Microsoft Graph API Identity & Access Management

this connector facilitates the management of identities and access within azure active directory through the microsoft graph api, enabling automated workflows for security and it operations microsoft graph api identity & access management connector enables seamless integration with microsoft's comprehensive identity and access management services it allows swimlane turbine users to manage authentication methods, access controls, and identity protection mechanisms directly within their security workflows by leveraging this connector, organizations can automate critical security tasks, enhance their identity governance, and respond rapidly to identity related security events configuration prerequisites to utilize the microsoft graph api identity & access management connector, the following prerequisites must be met client credentials and tenant id authentication with the following parameters url endpoint url for microsoft graph api client id application id registered in azure ad client secret secret generated for the application in azure ad tenant id directory id of the azure ad tenant scope permissions the app requires oauth 2 0 client credentials with the following parameters url endpoint url for microsoft graph api client id application id registered in azure ad client secret secret generated for the application in azure ad token url url to retrieve the oauth2 token scope permissions the app requires delegated flow authentication with the following parameters url endpoint url for microsoft graph api tenant id directory id of the azure ad tenant and so on authentication methods oauth 2 0 client credentials authentication with these parameters url endpoint for microsoft graph api client id application (client) id registered in azure ad client secret client secret (key) generated for the application in azure ad token url url to retrieve the oauth token scope permissions the app requires password grant (delegated authentication) for acting on behalf of a user url endpoint for microsoft graph api tenant id directory id of the azure ad tenant oauth un user's username to authenticate oauth pwd user's password to authenticate oauth cl id application (client) id registered in azure ad oauth cl secret client secret (key) generated for the application in azure ad login url login url default value is https //login microsoftonline com (optional) scope permissions the app requires optional field (optional) asset credentials specific to your organization (microsoft graph api asset tenant id) url endpoint for microsoft graph api client id application (client) id registered in azure ad client secret client secret (key) generated for the application in azure ad tenant id directory id of the azure ad tenant scope permissions the app requires authentication for oauth2 refresh token grant credentials for microsoft graph api authentication url endpoint for microsoft graph api client id application (client) id registered in azure ad client secret client secret (key) generated for the application in azure ad refresh token refresh token scope permissions the app requires capabilities the microsoft graph api connector gives the ability to get and update security alerts, and modify user licenses and sessions add directory administrative unit member create identity directory device create identity directory domain create identity directory role management create identity directory role member delete directory administrative unit member delete fido2 authentication method delete identity directory device delete identity directory device registered user delete identity directory domain delete identity directory role management delete identity directory role member delete microsoft authenticator auth method delete phone authentication method delete software oath authentication method and so on asset setup client credential flow authentication authentication uses azure application oauth2 you will need an admin account in azure to create the application recommended application permissions (feel free use custom permissions if you only use certain actions) user readwrite all calendars readwrite directory readwrite all directory accessasuser all securityevents read all securityevents readwrite all user manageidentities all, user enabledisableaccount all, user readwrite all securityincident readwrite all userauthenticationmethod read all userauthenticationmethod readwrite all group readwrite all identityriskyuser read all in order to set up the asset, you need the following azure application client id azure application client secret azure tenant id steps to create the azure app go to the https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade in the azure portal click new registration enter a name for your new application and choose accounts in this organizational directory only , then click register at the bottom navigate to the api permissions tab on the left navigation menu select add a permission select microsoft graph select application permissions , then mark all the permissions you need for the actions you are using (see suggested permissions at the top of the asset setup section) click the add permissions button at the bottom of the page select grant admin consent for your organization, then your permissions should look as below navigate to the certificates & secrets tab and select new client secret fill out the description and expiration, then click the add button at the bottom the value of the secret you just created is the client secret needed for the swimlane asset navigate to the overview tab on the left menu the client id and tenant id needed in the asset are shown on this page the client id , tenant id , and client secret described in the steps above are the credentials you need for the asset password flow (delegated auth) use delegated permissions, instead of application permissions, and generate client id , tenant id , and client secret as described in the above client credential flow authentication we also need an username and a password for this authentication authentication flow for oauth2 refresh token oauth 2 0 refresh token grant, which requires a refresh token , tenant id , client id and client secret use this auth with accounts which have mfa enabled to generate a refresh token please follow the instructions below in step 3 of the above mentioned setup instructions, please provide a redirect uri and select the platform as 'web', before clicking on register at the the bottom proceed with the remaining steps to generate 'client id', tenant id and client secret add the permissions in delegated permissions the swimlane team will provide a python script and instructions on how to use the script to generate the refresh token limit access to specific mailboxes administrators who want to limit app access to specific mailboxes can create an application access policy by using the new applicationaccesspolicy powershell cmdlet for more information please see the article https //docs microsoft com/en us/graph/auth limit mailbox access action setup odata filters information on the filter input formatting can be found https //docs microsoft com/en us/graph/query parameters#filter parameter keep in mind that not specifying a folder as an input will result in the query affecting all possible folders example if we want to ingest only unread emails, and we don't set the input "folder", we will ingest all unread emails from all folders, including "deleted items", "junk", etc well known folders well known folders can be used instead of folder ids for email actions all well known folder names can be found https //docs microsoft com/en us/graph/api/resources/mailfolder?view=graph rest 1 0 sites get site all the sites actions require the site id to be executed the site id can be obtained using the action sites get site, in order to run the action the site hostname and site name are needed this two values can be found in a site url https //{site hostname} sharepoint com/sites/{site name} for example if our site url is https //swimlaneintegrations sharepoint com/sites/integrationssite we should use site hostname swimlaneintegrations site name integrationssite after the action execution you can find the site id on the id output field sites create list in order to create a list with its columns, use the input columns you can find all the possible values with its configuration on the following table property name type description boolean https //docs microsoft com/en us/graph/api/resources/booleancolumn?view=graph rest 1 0 this column stores boolean values calculated https //docs microsoft com/en us/graph/api/resources/calculatedcolumn?view=graph rest 1 0 this column's data is calculated based on other columns choice https //docs microsoft com/en us/graph/api/resources/choicecolumn?view=graph rest 1 0 this column stores data from a list of choices currency https //docs microsoft com/en us/graph/api/resources/currencycolumn?view=graph rest 1 0 this column stores currency values datetime https //docs microsoft com/en us/graph/api/resources/datetimecolumn?view=graph rest 1 0 this column stores datetime values geolocation https //docs microsoft com/en us/graph/api/resources/geolocationcolumn?view=graph rest 1 0 this column stores a geolocation lookup https //docs microsoft com/en us/graph/api/resources/lookupcolumn?view=graph rest 1 0 this column's data is looked up from another source in the site number https //docs microsoft com/en us/graph/api/resources/numbercolumn?view=graph rest 1 0 this column stores number values personorgroup https //docs microsoft com/en us/graph/api/resources/personorgroupcolumn?view=graph rest 1 0 this column stores person or group values text https //docs microsoft com/en us/graph/api/resources/textcolumn?view=graph rest 1 0 this column stores text values validation https //docs microsoft com/en us/graph/api/resources/columnvalidation?view=graph rest 1 0 this column stores validation formula and message for the column hyperlinkorpicture https //docs microsoft com/en us/graph/api/resources/hyperlinkorpicturecolumn?view=graph rest 1 0 this column stores hyperlink or picture values term https //docs microsoft com/en us/graph/api/resources/termcolumn?view=graph rest 1 0 this column stores taxonomy terms thumbnail https //docs microsoft com/en us/graph/api/resources/thumbnailcolumn?view=graph rest 1 0 this column stores thumbnail values contentapprovalstatus https //docs microsoft com/en us/graph/api/resources/contentapprovalstatuscolumn?view=graph rest 1 0 this column stores content approval status for a complete version of this table please see https //docs microsoft com/en us/graph/api/resources/columndefinition?view=graph rest 1 0#properties create list column refer to the above table to get the type properties and column type input the type properties are documented within the links in the type column get list items in order to use the filter input please refer to the docid\ jpf8ggyzbiwsqpyvnabak section the column used to filter the output must be indexed, see the https //support microsoft com/en us/office/add an index to a list or library column f3f00554 b7dc 44d1 a2ed d477eac463b0?ui=en us\&rs=en us\&ad=us to add an index to a list limitations when using $filter and $orderby in the same query to get messages, make sure to specify properties in the following ways properties that appear in $orderby must also appear in $filter properties that appear in $orderby are in the same order as in $filter properties that are present in $orderby appear in $filter before any properties that aren't failing to do this results in the following error error code inefficientfilter error message the restriction or sort order is too complex for this operation the assign/remove user license requires either the disabled plans and accompanying sku ids to assign licenses or the sku id of the license you want to remove the get security alert has additional information it can return there are a large number of fields that don't relate to many alerts, so they are not mapped; you can add them if desired notes https //social technet microsoft com/wiki/contents/articles/33525 an introduction to microsoft graph api aspx https //www microsoft com/en us/security/intelligence security api https //docs microsoft com/en us/graph/api/overview?view=graph rest 1 0 https //docs microsoft com/en us/graph/query parameters https //docs microsoft com/en us/graph/api/resources/security api overview?view=graph rest beta https //docs microsoft com/en us/azure/active directory/develop/v1 protocols oauth code https //requests oauthlib readthedocs io/en/latest/oauth2 workflow\ html#legacy application flow , this is sort of a hack to bypass manual login (typically required) https //docs microsoft com/en us/graph/auth limit mailbox access https //learn microsoft com/en us/graph/api/resources/azure ad auditlog overview?view=graph rest 1 0 configurations microsoft graph api tenant id authenticates using client credentials and tenant id configuration parameters parameter description type required url a url to the target host string required tenant id the tenant id string required client id the client id string required client secret the client secret string required scope list of permission scopes for this action array required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional password grant (delegated authentication) authenticates on behalf of a user using oauth 2 0 credentials configuration parameters parameter description type required url a url to the target host string required login url string optional tenant id string required oauth un the username for authentication string required oauth pwd the password for authentication string required oauth cl id the client id string required oauth cl secret the client secret string required scope permission scopes for this action array optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional oauth 2 0 client credentials authenticates using oauth 2 0 client credentials configuration parameters parameter description type required url a url to the target host string required token url must start with https //login microsoftonline com/ and then continue with the tenant id, and then be prepended with /oauth2/v2 0/token string required client id the client id string required client secret the client secret string required scope list of permission scopes for this action array required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional ms graph openid connect refresh token grant authenticates using refresh token configuration parameters parameter description type required url a url to the target host string required cl id the client id string required cl secret the client secret string required refresh token refresh token string optional verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional actions delete fido2 authentication method removes a user's fido2 security key authentication method in microsoft graph api by specifying their email address and method id endpoint url /v1 0/users/{{email address}}/authentication/fido2methods/{{id}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters id string required the id of the fido2 security key authentication method input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","id" " jpur tgztk6aqclf3bqja2"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete microsoft authenticator auth method removes a specific microsoft authenticator method for a user, identified by email address and authenticator id endpoint url /v1 0/users/{{email address}}/authentication/microsoftauthenticatormethods/{{microsoftauthenticatorauthenticationmethodid}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters microsoftauthenticatorauthenticationmethodid string required the id of the microsoft authenticator authentication method input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","microsoftauthenticatorauthenticationmethodid" " jpur tgztk6aqclf3bqja2"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete phone authentication method removes a user's phone authentication method in microsoft graph api using their email address and the specific phonemethodid endpoint url /v1 0/users/{{email address}}/authentication/phonemethods/{{phonemethodid}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters phonemethodid string required the id of the phone authentication method the phone method id values correspond to deleting specific phone types are b6332ec1 7057 4abe 9331 3d72feddfe41 for alternatemobile, e37fc753 ff3b 4958 9484 eaa9425c82bc for office, and 3179e48a 750b 4051 897c 87b9720928f7 for mobile input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","phonemethodid" "3179e48a 750b 4051 897c 87b9720928f7"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete software oath authentication method removes a user's software oath token authentication method in microsoft graph api using their email address and id endpoint url /v1 0/users/{{email address}}/authentication/softwareoathmethods/{{id}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters id string required the id of the software oath token authentication method input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","id" "b172893e 893e b172 3e89 72b13e8972b1"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete temporary access pass auth method removes a user's temporary access pass authentication method in microsoft graph api using their email address and id endpoint url /v1 0/users/{{email address}}/authentication/temporaryaccesspassmethods/{{id}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters id string required the id of the temporary access pass authentication method input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","id" "05267842 25b2 4b21 8abd 8e4982796f7f"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete windows hello for business auth method removes a windows hello for business authentication method for a user by email address and method id endpoint url /v1 0/users/{{email address}}/authentication/windowshelloforbusinessmethods/{{windowshelloforbusinessauthenticationmethodid}} method delete input argument name type required description path parameters email address string required the account associated with the email path parameters windowshelloforbusinessauthenticationmethodid string required the id of the windows hello for business authentication method input example {"path parameters" {"email address" "integrations\@swimlaneintegrations onmicrosoft com","windowshelloforbusinessauthenticationmethodid" " jpur tgztk6aqclf3bqja2"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} list riskyusers retrieve a list of riskyuser objects from microsoft graph api to identify potential security risks endpoint url /v1 0/identityprotection/riskyusers method get input argument name type required description parameters $filter string optional filters results (rows) parameters $select string optional filters properties (columns) parameters $top number optional sets the page size of results the maximum page size with top is 500 objects input example {"parameters" {"$filter" "risklevel eq 'high' ","$select" "givenname,surname","$top" 10}} output parameter type description status code number http status code of the response reason string response reason phrase value array value for the parameter value \@odata type string response data value id string unique identifier value isdeleted boolean value for the parameter value isprocessing boolean value for the parameter value risklastupdateddatetime string value for the parameter value risklevel string value for the parameter value riskstate string value for the parameter value riskdetail string value for the parameter value userdisplayname string name of the resource value userprincipalname string name of the resource output example {"value" \[{"@odata type" "#microsoft graph riskyuser","id" "d1d4a5d4 a5d4 d1d4 d4a5 d4d1d4a5d4d1","isdeleted"\ true,"isprocessing"\ true,"risklastupdateddatetime" "2025 06 05t05 18 27z","risklevel" "high","riskstate" "active","riskdetail" "suspicious activity detected","userdisplayname" "john doe","userprincipalname" "johndoe\@example com"}]} list password methods retrieve registered password authentication methods for a user in microsoft graph api by specifying the user id endpoint url /v1 0/users/{{id}}/authentication/passwordmethods method get input argument name type required description path parameters id string required user id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value id string unique identifier value password object value for the parameter value creationdatetime object value for the parameter value createddatetime object value for the parameter output example {"@odata context" "string","value" \[{"id" "12345678 1234 1234 1234 123456789abc","password" {},"creationdatetime" {},"createddatetime" {}}]} reset password initiate a password reset for a specified user by providing their id and methodid via the microsoft graph api endpoint url /v1 0/users/{{id}}/authentication/methods/{{methodid}}/resetpassword method post input argument name type required description path parameters id string required user id path parameters methodid string required password method id newpassword string optional the new password required for tenants with hybrid password scenarios if omitted for a cloud only password, the system returns a system generated password include uppercase boolean optional include atleast one uppercase letter include lowercase boolean optional include atleast one lowercase letter include digit boolean optional include atleast one one digit include special boolean optional include atleast one special character length number optional password length with minimum 20 auto generate boolean optional auto generate random password input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","methodid" "string"},"newpassword" "string","include uppercase"\ true,"include lowercase"\ true,"include digit"\ true,"include special"\ true,"length" 20,"auto generate"\ true} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data newpassword string output field newpassword output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#microsoft graph passwordresetresponse","newpassword" "cuyo5459"} get identity directory device registered user list retrieve a list of users registered to a specific device in microsoft graph api using the device's unique 'id' endpoint url /v1 0/devices/{{id}}/registeredusers method get input argument name type required description path parameters id string required device id parameters filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters top number optional sets the page size of results input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value \@odata type string response data value id string unique identifier value businessphones array value for the parameter value displayname string name of the resource value givenname string name of the resource value jobtitle object value for the parameter value mail object value for the parameter value mobilephone object value for the parameter value officelocation object value for the parameter value preferredlanguage string value for the parameter value surname string name of the resource value userprincipalname string name of the resource output example {"@odata context" "string","value" \[{"@odata type" "string","id" "12345678 1234 1234 1234 123456789abc","businessphones" \[],"displayname" "example name","givenname" "example name","jobtitle" {},"mail" {},"mobilephone" {},"officelocation" {},"preferredlanguage" "string","surname" "example name","userprincipalname" "example name"}]} get identity directory objects by ids list acquire specific users or groups by 'ids' and 'types' from microsoft graph api for targeted data retrieval endpoint url /v1 0/directoryobjects/getbyids method post input argument name type required description ids array optional a collection of ids for which to return objects the ids are guids, represented as strings you can specify up to 1000 ids types array optional a collection of resource types that specifies the set of resource collections to search, for example user , group , and device objects input example {"ids" \["string"],"types" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value \@odata type string response data value id string unique identifier value deleteddatetime object value for the parameter value classification object value for the parameter value createddatetime string value for the parameter value creationoptions array value for the parameter value description string value for the parameter value displayname string name of the resource value expirationdatetime object value for the parameter value grouptypes array type of the resource value isassignabletorole object value for the parameter value mail string value for the parameter value mailenabled boolean value for the parameter value mailnickname string name of the resource value membershiprule object value for the parameter value membershipruleprocessingstate object value for the parameter value onpremisesdomainname object name of the resource value onpremiseslastsyncdatetime object value for the parameter value onpremisesnetbiosname object name of the resource value onpremisessamaccountname object name of the resource value onpremisessecurityidentifier object unique identifier output example {"@odata context" "string","value" \[{"@odata type" "string","id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"classification" {},"createddatetime" "string","creationoptions" \[],"description" "string","displayname" "example name","expirationdatetime" {},"grouptypes" \[],"isassignabletorole" {},"mail" "string","mailenabled"\ true,"mailnickname" "example name","membershiprule" {}}]} delete identity directory device registered user remove a registered user from a device in the microsoft graph api directory by providing the 'id' and 'userid' endpoint url /v1 0/devices/{{id}}/registeredusers/{{userid}}/$ref method delete input argument name type required description path parameters id string required device id path parameters userid string required user id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","userid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} delete identity directory device removes a specified device from the microsoft graph identity directory by using its unique id endpoint url /v1 0/devices/{{id}} method delete input argument name type required description path parameters id string required device id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} get identity directory device retrieve details for a specific device from the microsoft graph identity directory by providing the unique device id endpoint url /v1 0/devices/{{id}} method get input argument name type required description parameters filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters top number optional sets the page size of results path parameters id string required device id input example {"parameters" {"filter" "string","orderby" "string","top" 123},"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data id string unique identifier deleteddatetime object time value accountenabled boolean output field accountenabled approximatelastsignindatetime string time value complianceexpirationdatetime object time value createddatetime string time value devicecategory object output field devicecategory deviceid string unique identifier devicemetadata object response data deviceownership string output field deviceownership deviceversion number output field deviceversion displayname string name of the resource domainname object name of the resource enrollmentprofilename object name of the resource enrollmenttype string type of the resource externalsourcename object name of the resource iscompliant boolean output field iscompliant ismanaged boolean output field ismanaged isrooted boolean output field isrooted managementtype string type of the resource manufacturer string output field manufacturer mdmappid string unique identifier output example {"@odata context" "string","id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"accountenabled"\ true,"approximatelastsignindatetime" "string","complianceexpirationdatetime" {},"createddatetime" "string","devicecategory" {},"deviceid" "string","devicemetadata" {},"deviceownership" "string","deviceversion" 123,"displayname" "example name","domainname" {},"enrollmentprofilename" {}} create identity directory device registers a new device with account status, display name, os, and version in the microsoft graph api directory endpoint url /v1 0/devices method post input argument name type required description accountenabled boolean optional true if the account is enabled; otherwise, false required default is true alternativesecurityids array optional alternative security ids alternativesecurityids type number optional unique identifier alternativesecurityids identityprovider string optional unique identifier alternativesecurityids key string optional unique identifier displayname string optional the display name for the device operatingsystem string optional the type of operating system on the device operatingsystemversion string optional the version of the operating system on the device approximatelastsignindatetime string optional the timestamp type represents date and time information using iso 8601 format and is always in utc time complianceexpirationdatetime string optional the timestamp type represents date and time information using iso 8601 format and is always in utc time deviceid string optional unique identifier extensionattributes object optional contains extension attributes 1 15 for the device the individual extension attributes are not selectable these properties are mastered in cloud and can be set during creation or update of a device object in azure ad extensionattributes extensionattribute1 string optional parameter for create identity directory device extensionattributes extensionattribute2 string optional parameter for create identity directory device extensionattributes extensionattribute3 string optional parameter for create identity directory device extensionattributes extensionattribute4 string optional parameter for create identity directory device extensionattributes extensionattribute5 string optional parameter for create identity directory device extensionattributes extensionattribute6 string optional parameter for create identity directory device extensionattributes extensionattribute7 string optional parameter for create identity directory device extensionattributes extensionattribute8 string optional parameter for create identity directory device extensionattributes extensionattribute9 string optional parameter for create identity directory device extensionattributes extensionattribute10 string optional parameter for create identity directory device extensionattributes extensionattribute11 string optional parameter for create identity directory device extensionattributes extensionattribute12 string optional parameter for create identity directory device extensionattributes extensionattribute13 string optional parameter for create identity directory device input example {"accountenabled"\ true,"alternativesecurityids" \[{"type" 123,"identityprovider" "string","key" "string"}],"displayname" "example name","operatingsystem" "string","operatingsystemversion" "string","approximatelastsignindatetime" "string","complianceexpirationdatetime" "string","deviceid" "string","extensionattributes" {"extensionattribute1" "string","extensionattribute2" "string","extensionattribute3" "string","extensionattribute4" "string","extensionattribute5" "string","extensionattribute6" "string","extensionattribute7" "string","extensionattribute8" "string","extensionattribute9" "string","extensionattribute10" "string","extensionattribute11" "string","extensionattribute12" "string","extensionattribute13" "string","extensionattribute14" "string","extensionattribute15" "string"},"iscompliant"\ true,"ismanaged"\ true,"onpremiseslastsyncdatetime" "string","onpremisessyncenabled"\ true,"profiletype" "registereddevice","systemlabels" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} get identity directory device groups list retrieve groups associated with a specific device using its directory id in microsoft graph api; requires the 'id' path parameter endpoint url /v1 0/devices/{{id}}/memberof method get input argument name type required description path parameters id string required device id parameters filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters top number optional sets the page size of results input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value file name string name of the resource value file string value for the parameter output example {"@odata context" "string","value" \[{"file name" "example name","file" "string"}]} get identity directory device list retrieve a list of registered devices with identifiers and display names from the microsoft graph identity directory endpoint url /v1 0/devices method get input argument name type required description parameters $filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters $orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters $top number optional sets the page size of results input example {"parameters" {"$filter" "string","$orderby" "string","$top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data @odata nextlink string response data value array value for the parameter value id string unique identifier value deleteddatetime object value for the parameter value accountenabled boolean value for the parameter value approximatelastsignindatetime string value for the parameter value complianceexpirationdatetime object value for the parameter value createddatetime string value for the parameter value devicecategory object value for the parameter value deviceid string unique identifier value devicemetadata object response data value deviceownership string value for the parameter value deviceversion number value for the parameter value displayname string name of the resource value domainname object name of the resource value enrollmentprofilename object name of the resource value enrollmenttype string type of the resource value externalsourcename object name of the resource value iscompliant boolean value for the parameter value ismanaged boolean value for the parameter value isrooted boolean value for the parameter value managementtype string type of the resource output example {"@odata context" "string","@odata nextlink" "string","value" \[{"id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"accountenabled"\ true,"approximatelastsignindatetime" "string","complianceexpirationdatetime" {},"createddatetime" "string","devicecategory" {},"deviceid" "string","devicemetadata" {},"deviceownership" "string","deviceversion" 123,"displayname" "example name","domainname" {},"enrollmentprofilename" {},"enrollmenttype" "string"}]} create identity directory role member adds a new member to a directory role in microsoft graph api using the role's unique id and requires member's @odata id endpoint url /v1 0/directoryroles/{{id}}/members/$ref method post input argument name type required description path parameters id string required directory role id @odata id string optional odata id type user input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"@odata id" "string"} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} create identity directory role management creates a new directory role in microsoft graph api with specified display name, status, and permissions endpoint url /v1 0/rolemanagement/directory/roledefinitions method post input argument name type required description displayname string optional the display name for the role definition isenabled boolean optional flag indicating if the role is enabled for assignment if false , the role is not available for assignment rolepermissions array optional list of permissions included in the role rolepermissions allowedresourceactions array optional set of tasks that can be performed on a resource rolepermissions condition string optional optional constraints that must be met for the permission to be effective rolepermissions excludedresourceactions array optional set of tasks that may not be performed on a resource description string optional the description for the unifiedroledefinition id string optional the unique identifier for the role definition key, not nullable, read only inherited from entity isbuiltin boolean optional flag indicating whether the role definition is part of the default set included in azure active directory (azure ad) or a custom definition resourcescopes array optional list of the scopes or permissions the role definition applies to templateid string optional custom template identifier that can be set when isbuiltin is false but is read only when isbuiltin is true this identifier is typically used if one needs an identifier to be the same across different directories version string optional indicates version of the role definition input example {"displayname" "example name","isenabled"\ true,"rolepermissions" \[{"allowedresourceactions" \["string"],"condition" "string","excludedresourceactions" \["string"]}],"description" "string","id" "12345678 1234 1234 1234 123456789abc","isbuiltin"\ true,"resourcescopes" \["string"],"templateid" "string","version" "string"} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} add directory administrative unit member adds a member to a specified directory administrative unit in microsoft graph api using the unit id and member's @odata id endpoint url /v1 0/directory/administrativeunits/{{id}}/members/$ref method post input argument name type required description path parameters id string required unit id @odata id string optional the odata id of the user, group or directoryobject to add input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"@odata id" "string"} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} delete directory administrative unit member removes a member from a specified directory administrative unit in microsoft graph api using 'id' and 'memberid' endpoint url /v1 0/directory/administrativeunits/{{id}}/members/{{memberid}}/$ref method delete input argument name type required description path parameters id string required unit id path parameters memberid string required member id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","memberid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} get directory administrative unit list retrieve a list of administrative units for directory segmentation and management via the microsoft graph api endpoint url /v1 0/directory/administrativeunits method get input argument name type required description parameters filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters top number optional sets the page size of results input example {"parameters" {"filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value id string unique identifier value deleteddatetime object value for the parameter value displayname string name of the resource value description object value for the parameter value membershiprule object value for the parameter value membershiptype object type of the resource value membershipruleprocessingstate object value for the parameter value visibility object value for the parameter output example {"@odata context" "string","value" \[{"id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"displayname" "example name","description" {},"membershiprule" {},"membershiptype" {},"membershipruleprocessingstate" {},"visibility" {}}]} get directory administrative unit member retrieve details for a member within a specific directory administrative unit in microsoft graph api by using 'id' and 'memberid' endpoint url /v1 0/directory/administrativeunits/{{id}}/members/{{memberid}} method get input argument name type required description path parameters id string required id path parameters memberid string required member id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","memberid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data @odata type string response data id string unique identifier businessphones array output field businessphones businessphones file name string name of the resource businessphones file string output field businessphones file displayname string name of the resource givenname string name of the resource jobtitle object output field jobtitle mail string output field mail mobilephone object output field mobilephone officelocation object output field officelocation preferredlanguage string output field preferredlanguage surname object name of the resource userprincipalname string name of the resource output example {"@odata context" "string","@odata type" "string","id" "12345678 1234 1234 1234 123456789abc","businessphones" \[{"file name" "example name","file" "string"}],"displayname" "example name","givenname" "example name","jobtitle" {},"mail" "string","mobilephone" {},"officelocation" {},"preferredlanguage" "string","surname" {},"userprincipalname" "example name"} get directory administrative unit retrieve details of a specified directory administrative unit in microsoft graph api using its unique id endpoint url /v1 0/directory/administrativeunits/{{id}} method get input argument name type required description path parameters id string required unit id parameters filter string optional use the filter query parameter to retrieve just a subset of a collection for guidance on using filter , see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional use the orderby query parameter to specify the sort order of the items returned from microsoft graph parameters top number optional sets the page size of results input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data id string unique identifier deleteddatetime object time value displayname string name of the resource description object output field description ismembermanagementrestricted boolean output field ismembermanagementrestricted visibility object output field visibility membershiprule object output field membershiprule membershiptype object type of the resource membershipruleprocessingstate object output field membershipruleprocessingstate output example {"@odata context" "string","id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"displayname" "example name","description" {},"ismembermanagementrestricted"\ true,"visibility" {},"membershiprule" {},"membershiptype" {},"membershipruleprocessingstate" {}} delete identity directory role member removes a user from a directory role in microsoft graph api using the specified 'id' and 'memberid' endpoint url /v1 0/directoryroles/{{id}}/members/{{memberid}}/$ref method delete input argument name type required description path parameters id string required role id path parameters memberid string required member id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc","memberid" "string"}} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} get identity directory role retrieve details for a specific directory role in microsoft graph api using the provided unique id endpoint url /v1 0/directoryroles/{{id}} method get input argument name type required description path parameters id string required directory role id parameters count string optional include a count of the total number of items in a collection alongside the page of data values returned from microsoft graph parameters filter string optional use the $filter query parameter to retrieve just a subset of a collection for guidance on using $filter, see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional to sort the results in ascending or descending order, append either asc or desc to the field name, separated by a space parameters top number optional sets the page size of results input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"},"parameters" {"count" "false","filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data id string unique identifier deleteddatetime object time value description string output field description displayname string name of the resource roletemplateid string unique identifier output example {"@odata context" "string","id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"description" "string","displayname" "example name","roletemplateid" "string"} get identity directory role assignment member retrieve directory role assignment details for a specified identity in microsoft graph api using the unique identifier endpoint url /v1 0/rolemanagement/directory/roleassignments/{{id}} method get input argument name type required description path parameters id string required role assignment id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "string","message" "string","innererror" {"date" "2024 01 01t00 00 00z","request id" "string","client request id" "string"}}} delete identity directory role management removes a specified directory role in microsoft graph api using the provided unique identifier endpoint url /v1 0/rolemanagement/directory/roledefinitions/{{id}} method delete input argument name type required description path parameters id string required role management id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase error object error message if any error code string error message if any error message string response message error innererror object error message if any error innererror date string error message if any error innererror request id string unique identifier error innererror client request id string unique identifier output example {"error" {"code" "resourcenotfound","message" "invalid version rolemanagement","innererror" {"date" "2022 12 20t20 37 28","request id" "14c4462e 7088 48de adf6 d6283055090d","client request id" "14c4462e 7088 48de adf6 d6283055090d"}}} delete identity directory domain removes a specified domain from a microsoft tenant using the unique domain id provided in path parameters endpoint url v1 0/domains/{{id}} method delete input argument name type required description path parameters id string required parameters for the delete identity directory domain action input example {"path parameters" {"id" "myradom test directory"}} output parameter type description status code number http status code of the response reason string response reason phrase response text string output field response text output example {"response text" "string"} get identity directory domain retrieve details for a specific domain in microsoft graph api using the provided domain id endpoint url v1 0/domains/{{id}} method get input argument name type required description path parameters id string required parameters for the get identity directory domain action input example {"path parameters" {"id" "myradom test directory"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data authenticationtype string type of the resource availabilitystatus object status value id string unique identifier isadminmanaged boolean output field isadminmanaged isdefault boolean output field isdefault isinitial boolean output field isinitial isroot boolean output field isroot isverified boolean output field isverified supportedservices array output field supportedservices supportedservices file name string name of the resource supportedservices file string output field supportedservices file passwordvalidityperiodindays object unique identifier passwordnotificationwindowindays object output field passwordnotificationwindowindays state object output field state output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#domains/$entity","authenticationtype" "managed","availabilitystatus"\ null,"id" "myradom test directory","isadminmanaged"\ true,"isdefault"\ false,"isinitial"\ false,"isroot"\ false,"isverified"\ false,"supportedservices" \[],"passwordvalidityperiodindays"\ null,"passwordnotificationwindowindays"\ null,"state"\ null} get identity directory domain list retrieve all configured domains within the microsoft graph api for identity and access management endpoint url v1 0/domains method get input argument name type required description parameters count string optional include a count of the total number of items in a collection alongside the page of data values returned from microsoft graph parameters filter string optional use the $filter query parameter to retrieve just a subset of a collection for guidance on using $filter, see https //learn microsoft com/en us/graph/filter query parameter parameters orderby string optional to sort the results in ascending or descending order, append either asc or desc to the field name, separated by a space parameters top number optional sets the page size of results input example {"parameters" {"count" "false","filter" "string","orderby" "string","top" 123}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value authenticationtype string type of the resource value availabilitystatus object status value value id string unique identifier value isadminmanaged boolean value for the parameter value isdefault boolean value for the parameter value isinitial boolean value for the parameter value isroot boolean value for the parameter value isverified boolean value for the parameter value supportedservices array value for the parameter value passwordvalidityperiodindays number unique identifier value passwordnotificationwindowindays number value for the parameter value state object value for the parameter output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#domains","value" \[{"authenticationtype" "managed","availabilitystatus"\ null,"id" "bestcompanyever com","isadminmanaged"\ true,"isdefault"\ false,"isinitial"\ false,"isroot"\ false,"isverified"\ false,"supportedservices" \[],"passwordvalidityperiodindays"\ null,"passwordnotificationwindowindays"\ null,"state"\ null},{"authenticationtype" "managed","availabilitystatus"\ null,"id" "swimlaneintegrations onmicrosoft com","isadminmanaged"\ true,"isdef create identity directory domain adds a new domain to the microsoft graph api tenant using the specified 'id' in the json body input endpoint url v1 0/domains method post input argument name type required description authenticationtype string optional type of the resource availabilitystatus string optional status value id string optional unique identifier isadminmanaged boolean optional parameter for create identity directory domain isdefault boolean optional parameter for create identity directory domain isinitial boolean optional parameter for create identity directory domain isroot boolean optional parameter for create identity directory domain isverified boolean optional parameter for create identity directory domain passwordnotificationwindowindays number optional parameter for create identity directory domain passwordvalidityperiodindays number optional unique identifier state object optional parameter for create identity directory domain state \@odata type string optional response data supportedservices array optional parameter for create identity directory domain input example {"authenticationtype" "string","availabilitystatus" "active","id" "12345678 1234 1234 1234 123456789abc","isadminmanaged"\ true,"isdefault"\ true,"isinitial"\ true,"isroot"\ true,"isverified"\ true,"passwordnotificationwindowindays" 123,"passwordvalidityperiodindays" 123,"state" {"@odata type" "string"},"supportedservices" \["string"]} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data authenticationtype string type of the resource availabilitystatus object status value id string unique identifier isadminmanaged boolean output field isadminmanaged isdefault boolean output field isdefault isinitial boolean output field isinitial isroot boolean output field isroot isverified boolean output field isverified supportedservices array output field supportedservices supportedservices file name string name of the resource supportedservices file string output field supportedservices file passwordvalidityperiodindays object unique identifier passwordnotificationwindowindays object output field passwordnotificationwindowindays state object output field state output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#domains/$entity","authenticationtype" "managed","availabilitystatus"\ null,"id" "myradom test directory","isadminmanaged"\ true,"isdefault"\ false,"isinitial"\ false,"isroot"\ false,"isverified"\ false,"supportedservices" \[],"passwordvalidityperiodindays"\ null,"passwordnotificationwindowindays"\ null,"state"\ null} get identity directory object retrieves a specific directory object from microsoft graph api using the provided unique identifier endpoint url /v1 0/directoryobjects/{{id}} method get input argument name type required description path parameters id string required directory object id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data @odata type string response data id string unique identifier deleteddatetime object time value classification object output field classification createddatetime string time value creationoptions array output field creationoptions description string output field description displayname string name of the resource expirationdatetime object time value grouptypes array type of the resource isassignabletorole object output field isassignabletorole mail string output field mail mailenabled boolean output field mailenabled mailnickname string name of the resource membershiprule object output field membershiprule membershipruleprocessingstate object output field membershipruleprocessingstate onpremisesdomainname object name of the resource onpremiseslastsyncdatetime object time value onpremisesnetbiosname object name of the resource onpremisessamaccountname object name of the resource onpremisessecurityidentifier object unique identifier onpremisessyncenabled object output field onpremisessyncenabled output example {"@odata context" "string","@odata type" "string","id" "12345678 1234 1234 1234 123456789abc","deleteddatetime" {},"classification" {},"createddatetime" "string","creationoptions" \["string"],"description" "string","displayname" "example name","expirationdatetime" {},"grouptypes" \["string"],"isassignabletorole" {},"mail" "string","mailenabled"\ true,"mailnickname" "example name"} get identity directory role members list retrieve a list of members assigned to a specific directory role in microsoft graph api using the 'role id' endpoint url v1 0/directoryroles/{{role id}}/members method get input argument name type required description path parameters role id string required parameters for the get identity directory role members list action input example {"path parameters" {"role id" "b8d0b017 384c 40cb b37b 99ee5d3f8a8f"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value array value for the parameter value \@odata type string response data value id string unique identifier value businessphones array value for the parameter value businessphones file name string name of the resource value businessphones file string value for the parameter value displayname string name of the resource value givenname string name of the resource value jobtitle object value for the parameter value mail string value for the parameter value mobilephone object value for the parameter value officelocation object value for the parameter value preferredlanguage object value for the parameter value surname string name of the resource value userprincipalname string name of the resource output example {"@odata context" "string","value" \[{"@odata type" "string","id" "12345678 1234 1234 1234 123456789abc","businessphones" \[],"displayname" "example name","givenname" "example name","jobtitle" {},"mail" "string","mobilephone" {},"officelocation" {},"preferredlanguage" {},"surname" "example name","userprincipalname" "example name"}]} retrieve authentication methods retrieve a user's authentication methods in microsoft graph api using their mail id endpoint url /v1 0/users/{{mailid}}/authentication/methods method get input argument name type required description path parameters mailid string required the account associated with the email input example {"path parameters" {"mailid" "integrations\@swimlaneintegrations onmicrosoft com"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data @microsoft graph tips string output field @microsoft graph tips value array value for the parameter value \@odata type string response data value id string unique identifier value password object value for the parameter value createddatetime string value for the parameter value secretkey object value for the parameter output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#users('integrations%40swimlaneintegra ","@microsoft graph tips" "use $select to choose only the properties your app needs, as this can lead to pe ","value" \[{"@odata type" "#microsoft graph passwordauthenticationmethod","id" "28c10230 6103 485e b985 444c60001490","password"\ null,"createddatetime" "2021 12 15t01 31 09z"},{"@odata type" "#microsoft graph softwareoathauthenticationmethod","id" "c03db085 34e7 47bc b7d6 b54069b6042f"," revoke signin sessions invalidates all refresh tokens and browser session cookies for a user to ensure secure sign out via microsoft graph api endpoint url v1 0/users/{{id}}/revokesigninsessions method post input argument name type required description path parameters id string required user id input example {"path parameters" {"id" "12345678 1234 1234 1234 123456789abc"}} output parameter type description status code number http status code of the response reason string response reason phrase @odata context string response data value boolean value for the parameter output example {"@odata context" "https //graph microsoft com/v1 0/$metadata#edm boolean","value"\ true} response headers header description example cache control directives for caching mechanisms private client request id http response header client request id 30bcb75d a62f 85ad 90e1 d7d1978e9ca3 content encoding http response header content encoding gzip content type the media type of the resource application/json;odata metadata=minimal;odata streaming=true;ieee754compatible=false;charset=utf 8 date the date and time at which the message was originated tue, 20 dec 2022 18 47 40 gmt deprecation http response header deprecation link http response header link location the url to redirect a page to https //graph microsoft com/v2/f5d73c4c bb3d 421b 8bee 424916a4acca/domains/myradom test directory odata version http response header odata version 4 0 request id http response header request id f2584bdf 0295 424e bdb1 2df08413c0c3 strict transport security http response header strict transport security max age=31536000 sunset http response header sunset transfer encoding http response header transfer encoding chunked vary http response header vary accept encoding x ms ags diagnostic http response header x ms ags diagnostic {"serverinfo" {"datacenter" "brazil south","slice" "e","ring" "3","scaleunit" "002","roleinstance" "cp1pepf00002f0f"}} x ms resource unit http response header x ms resource unit 1