource.
Identity and access | Directory management
Added the allowOnPremUpdateOfOnPremisesObjectIdentifierEnabled property to the onPremisesDirectorySynchronizationFeature resource.
Identity and access | Governance
- Added the Get and Update methods to the accessPackageSubject resource type to manage the subject lifecycle of external directory users in Microsoft Entra entitlement management.
- Added the type property to the accessPackageResourceRole resource to indicate whether an Azure resource role is active or eligible, enabling PIM-based role assignments for Azure resources in access packages.
- Added the accessPackageSuggestion resource type and related methods for discovering suggested access packages based on related people insights and assignment history. Use the filterByCurrentUser function to retrieve personalized suggestions.
- Added the approverInformationVisibility property to the accessPackageApprovalStage resource to control whether approver information is visible to requestors.
- Added the endUserSettings resource type and related methods for configuring access package suggestion behavior, including related people insight levels and approver detail visibility.
- Added the cancelProcessing method to the workflow resource to cancel workflow runs that are currently in progress or queued.
- Added workflow preview operations to the workflow resource type in Lifecycle Workflows, enabling you to validate tasks and run workflows in preview mode without affecting production users.
- Added support for automatically quarantining Lifecycle Workflows to stop a workflow from processing more users than expected. Configure thresholds using the quarantineConfiguration property on lifecycleManagementSettings, and clear a quarantine by calling clearQuarantine.
Identity and access | Identity and sign-in
- Added support for programmatic FIDO2 passkey registration. Use the creationOptions function to get WebAuthn credential creation options, then complete registration by posting the new publicKeyCredential property to the fido2AuthenticationMethod resource.
People and workplace intelligence
- Updated Manage profile source precedence in Microsoft 365 to clarify supported data sources for HR and work position data, explain how source precedence affects single-value versus multi-value properties, and add guidance on correctly configuring and removing tenant-level settings using the Microsoft Graph API or PowerShell.
- Added the People data sources in Microsoft 365 concept article that describes the data sources that build the Microsoft 365 user profile, including Microsoft Entra ID, Copilot connectors, Organizational data, SharePoint, People Skills, user edits, and the API user source. The article also provides a reference table of built-in source IDs (GUIDs) and explains how source metadata appears in the profile API output.
Security | Alerts and incidents
- Added the tenantId property to the userAccount resource to provide the Entra home tenant ID for the compromised user account indicated in a security alert where the alert evidence is related to a processEvidence, userEvidence, or mailboxEvidence.
- Added the alert: moveAlerts and incident: mergeIncidents actions to support moving alerts and merging incidents in Microsoft Defender.
- Added the correlationReason enumeration and mergeResponse resource type.
Security | eDiscovery
- Added the
cloudNativeHtmlConversionmember to the additionalDataOptions enumeration.
Teamwork and communications | Graph API controls
- Updated Microsoft Graph documentation for transcript APIs to add guidance on tenant administrator controls that govern transcript access and speaker attribution. For more information, see Get change notifications for transcripts and recordings using Microsoft Graph.
Teamwork and communications | Shift management
- The timeZone property of the schedule resource must be set to an IANA time zone name, such as
America/ChicagoorEurope/London. For more information, see Create or replace schedule.
Users
- Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.
June 2026: New in preview only
Agents | Agent identities
- Added the appRoleAssignmentRequired property to the agentIdentity resource. This property indicates whether users or service principals must be explicitly granted an app role assignment before they can access the agent identity.
Applications | Service principal
- Added the categories method to the applicationTemplate resource type to retrieve the list of supported categories that can appear in the
categoriesproperty. Each entry is returned as an applicationTemplateCategory with the API value and a localizable display name.
Backup and recovery | Microsoft 365 Backup and Storage
- Added support for full workload backup APIs to protect entire Microsoft 365 workloads (SharePoint Online, OneDrive for work or school, and Exchange Online) with minimal administrative overhead. Create a protection policy that backs up all data in a workload and specify only the items to exclude from backup. For more information, see exclusionUnitBase.
- Deprecated the queryExpression property on the artifactQuery resource. Use the structuredQueryExpression property instead to create structured search queries.
- Added the error property of type publicError to the granularRestoreArtifactBase resource and its derived types. Use this property to get error details when a granular restore operation for an individual artifact fails or completes with an error.
Files
- Use the new lockInfo property on the driveItem resource to read lock metadata for an item in OneDrive or SharePoint, including the lock type, when it was created, when it expires, and which users currently hold the lock.
Device and app management | Cloud PC
- Use the cloudPcProvisioningPolicy: apply method to apply policy settings such as
regionandsingleSignOn. This method also supports reprovisioning for frontline shared mode Cloud PCs by using the reservePercentage parameter to control the percentage of Cloud PCs that remain available during the process. - Retrieve the pending apply status of a provisioning policy to determine whether unapplied changes exist for Cloud PCs.
- Use the isForceUserLogoffEnabled parameter and property on cloudPcProvisioningPolicy: apply and cloudPcPolicyScheduledApplyActionDetail to indicate whether active Cloud PC sessions are forcibly signed out when reprovisioning begins.
Device and app management | Device updates
Added the updateCategoryEnrollmentInformation resource type to manage per-category enrollment state for Windows Updates. Use it to track enrollment state changes across update categories and access the current enrollment configuration through the updateManagementEnrollment and azureADDevice resources.
Files
Upsert (create or update) up to 40 permissions on a fileStorageContainer in a single request. The limit increased from 10 to 40 permission objects per request.
Identity and access | Directory management
Added redirect URI validation and restriction capabilities to tenant app management policies, allowing tenant administrators to control redirect URI schemes, domains, and wildcard usage. Use the redirectUris property -> redirectUriConfiguration resource and its associated configuration resources to manage these restrictions through the appManagementApplicationConfiguration and customAppManagementApplicationConfiguration resources.
Identity and access | Governance
- Added reviewer delegation support to the accessReviewInstance: filterByCurrentUser API for access reviews.
- Added provisioning workflow support to lifecycle workflows. Use the
activateAndWaitaction to run workflows synchronously for non-user subjects such as provisioning objects. - Added support for automatically quarantining Lifecycle Workflows to stop a workflow from processing more users than expected. Configure thresholds using the quarantineConfiguration property on lifecycleManagementSettings, and clear a quarantine by calling clearQuarantine.
Identity and access | Identity and sign-in
Added the callerIdNumber property to the voiceAuthenticationMethodConfiguration resource. Use this property to configure the phone number displayed as the caller ID when voice call authentication is initiated.
Use the user configuration API in Microsoft Graph to build solutions that store and retrieve per-folder configuration data alongside Exchange Online mailbox content.
Introduced programmatic management of personal distribution lists in user mailboxes through the distributionList and distributionListMember resource types. You can now:
- Create, read, update, and delete distribution lists in a user's mailbox
- Add and remove members from distribution lists
- Retrieve expanded member information with resolved contact details and recipient types
- List all distribution lists owned by a user
Personal distribution lists enable users to group email recipients together and send messages to all members at once without entering each address individually.
Reports | Identity and access reports
Added the identityAnalyticsRoot resource type to provide point-in-time identity analytics for your tenant, starting with analytics about your groups such as their membership, ownership, and type.
Security | Advanced hunting
- Added the getRunHuntingQuery function as a GET-based companion to runHuntingQuery for running advanced hunting queries against Microsoft Defender XDR data.
- Added the optional workspaceId parameter on runHuntingQuery and getRunHuntingQuery to target a specific Log Analytics workspace.
Security | Alerts and incidents
- Use the Create manualAlert method to create a manual security alert with specified entities and metadata. The new manualAlert resource type derives from alert and uses the entityDefinitionInput complex type to specify associated entities.
- Added the tenantId property to the userAccount resource to provide the Entra home tenant ID for the compromised user account indicated in a security alert where the alert evidence is related to a processEvidence, userEvidence, or mailboxEvidence.
Security | Custom detection rules
- Updated the custom detection rules API in Microsoft 365 Defender with new capabilities, including: Infrastructure-as-code (IaC) support through user-defined IDs, custom run frequency, flexible entity mapping, custom alert details, and configurable response actions.
Security | Data security and compliance
- Added the policyTipAction resource type and the
policyTipmember to the dlpAction enumeration. This enables applications to receive policy tip guidance as a standalone action when DLP policies are triggered through the processContent and protectionScopes APIs.
Security | eDiscovery
- Added the
cloudNativeHtmlConversionmember to the additionalDataOptions enumeration.
Security | Email and collaboration protection
- Use the analyzedEmail resource type and its associated methods to give Security Operations teams direct, near real-time access to query email threats, indicators of compromise (IOCs), attack vectors, and evidence in a tenant. Email metadata, verdict information, related underlying entities such as attachments and URLs, filters, and timeline events are returned to support investigation and response.
- List analyzedEmails under the collaboration root to retrieve email records for a time range with support for
$filter,$top,$count, and$skiptoken. - Get analyzedEmail to read the properties of a specific email, including its attachments, URLs, threat detection details, and timeline events.
- analyzedEmail: remediate to trigger purge actions (move to junk, move to Inbox, soft delete, hard delete, move to deleted items, move to quarantine) for SOAR integrations, playbooks, and automations.
Security | Identities
- Introduced sensor migration capabilities to migrate eligible Microsoft Defender for Identity sensors.
Sites and lists
- Added the isSearchable property to the columnDefinition resource type to enable independent control of the searchable state of a column, separate from the indexed property. This property is currently supported only for columns in a fileStorageContainer.
- Added the sharePointReportSettings resource type and related methods for managing SharePoint API usage report metrics. Use the enableApiUsageReport and disableApiUsageReport methods to control which metrics are collected and reported for your tenant.
Teamwork and communications | Calls and online meetings
- Use the isRegistrationRequired property on the virtualEventTownhall and virtualEventWebinar resources to specify if attendees must complete the registration flow before they can attend.
- Use the meetingType property on onlineMeeting and virtualEventSession to determine whether a meeting is ad hoc, scheduled, recurring, a broadcast, or a Meet now session. The property is defined on the onlineMeetingBase resource and uses the onlineMeetingType enumeration.
- Use the cloudVideoInteropInfo property on onlineMeeting and virtualEventSession to get the conferencing device integration settings for Cloud Video Interop.
Teamwork and communications | Messaging
Add a Viva Engage community to a section. You can provide either the bare community ID returned when you list communities (for example, eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTAzMzYyMTIyMTAifQ) or the full 19:{communityId}@EngageCommunity thread ID. When you provide a bare community ID, the service automatically normalizes it to the 19:{communityId}@EngageCommunity format; an ID that already includes the thread prefix is used as-is.
Teamwork and communications | Shift management
The timeZone property of the schedule resource must be set to an IANA time zone name, such as America/Chicago or Europe/London. For more information, see Create or replace schedule.
Tenants | Cross-tenant migration
Validate and migrate a cross-tenant migration job asynchronously. A previously created job must pass validation before migration can start.
Tenants | Tenant governance
Added the groupDisplayName property to the delegatedAdministrationRoleAssignment and delegatedAdministrationRoleAssignmentSnapshot resources. This property surfaces the display name of the security group inline, so consumers don't need to make a separate Microsoft Graph /groups/{id} call to resolve it.
Users
- Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.
Contribute to Microsoft Graph
Are there scenarios you'd like Microsoft Graph to support?
Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (
https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.
Join our research panel to provide your input on our developer experiences.