Roadmap, security and documentation changes captured for Identity and access.
v1.0Microsoft GraphIdentity and access
Added the accessPackageSuggestionFilterByCurrentUserOptions enumeration type. Added the accessPackageSuggestionRelatedPeopleInsightLevel enumeration type. Added the approverInformationVisibility enumeration type. Added the approverInformationVisibility property to the accessPackageApprovalStage resource. Added the accessPackageSuggestionReason resource. Added the accessPackageSuggestionRelatedPeopleBased resource. Added the accessPackageSuggestionSelfAssignmentHistoryBased resource. Added the identity resource. Added the accessPackageSuggestion resource. Added the availableAccessPackage resource. Added the controlConfiguration resource. Added the endUserSettings resource. Added the accessPackageSuggestions relationship to the entitlementManagement resource. Added the availableAccessPackages relationship to the entitlementManagement resource. Added the controlConfigurations relationship to the entitlementManagement resource. Added the filterByCurrentUser method to the accessPackageSuggestion resource.
v1.0Microsoft GraphIdentity and access
Added the roleType enumeration type. Added the type property to the accessPackageResourceRole resource.
betaMicrosoft GraphIdentity and access
Added the customTaskExtensionReplyMode enumeration type. Added the extensibility member to the lifecycleTaskCategory enumeration. Added the extensibility member to the lifecycleWorkflowCategory enumeration. Added the provisioningObject member to the subjectType enumeration. Added the extensibilityOnDemand member to the workflowExecutionType enumeration. Added the attributeSetEntry resource. Added the awaitedWorkflowProcessingResult resource. Added the targetSubject property to the customTaskExtensionCalloutData resource. Added the customTaskExtensionResponseData resource. Added the provisioningAttributeMapping resource. Added the provisioningObjectWorkflowSubject resource. Added the workflowSubject resource. Added the replyMode property to the customTaskExtension resource. Added the subjectProcessingResults relationship to the run resource. Added the subjectProcessingResult resource. Added the subjectProcessingResults relationship to the taskReport resource. Added the workflowSubject property to the taskProcessingResult resource. Added the activateAndWait method to the workflow resource. Added the List subjectProcessingResults method to the run resource. Added the List subjectProcessingResults method to the taskReport resource. Added the Get subjectProcessingResult method to the subjectProcessingResult resource.
betaMicrosoft GraphIdentity and access
Added the delegatedBy property to the accessReviewInstance resource to identify the users who delegated an access review to the current reviewer. Added the delegatedBy property to the accessReviewInstanceDecisionItem resource to identify the users who delegated an access review to the current reviewer. Added the directReviewer member to the filter options for the accessReviewScheduleDefinition: filterByCurrentUser , accessReviewInstance: filterByCurrentUser , accessReviewStage: filterByCurrentUser , and accessReviewInstanceDecisionItem: filterByCurrentUser APIs to return items directly assigned to the current reviewer. Added the delegatedReviewer member to the filter options for the accessReviewScheduleDefinition: filterByCurrentUser , accessReviewInstance: filterByCurrentUser , accessReviewStage: filterByCurrentUser , and accessReviewInstanceDecisionItem: filterByCurrentUser APIs to return items delegated to the current reviewer.
v1.0Microsoft GraphIdentity and access
Added the webauthnAuthenticationExtensionsClientInputs resource. Added the webauthnAuthenticationExtensionsClientOutputs resource. Added the webauthnAuthenticatorAttestationResponse resource. Added the webauthnAuthenticatorSelectionCriteria resource. Added the webauthnCredentialCreationOptions resource. Added the webauthnPublicKeyCredential resource. Added the webauthnPublicKeyCredentialCreationOptions resource. Added the webauthnPublicKeyCredentialDescriptor resource. Added the webauthnPublicKeyCredentialParameters resource. Added the webauthnPublicKeyCredentialRpEntity resource. Added the webauthnPublicKeyCredentialUserEntity resource. Added the publicKeyCredential property to the fido2AuthenticationMethod resource. Added the creationOptions method to the fido2AuthenticationMethod resource.
v1.0Microsoft GraphIdentity and access
Added the subjectLifecycle property to the accessPackageSubject resource type. Added the accessPackageSubjectLifecycle enumeration with members notDefined , notGoverned , governed , and unknownFutureValue .
betaMicrosoft GraphIdentity and access
Updated the targetedAuthenticationMethod property of the authenticationMethodsRegistrationCampaignIncludeTarget resource to support Fido2 in addition to microsoftAuthenticator . Organizations can now use registration campaigns to nudge users to register and sign in with phishing-resistant passkeys (FIDO2).
v1.0Microsoft GraphIdentity and access
Added the verifiableCredentialAuthenticationMethodTarget resource. Added the verifiableCredentialsAuthenticationMethodConfiguration resource.
betaMicrosoft GraphIdentity and access
Added the identityGovernanceUserSettings resource. Added the approverDelegate resource.
betaMicrosoft GraphIdentity and access
Added the identityGovernance property to the user resource. Add the allDirectoryAgentIdentities member to the allowedTargetScope enumeration.
v1.0Microsoft GraphIdentity and access
Added the subjects navigation property to the entitlementManagement resource type.
v1.0Microsoft GraphIdentity and access
Added the x509CertificateIssuerHintsState enumeration type. Added the includeTarget resource. Added the x509CertificateAuthorityScope resource. Added the x509CertificateIssuerHintsConfiguration resource. Added the certificateAuthorityScopes property to the x509CertificateAuthenticationMethodConfiguration resource. Added the issuerHintsConfiguration property to the x509CertificateAuthenticationMethodConfiguration resource.
betaMicrosoft GraphIdentity and access
Added the processingInfo property to the taskProcessingResult resource.
v1.0Microsoft GraphIdentity and access
Added the processingInfo property to the taskProcessingResult resource.
betaMicrosoft GraphIdentity and access
Added the m365CapabilityInboundAccess resource. Added the m365CapabilityResourceScope resource. Added the m365CapabilityResourceScopes resource. Added the m365Capabilities relationship to the crossTenantAccessPolicyConfigurationDefault resource. Added the m365Capabilities relationship to the crossTenantAccessPolicyConfigurationPartner resource. Added the List m365Capabilities method to the crossTenantAccessPolicyConfigurationDefault resource. Added the Create m365CapabilityBase method to the crossTenantAccessPolicyConfigurationDefault resource. Added the List m365Capabilities method to the crossTenantAccessPolicyConfigurationPartner resource. Added the Create m365CapabilityBase method to the crossTenantAccessPolicyConfigurationPartner resource. Added the crossTenantCalendarAvailabilityBasic resource. Added the crossTenantCalendarAvailabilityLimitedDetails resource. Added the crossTenantCalendarSharingFreeBusyDetail resource. Added the crossTenantCalendarSharingFreeBusyReviewer resource. Added the crossTenantCalendarSharingFreeBusySimple resource. Added the crossTenantMailTipsAll resource. Added the crossTenantMailTipsLimited resource. Added the crossTenantMigration resource. Added the crossTenantOpenProfileCard resource. Added the crossTenantPlacesDeskBooking resource. Added the crossTenantPlacesRoomBooking resource. Added the m365ResourceType enumeration type. For details, see m365CapabilityInboundAccess .
v1.0Microsoft GraphIdentity and access
Added the verifiedIdProfile resource.
v1.0Microsoft GraphIdentity and access
Added the deviceRegistrationPolicy resource type. Added the azureADJoinPolicy resource type. Added the azureADRegistrationPolicy resource type. Added the deviceRegistrationMembership resource type. Added the allDeviceRegistrationMembership resource type. Added the enumeratedDeviceRegistrationMembership resource type. Added the noDeviceRegistrationMembership resource type. Added the localAdminSettings resource. Added the localAdminPasswordSettings resource type. Added the localAdmins property to the azureADJoinPolicy resource. Added the deviceRegistrationPolicy navigation property to the policyRoot resource. Added the multiFactorAuthConfiguration enumeration type.
v1.0Microsoft GraphIdentity and access
Added the claimBindingSource enumeration type. Added the matchConfidenceLevel enumeration type. Added the verifiedIdProfileState enumeration type. Added the verifiedIdUsageConfigurationPurpose enumeration type. Added the claimBinding resource. Added the claimValidation resource. Added the faceCheckConfiguration resource. Added the verifiedIdProfileConfiguration resource. Added the verifiedIdUsageConfiguration resource. Added the identityContainer resource. Added the identityVerifiedIdRoot resource. Added the verifiedIdProfile resource.
betaMicrosoft GraphIdentity and access
Added the onVerifiedIdClaimValidationCustomExtensionHandler resource. Added the onVerifiedIdClaimValidationHandler resource. Added the onVerifiedIdClaimValidationCustomExtension resource. Added the onVerifiedIdClaimValidationListener resource.
betaMicrosoft GraphIdentity and access
Added the roleType enumeration type. Added the type property to the accessPackageResourceRole resource.
v1.0Microsoft GraphIdentity and access
Added the onVerifiedIdClaimValidationCustomExtensionHandler resource. Added the onVerifiedIdClaimValidationHandler resource. Added the onVerifiedIdClaimValidationCustomExtension resource. Added the onVerifiedIdClaimValidationListener resource.
betaMicrosoft GraphIdentity and access
Added the inheritedAppRoleAssignments relationship to the agentIdentity resource. Added the inheritedOauth2PermissionGrants relationship to the agentIdentity resource. Added the Microsoft.DirectoryServices.agentIdentity/inheritedAppRoleAssignments resource. Added the Microsoft.DirectoryServices.agentIdentity/inheritedOauth2PermissionGrants resource.
betaMicrosoft GraphIdentity and access
Added the referenceId property to the customDataProvidedResourceUploadSession resource. Added the files relationship to the customDataProvidedResourceUploadSession resource.
v1.0Microsoft GraphIdentity and access
Added the microsoftRevokedSessions member to the riskDetail enumeration.
betaMicrosoft GraphIdentity and access
Added the accessReviewInstanceDecisionItemApplyResult enumeration type. Added the customData property to the accessReviewInstanceDecisionItemCustomDataProvidedResource resource. Added the scopeDisplayName property to the accessReviewInstanceDecisionItemCustomDataProvidedResource resource. Added the scopeId property to the accessReviewInstanceDecisionItemCustomDataProvidedResource resource. Added the batchApplyCustomDataProvidedResourceDecisions method to the accessReviewInstance resource.
v1.0Microsoft GraphIdentity and access
Added the riskRemediation member to the conditionalAccessGrantControl enumeration.
betaMicrosoft GraphIdentity and access
Added the canceling member to the lifecycleWorkflowProcessingStatus enumeration. Added the cancelProcessing method to the workflow resource.
v1.0Microsoft GraphIdentity and access
Added the approverRemove member to the accessPackageRequestType enumeration.
betaMicrosoft GraphIdentity and access
Added the blueprintId property to the agentRiskDetection resource. Added the source property to the agentRiskDetection resource. Added the blueprintId property to the riskyAgent resource.
betaMicrosoft GraphIdentity and access
Added the claimValidation resource type. Added the matchConfidenceLevel enumeration type. Added the matchConfidenceLevel property to the claimBinding resource type. Added the verifiedId relationship to the identityContainer resource type.
betaMicrosoft GraphIdentity and access
Added the keyCredentials property to the appManagementConfiguration resource. Added the passwordCredentials property to the appManagementConfiguration resource. Removed the keyCredentials relationship from the appManagementConfiguration resource. Removed the passwordCredentials relationship from the appManagementConfiguration resource. Added the customSecurityAttributes property to the appManagementPolicyActorExemptions resource. Removed the customSecurityAttributes relationship from the appManagementPolicyActorExemptions resource. Changed the customSecurityAttributeExemption resource from an entity type to a complex type. Changed the customSecurityAttributeStringValueExemption resource from an entity type to a complex type. Changed the keyCredentialConfiguration resource from an entity type to a complex type. Changed the passwordCredentialConfiguration resource from an entity type to a complex type.
v1.0Microsoft GraphIdentity and access
Added the createdByAppId property to the application resource. Added the createdByAppId property to the servicePrincipal resource.
betaMicrosoft GraphIdentity and access
Added the applicationActivity enumeration type. Added the generativeAIInsight resource. Added the generativeAIInsights relationship to the logs resource.
v1.0Microsoft GraphIdentity and access
Added the attestationEnforcement enumeration type. Added the passkeyTypes enumeration type. Added the defaultPasskeyProfile property to the fido2AuthenticationMethodConfiguration resource. Added the passkeyProfiles relationship to the fido2AuthenticationMethodConfiguration resource. Added the passkeyAuthenticationMethodTarget resource. Added the passkeyProfile resource.
v1.0Microsoft GraphIdentity and access
Added the passkeyType enumeration type. Added the passkeyType property to the fido2AuthenticationMethod resource.
betaMicrosoft GraphIdentity and access
Added the previewScope relationship to the workflow resource. Added the previewTaskFailures method to the workflow resource. Added the previewWorkflow method to the workflow resource.
v1.0Microsoft GraphIdentity and access
Added the onPasswordSubmitListener resource to manage authentication event listeners for password submission events during Just-In-Time (JIT) user migration. Added the onPasswordSubmitCustomExtension resource to configure custom extensions for validating passwords against legacy authentication systems during JIT migration. Added the onPasswordSubmitHandler resource as an abstract base type for handlers invoked during password submission events. Added the onPasswordMigrationCustomExtensionHandler resource to invoke custom extensions during password submission for JIT user migration scenarios.
betaMicrosoft GraphIdentity and access
Added the cloudFirewallAction enumeration type. Added the cloudFirewallProtocol enumeration type. Added the cloudFirewallPolicy resource. Added the cloudFirewallPolicyLink resource. Added the cloudFirewallRule resource. Added the cloudFirewallPolicySettings resource. Added the cloudFirewallRuleSettings resource. Added the cloudFirewallMatchingConditions resource. Added the cloudFirewallSourceMatching resource. Added the cloudFirewallDestinationMatching resource. Added the cloudFirewallDestinationAddress resource. Added the cloudFirewallDestinationFqdnAddress resource. Added the cloudFirewallDestinationIpAddress resource. Added the cloudFirewallSourceAddress resource. Added the cloudFirewallSourceIpAddress resource. Added the cloudFirewallPolicies relationship to the networkAccessRoot resource.
betaMicrosoft GraphIdentity and access
Added the managerApplications property to the agentIdentityBlueprint resource. Added the managerApplications property to the application resource.
v1.0Microsoft GraphIdentity and access
Added the scopeCollectionKind enumeration type. Added the allAllowedScopes resource. Added the enumeratedScopes resource. Added the inheritableScopes resource. Added the noScopes resource. Added the agentIdentity resource. Added the agentIdentityBlueprint resource. Added the agentIdentityBlueprintPrincipal resource. Added the inheritablePermission resource. Added the Microsoft.DirectoryServices.agentIdentityBlueprint/sponsors resource. Added the Microsoft.DirectoryServices.agentIdentity/sponsors resource. Added the Microsoft.DirectoryServices.agentIdentityBlueprintPrincipal/sponsors resource.
betaMicrosoft GraphIdentity and access
Added the privilegeLevel enumeration type. Added the privilegeLevel property to the accessPackageCatalog resource.
betaMicrosoft GraphIdentity and access
Added the targetAgentIdentitySponsorsOrOwners resource.
v1.0Microsoft GraphIdentity and access
Added the allDirectoryAgentIdentities member to the allowedTargetScope enumeration. Added the targetAgentIdentitySponsorsOrOwners resource.
betaMicrosoft GraphIdentity and access
Removed the domain property from the externalTokenBasedSapIagConnectionInfo resource.
v1.0Microsoft GraphIdentity and access
Add the allDirectoryAgentIdentities member to the allowedTargetScope enumeration.
v1.0Microsoft GraphIdentity and access
Added the administrationScopeTargets relationship to the workflowBase resource. This relationship is also inherited by the workflow and workflowVersion derived types.
betaMicrosoft GraphIdentity and access
Added the requiredResourceAccess property to the agentIdentityBlueprint resource.
betaMicrosoft GraphIdentity and access
Added the crossTenantAccessType enumeration type. Added the deviceJoinType enumeration type. Added the crossTenantAccessType property to the connection resource. Added the deviceJoinType property to the connection resource. Added the homeTenantId property to the connection resource.
v1.0Microsoft GraphIdentity and access
Added the qrCodePin member to the authenticationMethodModes enumeration. Added the qrCodePin member to the baseAuthenticationMethod enumeration. Added the qrCodePinAuthenticationMethodConfiguration resource.
v1.0Microsoft GraphIdentity and access
Added the errorCorrectionLevel enumeration type. Added the qrCodeImageDetails resource. Added the qrCode resource. Added the qrCodePinAuthenticationMethod resource. Added the qrPin resource.
betaMicrosoft GraphIdentity and access
Added the agentIdentityType enumeration type. Added the identityType property to the agentRiskDetection resource. Added the identityType property to the riskyAgent resource.
betaMicrosoft GraphIdentity and access
Added the onPasswordSubmitListener resource to manage authentication event listeners for password submission events during Just-In-Time (JIT) user migration. Added the onPasswordSubmitCustomExtension resource to configure custom extensions for validating passwords against legacy authentication systems during JIT migration. Added the onPasswordSubmitHandler resource as an abstract base type for handlers invoked during password submission events. Added the onPasswordMigrationCustomExtensionHandler resource to invoke custom extensions during password submission for JIT user migration scenarios.
v1.0Microsoft GraphIdentity and access
Added the openIdConnectSetting resource. Added the externalAuthenticationMethodConfiguration resource.
betaMicrosoft GraphIdentity and access
Added the riskRemediation member to the conditionalAccessGrantControl enumeration.
v1.0Microsoft GraphIdentity and access
Added the externalAuthenticationMethods relationship to the authentication resource. Added the createdDateTime property to the authenticationMethod resource. Added the externalAuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the fido2AuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the microsoftAuthenticatorAuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the passwordAuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the platformCredentialAuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the temporaryAccessPassAuthenticationMethod resource. Changed the createdDateTime property to be inherited from authenticationMethod in the windowsHelloForBusinessAuthenticationMethod resource.
v1.0Microsoft GraphIdentity and access
Added multi-factor authentication (MFA) requirement for self-service operations for supported authentication methods. Starting January 26, 2026, users who manage their own authentication methods through self-service operations, such as adding, updating, or deleting phone numbers and email addresses, must complete multifactor authentication (MFA) if they last authenticated more than 10 minutes ago in the current session. For more guidance on handling this change in your application, see Microsoft Entra authentication methods API overview .
betaMicrosoft GraphIdentity and access
Added the externalOriginResourceConnectors relationship to the entitlementManagement resource.
betaMicrosoft GraphIdentity and access
Added the blockPageConfigurationBase resource. Added the markdownBlockMessageConfiguration resource. Added the customBlockPage resource. Added the customBlockPage relationship to the settings resource.
betaMicrosoft GraphIdentity and access
Added the accessPackageAssignmentCalloutData resource. Added the accessPackageAssignmentRequestCalloutData resource.
v1.0Microsoft GraphIdentity and access
Added the accessPackageAssignmentCalloutData resource. Added the accessPackageAssignmentRequestCalloutData resource.
v1.0Microsoft GraphIdentity and access
Added the assignedLabel resource.