Edit

What's new in Microsoft Graph

Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.

For more detailed API-level updates, see the Microsoft Graph API changelog.

For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.

Important

Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.

June 2026: New and generally available

Applications | Service principal

Evaluate applications in the Microsoft Entra application gallery by using the applicationTemplate resource type, including the riskScore and riskFactors properties for risk assessment.

Files | Reports

Groups

  • Added the accessType, isFavorite, unseenConversationsCount, and unseenMessagesCount properties to the group resource. Use these properties to manage access settings and track conversation activity for Microsoft 365 groups. Added the groupAccessType enumeration type to support the accessType property on the group resource.

Identity and access | Directory management

Added the allowOnPremUpdateOfOnPremisesObjectIdentifierEnabled property to the onPremisesDirectorySynchronizationFeature resource.

Identity and access | Governance

  • Added the Get and Update methods to the accessPackageSubject resource type to manage the subject lifecycle of external directory users in Microsoft Entra entitlement management.
  • Added the type property to the accessPackageResourceRole resource to indicate whether an Azure resource role is active or eligible, enabling PIM-based role assignments for Azure resources in access packages.
  • Added the accessPackageSuggestion resource type and related methods for discovering suggested access packages based on related people insights and assignment history. Use the filterByCurrentUser function to retrieve personalized suggestions.
  • Added the approverInformationVisibility property to the accessPackageApprovalStage resource to control whether approver information is visible to requestors.
  • Added the endUserSettings resource type and related methods for configuring access package suggestion behavior, including related people insight levels and approver detail visibility.
  • Added the cancelProcessing method to the workflow resource to cancel workflow runs that are currently in progress or queued.
  • Added workflow preview operations to the workflow resource type in Lifecycle Workflows, enabling you to validate tasks and run workflows in preview mode without affecting production users.
  • Added support for automatically quarantining Lifecycle Workflows to stop a workflow from processing more users than expected. Configure thresholds using the quarantineConfiguration property on lifecycleManagementSettings, and clear a quarantine by calling clearQuarantine.

Identity and access | Identity and sign-in

  • Added support for programmatic FIDO2 passkey registration. Use the creationOptions function to get WebAuthn credential creation options, then complete registration by posting the new publicKeyCredential property to the fido2AuthenticationMethod resource.

People and workplace intelligence

  • Updated Manage profile source precedence in Microsoft 365 to clarify supported data sources for HR and work position data, explain how source precedence affects single-value versus multi-value properties, and add guidance on correctly configuring and removing tenant-level settings using the Microsoft Graph API or PowerShell.
  • Added the People data sources in Microsoft 365 concept article that describes the data sources that build the Microsoft 365 user profile, including Microsoft Entra ID, Copilot connectors, Organizational data, SharePoint, People Skills, user edits, and the API user source. The article also provides a reference table of built-in source IDs (GUIDs) and explains how source metadata appears in the profile API output.

Security | Alerts and incidents

Security | eDiscovery

Teamwork and communications | Graph API controls

Teamwork and communications | Shift management

  • The timeZone property of the schedule resource must be set to an IANA time zone name, such as America/Chicago or Europe/London. For more information, see Create or replace schedule.

Users

  • Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.

June 2026: New in preview only

Agents | Agent identities

  • Added the appRoleAssignmentRequired property to the agentIdentity resource. This property indicates whether users or service principals must be explicitly granted an app role assignment before they can access the agent identity.

Applications | Service principal

Backup and recovery | Microsoft 365 Backup and Storage

  • Added support for full workload backup APIs to protect entire Microsoft 365 workloads (SharePoint Online, OneDrive for work or school, and Exchange Online) with minimal administrative overhead. Create a protection policy that backs up all data in a workload and specify only the items to exclude from backup. For more information, see exclusionUnitBase.
  • Deprecated the queryExpression property on the artifactQuery resource. Use the structuredQueryExpression property instead to create structured search queries.
  • Added the error property of type publicError to the granularRestoreArtifactBase resource and its derived types. Use this property to get error details when a granular restore operation for an individual artifact fails or completes with an error.

Files

  • Use the new lockInfo property on the driveItem resource to read lock metadata for an item in OneDrive or SharePoint, including the lock type, when it was created, when it expires, and which users currently hold the lock.

Device and app management | Cloud PC

  • Use the cloudPcProvisioningPolicy: apply method to apply policy settings such as region and singleSignOn. This method also supports reprovisioning for frontline shared mode Cloud PCs by using the reservePercentage parameter to control the percentage of Cloud PCs that remain available during the process.
  • Retrieve the pending apply status of a provisioning policy to determine whether unapplied changes exist for Cloud PCs.
  • Use the isForceUserLogoffEnabled parameter and property on cloudPcProvisioningPolicy: apply and cloudPcPolicyScheduledApplyActionDetail to indicate whether active Cloud PC sessions are forcibly signed out when reprovisioning begins.

Device and app management | Device updates

Added the updateCategoryEnrollmentInformation resource type to manage per-category enrollment state for Windows Updates. Use it to track enrollment state changes across update categories and access the current enrollment configuration through the updateManagementEnrollment and azureADDevice resources.

Files

Upsert (create or update) up to 40 permissions on a fileStorageContainer in a single request. The limit increased from 10 to 40 permission objects per request.

Identity and access | Directory management

Added redirect URI validation and restriction capabilities to tenant app management policies, allowing tenant administrators to control redirect URI schemes, domains, and wildcard usage. Use the redirectUris property -> redirectUriConfiguration resource and its associated configuration resources to manage these restrictions through the appManagementApplicationConfiguration and customAppManagementApplicationConfiguration resources.

Identity and access | Governance

  • Added reviewer delegation support to the accessReviewInstance: filterByCurrentUser API for access reviews.
  • Added provisioning workflow support to lifecycle workflows. Use the activateAndWait action to run workflows synchronously for non-user subjects such as provisioning objects.
  • Added support for automatically quarantining Lifecycle Workflows to stop a workflow from processing more users than expected. Configure thresholds using the quarantineConfiguration property on lifecycleManagementSettings, and clear a quarantine by calling clearQuarantine.

Identity and access | Identity and sign-in

Added the callerIdNumber property to the voiceAuthenticationMethodConfiguration resource. Use this property to configure the phone number displayed as the caller ID when voice call authentication is initiated.

Mail

Use the user configuration API in Microsoft Graph to build solutions that store and retrieve per-folder configuration data alongside Exchange Online mailbox content.

Introduced programmatic management of personal distribution lists in user mailboxes through the distributionList and distributionListMember resource types. You can now:

  • Create, read, update, and delete distribution lists in a user's mailbox
  • Add and remove members from distribution lists
  • Retrieve expanded member information with resolved contact details and recipient types
  • List all distribution lists owned by a user

Personal distribution lists enable users to group email recipients together and send messages to all members at once without entering each address individually.

Reports | Identity and access reports

Added the identityAnalyticsRoot resource type to provide point-in-time identity analytics for your tenant, starting with analytics about your groups such as their membership, ownership, and type.

Security | Advanced hunting

Security | Alerts and incidents

Security | Custom detection rules

  • Updated the custom detection rules API in Microsoft 365 Defender with new capabilities, including: Infrastructure-as-code (IaC) support through user-defined IDs, custom run frequency, flexible entity mapping, custom alert details, and configurable response actions.

Security | Data security and compliance

  • Added the policyTipAction resource type and the policyTip member to the dlpAction enumeration. This enables applications to receive policy tip guidance as a standalone action when DLP policies are triggered through the processContent and protectionScopes APIs.

Security | eDiscovery

Security | Email and collaboration protection

  • Use the analyzedEmail resource type and its associated methods to give Security Operations teams direct, near real-time access to query email threats, indicators of compromise (IOCs), attack vectors, and evidence in a tenant. Email metadata, verdict information, related underlying entities such as attachments and URLs, filters, and timeline events are returned to support investigation and response.
  • List analyzedEmails under the collaboration root to retrieve email records for a time range with support for $filter, $top, $count, and $skiptoken.
  • Get analyzedEmail to read the properties of a specific email, including its attachments, URLs, threat detection details, and timeline events.
  • analyzedEmail: remediate to trigger purge actions (move to junk, move to Inbox, soft delete, hard delete, move to deleted items, move to quarantine) for SOAR integrations, playbooks, and automations.

Security | Identities

  • Introduced sensor migration capabilities to migrate eligible Microsoft Defender for Identity sensors.

Sites and lists

  • Added the isSearchable property to the columnDefinition resource type to enable independent control of the searchable state of a column, separate from the indexed property. This property is currently supported only for columns in a fileStorageContainer.
  • Added the sharePointReportSettings resource type and related methods for managing SharePoint API usage report metrics. Use the enableApiUsageReport and disableApiUsageReport methods to control which metrics are collected and reported for your tenant.

Teamwork and communications | Calls and online meetings

Teamwork and communications | Messaging

Add a Viva Engage community to a section. You can provide either the bare community ID returned when you list communities (for example, eyJfdHlwZSI6Ikdyb3VwIiwiaWQiOiIxOTAzMzYyMTIyMTAifQ) or the full 19:{communityId}@EngageCommunity thread ID. When you provide a bare community ID, the service automatically normalizes it to the 19:{communityId}@EngageCommunity format; an ID that already includes the thread prefix is used as-is.

Teamwork and communications | Shift management

The timeZone property of the schedule resource must be set to an IANA time zone name, such as America/Chicago or Europe/London. For more information, see Create or replace schedule.

Tenants | Cross-tenant migration

Validate and migrate a cross-tenant migration job asynchronously. A previously created job must pass validation before migration can start.

Tenants | Tenant governance

Added the groupDisplayName property to the delegatedAdministrationRoleAssignment and delegatedAdministrationRoleAssignmentSnapshot resources. This property surfaces the display name of the security group inline, so consumers don't need to make a separate Microsoft Graph /groups/{id} call to resolve it.

Users

  • Application permissions for the user: translateExchangeIds API are supported only for request URLs that identify a user in the path.

Contribute to Microsoft Graph

Are there scenarios you'd like Microsoft Graph to support?

  • Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.

  • Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.

  • Join our research panel to provide your input on our developer experiences.