Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.
For more detailed API-level updates, see the Microsoft Graph API changelog.
For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.
Important
Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.
November 2025: New and generally available
Backup storage
The driveItem: restore method was expanded to enable restoring a driveItem deleted from a fileStorageContainer without mapping it to a recycleBinItem. This complements existing functionality in recycleBinItem: restore which continues to work as expected.
November 2025: New in preview only
Tasks and plans
- Get the usage rights for a specific plan based on its sensitivity label assignment and the requesting user's permissions.
- Use the contentSensitivityLabelAssignment property on plannerPlan to get or set the sensitivity label assignment for a plan.
October 2025: New and generally available
Backup storage
- Use the protectionSources property on driveProtectionUnit, mailboxProtectionUnit, and siteProtectionUnit to get the sources by which a protection unit is currently protected.
- Update a driveProtectionRule or a mailboxProtectionRule.
- Delete and unprotect all the artifacts protected by a dynamic rule in a driveProtectionRule or a mailboxProtectionRule.
Device and app management | Cloud PC
List the Cloud PC devices that are attributed to the signed-in user.
Education
- Add an existing educationGradingScheme to an existing educationAssignment.
- Add the default educationGradingScheme to an educationAssignmentSettings object.
- Use the languageTag property on educationAssignment to specify the language in which UI notifications for an assignment are displayed.
- Create and manage a custom scheme for grading.
- List the dependent education assignment resources for a given education assignment resource.
- List the dependent education submission resources for a given education submission resource.
Identity and access | Directory management
Addressed a permissions issue for internalDomainFederation write operations. Previously, delegated scenarios required the high-privilege Directory.AccessAsUser.All permission. Two new, lesser-privileged permissions are now available for managing the internalDomainFederation resource:
- Domain-InternalFederation.Read.All – Read internalDomainFederation resources.
- Domain-InternalFederation.ReadWrite.All – Read and write internalDomainFederation resources.
Added the Domain-InternalFederation.ReadWrite.All delegated and application permissions as lower-privilege alternatives for updating a domain. This also enables updating the authenticationType property of a domain in both delegated and application contexts, whereas previously only delegated scenarios with Directory.AccessAsUser.All permission were supported.
These new permissions enable more granular access control for managing internalDomainFederation and domain resources.
Identity and access | Identity and sign-in
Microsoft Graph now supports new delegated and application permissions scoped to individual authentication methods supported by Microsoft Entra. These permissions provide lesser-privileged alternatives to the more widely scoped UserAuthenticationMethod.Read, UserAuthenticationMethod.ReadWrite.All, UserAuthenticationMethod.ReadWrite and UserAuthenticationMethod.Read.All permissions, helping you improve your organization's security posture by adopting least privilege practices.
| Permission | Supported authentication methods | Delegated | Application |
|---|---|---|---|
| UserAuthMethod-Email.Read |  |
 |
|
| UserAuthMethod-Email.Read.All | |
|
|
| UserAuthMethod-Email.ReadWrite.All | |
|
|
| UserAuthMethod-External.Read | External | |
|
| UserAuthMethod-External.Read.All | External | |
|
| UserAuthMethod-External.ReadWrite.All | External | |
|
| UserAuthMethod-HardwareOATH.Read | Hardware OATH | |
|
| UserAuthMethod-HardwareOATH.Read.All | Hardware OATH | |
|
| UserAuthMethod-HardwareOATH.ReadWrite | Hardware OATH | |
|
| UserAuthMethod-HardwareOATH.ReadWrite.All | Hardware OATH | |
|
| UserAuthMethod-MicrosoftAuthApp.Read | Microsoft Authenticator | |
|
| UserAuthMethod-MicrosoftAuthApp.Read.All | Microsoft Authenticator | |
|
| UserAuthMethod-MicrosoftAuthApp.ReadWrite | Microsoft Authenticator | |
|
| UserAuthMethod-MicrosoftAuthApp.ReadWrite.All | Microsoft Authenticator | |
|
| UserAuthMethod-Passkey.Read | FIDO2 | |
|
| UserAuthMethod-Passkey.Read.All | FIDO2 | |
|
| UserAuthMethod-Passkey.ReadWrite | FIDO2 | |
|
| UserAuthMethod-Passkey.ReadWrite.All | FIDO2 | |
|
| UserAuthMethod-Password.Read | Password | |
|
| UserAuthMethod-Password.Read.All | Password | |
|
| UserAuthMethod-Password.ReadWrite | Password | |
|
| UserAuthMethod-Password.ReadWrite.All | Password | |
|
| UserAuthMethod-Phone.Read | Phone | |
|
| UserAuthMethod-Phone.Read.All | Phone | |
|
| UserAuthMethod-Phone.ReadWrite | Phone | |
|
| UserAuthMethod-Phone.ReadWrite.All | Phone | |
|
| UserAuthMethod-PlatformCred.Read | Platform Credential | |
|
| UserAuthMethod-PlatformCred.Read.All | Platform Credential | |
|
| UserAuthMethod-PlatformCred.ReadWrite | Platform Credential | |
|
| UserAuthMethod-PlatformCred.ReadWrite.All | Platform Credential | |
|
| UserAuthMethod-QR.Read | QR Code | |
|
| UserAuthMethod-QR.Read.All | QR Code | |
|
| UserAuthMethod-QR.ReadWrite | QR Code | |
|
| UserAuthMethod-QR.ReadWrite.All | QR Code | |
|
| UserAuthMethod-SoftwareOATH.Read | Software OATH | |
|
| UserAuthMethod-SoftwareOATH.Read.All | Software OATH | |
|
| UserAuthMethod-SoftwareOATH.ReadWrite | Software OATH | |
|
| UserAuthMethod-SoftwareOATH.ReadWrite.All | Software OATH | |
|
| UserAuthMethod-TAP.Read | Temporary Access Pass | |
|
| UserAuthMethod-TAP.Read.All | Temporary Access Pass | |
|
| UserAuthMethod-TAP.ReadWrite | Temporary Access Pass | |
|
| UserAuthMethod-TAP.ReadWrite.All | Temporary Access Pass | |
|
| UserAuthMethod-WindowsHello.Read | Windows Hello for Business | |
|
| UserAuthMethod-WindowsHello.Read.All | Windows Hello for Business | |
|
| UserAuthMethod-WindowsHello.ReadWrite | Windows Hello for Business | |
|
| UserAuthMethod-WindowsHello.ReadWrite.All | Windows Hello for Business | |
|
Security | Alerts and incidents
Use the investigationState property on alert to get the current status of an investigation.
Teamwork and communications | Calls and online meetings
Use the callEvent and emergencyCallEvent resources to provide detailed information about both standard and emergency call events. For more information, see Change notification for active meeting call events and change notification for emergency call events.
Teamwork and communications | Messaging
Use the originalSourceMembershipUrl annotation with the List allMembers API to identify the source of a member's membership and distinguish between direct and indirect members.
October 2025: New in preview only
Calendars | Places
- Apply the following prerequisites for the Places list and descendant APIs before you can use these APIs; otherwise, they don't return any places.
- Added
wifias a new supported value for the sensorType property of the workplaceSensor and workplaceSensorDeviceTelemetry resources.
Device and app management | Cloud PC
- Use the sessionStartDateTime property on cloudPcFrontlineSharedDeviceDetail to get the date and time when the current user session starts, or
nullif no current user session exists. - Deprecated the getCloudPcLaunchInfo method in favor of the retrieveCloudPcLaunchDetail API.
- Deprecated the cloudPcExternalPartnerSetting resource and replaced with the cloudPcExternalPartner resource.
- Deprecated the frontlineCloudPcAvailability property of cloudPC in favor of the retrieveFrontlineCloudPcDetail method.
- Create, get, or update an external partner of Cloud PC, such as the partner status, and enable or disable the connection.
- Import, purge, or retrieve an external snapshot of a Cloud PC.
- Get information about licenses that the Cloud PC service directly manages using the cloudPcManagedLicense resource and the list managedLicenses operation. These cloudpc-managed licenses help administrators track license allocation, status, and usage across their Cloud PC deployments.
- Use the userSettingsPersistenceConfiguration property on cloudPcProvisioningPolicy to enable the persistence of user application settings between Cloud PC sessions.
- Deprecated the cloudPcReports: retrieveCloudPcRecommendationReports method in favor of the cloudPcReport: retrieveCloudPcRecommendationReports API.
- Deprecated the cloudPcReports resource in favor of the cloudPcReport resource.
Education
- List the dependent education assignment resources for a given education assignment resource.
- List the dependent education submission resources for a given education submission resource.
Files
Use the itemDefaultSensitivityLabelId property on fileStorageContainerSettings to get or set the ID of the default sensitivity label for items in the container. Added the following new endpoints as supported request URLs for the driveItem: createUploadSession API:
POST /drives/{driveId}/items/{parentItemId}:/{fileName}:/createUploadSessionPOST /groups/{groupId}/drive/items/{parentItemId}:/{fileName}:/createUploadSessionPOST /sites/{siteId}/drive/items/{parentItemId}:/{fileName}:/createUploadSessionPOST /users/{userId}/drive/items/{parentItemId}:/{fileName}:/createUploadSession
Security | Alerts and incidents
Use the investigationState property on alert to get the current status of an investigation.
Sites and lists
Create a SharePoint site and monitor its creation status.
Tasks and plans
Use the extended properties API to store or get custom data in the todoTask resource.
Contribute to Microsoft Graph
Are there scenarios you'd like Microsoft Graph to support?
Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (
https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.
Join our research panel to provide your input on our developer experiences.