Merge pull request #24520 from microsoftgraph/main

Merge to publish.

api-reference/beta/api/authentication-list-emailmethods.md

@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-Retrieve a list of a user's [email Authentication Method](../resources/emailauthenticationmethod.md) objects and their properties. This call will only return a single object as only one email method can be set on users.
+Retrieve a list of a user's [email Authentication Method](../resources/emailauthenticationmethod.md) objects and their properties. This call only returns a single object referenced by ID `3ddfcfc8-9383-446f-83cc-3ab9be4be18f` as only one email method can be set on users.
 
 [!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
 

api-reference/beta/api/authentication-list-passwordmethods.md

@@ -13,7 +13,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-Retrieve a list of [password authentication method](../resources/passwordauthenticationmethod.md) objects. This API returns exactly one object, as a user can have exactly one password.
+Retrieve a list of [password authentication method](../resources/passwordauthenticationmethod.md) objects. This API returns exactly one object referenced by ID `28c10230-6103-485e-b985-444c60001490`, as a user can have exactly one password. For security, the password itself is never returned in the object and the **password** property is always `null`.
 
 [!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
 

api-reference/beta/api/authenticationmethod-resetpassword.md

@@ -35,10 +35,11 @@ Admins with *User Administrator*, *Helpdesk Administrator*, or *Password Adminis
 
 ## HTTP request
 
+The ID of the password authentication method, referenced by `{passwordMethods-id}`, is always `28c10230-6103-485e-b985-444c60001490`.
 <!-- { "blockType": "ignored" } -->
 
 ```http
-POST /users/{id | userPrincipalName}/authentication/methods/{id}/resetPassword
+POST /users/{id | userPrincipalName}/authentication/methods/{passwordMethods-id}/resetPassword
 ```
 
 ## Request headers

api-reference/beta/api/directory-deleteditems-restore.md

@@ -48,7 +48,13 @@ POST /directory/deleteditems/{id}/restore
 | Content-type | application/json |
 
 ## Request body
-Don't supply a request body for this method.
+In the request body, supply a JSON representation of the parameters.
+
+The following table lists the parameters that are required when you call this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|autoReconcileProxyConflict|Boolean|Optional parameter. Indicates whether Microsoft Entra ID should remove any conflicting proxy addresses while restoring a soft-deleted user whose one or more proxy addresses are currently used for an active user. Used only for restoring soft-deleted [user](../resources/user.md). The default value for this paramater is `false`.|
 
 ## Response
 
@@ -140,4 +146,46 @@ Content-type: application/json
 }
 -->
 
+### Request
+
+<!-- {
+  "blockType": "request",
+  "name": "restore_directory_deleteditem_autoreconcileproxyconflict"
+}-->
+```http
+POST https://graph.microsoft.com/beta/directory/deleteditems/78bf875b-9343-4edc-9130-0d3958113563/restore
+Content-Type: application/json
+
+{
+  "autoReconcileProxyConflict": true
+}
+```
+
+### Response
+> **Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.directoryObject"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#users/$entity",
+    "id": "78bf875b-9343-4edc-9130-0d3958113563",
+    "businessPhones": [],
+    "displayName": "SampleUser",
+    "givenName": "Sample",
+    "jobTitle": "Product Marketing Manager",
+    "mail": "sampleuser@contoso.com",
+    "mobilePhone": "+1 425 555 0109",
+    "officeLocation": "18/2111",
+    "preferredLanguage": "en-US",
+    "surname": "Vance",
+    "userPrincipalName": "sampleuser@contoso.com"
+}
+```
+
 

api-reference/beta/api/emailauthenticationmethod-delete.md

@@ -40,16 +40,18 @@ One of the following permissions is required to call this API. To learn more, in
 
 ## HTTP request
 
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
+
 Delete the email method from your own account. For a signed-in user to update their own authentication method, they must have satisfied a multi-factor authentication requirement during sign in.
 <!-- {  "blockType": "ignored" } -->
 ``` http
-DELETE /me/authentication/emailMethods/{id}
+DELETE /me/authentication/emailMethods/{emailMethods-id}
 ```
 
 Delete the email authentication method from another user's account.
 <!-- {  "blockType": "ignored" } -->
 ``` http
-DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
 ```
 
 ## Request headers

api-reference/beta/api/emailauthenticationmethod-get.md

@@ -40,16 +40,18 @@ One of the following permissions is required to call this API. To learn more, in
 
 ## HTTP request
 
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
+
 Get details of your own email authentication method.
 <!-- { "blockType": "ignored" } -->
 ``` http
-GET /me/authentication/emailMethods/{id}
+GET /me/authentication/emailMethods/{emailMethods-id}
 ```
 
 Get details of your own or another user's email authentication method.
 <!-- { "blockType": "ignored" } -->
 ``` http
-GET /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
 ```
 
 ## Request headers

api-reference/beta/api/emailauthenticationmethod-update.md

@@ -28,11 +28,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
 Users cannot update their own email authentication method.
 
 ## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
 
 Update the email authentication method for another user's account.
 <!-- {  "blockType": "ignored" } -->
 ``` http
-PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
 ```
 
 ## Request headers

api-reference/beta/api/passwordauthenticationmethod-get.md

@@ -42,17 +42,18 @@ One of the following permissions is required to call this API. To learn more, in
 Admins with *User Administrator*, *Helpdesk Administrator*, or *Password Administrator* roles can also reset passwords for non-admin users and a limited set of admin roles as defined in [Who can reset passwords](/azure/active-directory/roles/privileged-roles-permissions#who-can-reset-passwords).
 
 ## HTTP request
+The ID of the password authentication method, referenced by `{passwordMethods-id}`, is always `28c10230-6103-485e-b985-444c60001490`.
 
 Get details of your own password authentication method.
 <!-- { "blockType": "ignored" } -->
 ```http
-GET /me/authentication/passwordMethods/{id}
+GET /me/authentication/passwordMethods/{passwordMethods-id}
 ```
 
 Get details of your own or another user's password authentication method.
 <!-- { "blockType": "ignored" } -->
 ``` http
-GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/passwordMethods/{passwordMethods-id}
 ```
 
 ## Optional query parameters

api-reference/beta/resources/device.md

@@ -67,7 +67,7 @@ This resource is an open type that allows other properties to be passed in. You
 |isCompliant|Boolean|`true` if the device complies with Mobile Device Management (MDM) policies; otherwise, `false`. Read-only. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`).|
 |isManaged|Boolean|`true` if the device is managed by a Mobile Device Management (MDM) app; otherwise, `false`. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`). |
 |isManagementRestricted|Boolean|Indicates whether the device is a member of a restricted management administrative unit, in which case it requires a role scoped to the restricted administrative unit to manage. The default value is `false`. Read-only. <br/><br/> To manage a device that's a member of a restricted administrative unit, the calling app must be assigned the `Directory.Write.Restricted` permission. For delegated scenarios, the administrators must also be explicitly assigned supported roles at the restricted administrative unit scope.|
-|isRooted|Boolean|`true` if the device is rooted; `false` if the device is jail-broken. This property can only be updated by Intune.|
+|isRooted|Boolean|`true` if the device is rooted or jail-broken. This property can only be updated by Intune.|
 |kind| String| Form factor of the device. Only returned if the user signs in with a Microsoft account as part of Project Rome. |
 |managementType|String|Management channel of the device.  This property is set by Intune. Possible values are: `eas`, `mdm`, `easMdm`, `intuneClient`, `easIntuneClient`, `configurationManagerClient`, `configurationManagerClientMdm`, `configurationManagerClientMdmEas`, `unknown`, `jamf`, `googleCloudDevicePolicyController`.|
 |manufacturer| String| Manufacturer of the device. Read-only. |

api-reference/beta/resources/emailauthenticationmethod.md

@@ -31,14 +31,14 @@ This is a derived type that inherits from the [authenticationMethod](authenticat
 ## Properties
 |Property|Type|Description|
 |:---|:---|:---|
-|id|String|The identifier of the email address registered to this user.|
+|id|String|The identifier of the email address registered to this user. The ID is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.|
 |emailAddress|String|The email address registered to this user.|
 
 ## Relationships
 None.
 
 ## JSON representation
-The following is a JSON representation of the resource.
+The following JSON representation shows the resource type.
 <!-- {
   "blockType": "resource",
   "keyProperty": "id",

api-reference/beta/resources/group.md

@@ -24,7 +24,7 @@ This resource supports:
 
 - Adding your data to custom properties as [extensions](/graph/extensibility-overview).
 - Subscribing to [change notifications](/graph/webhooks).
-- Using [delta query](/graph/delta-query-overview) to track incremental additions, deletions, and updates, by providing a [delta](../api/user-delta.md) function.
+- Using [delta query](/graph/delta-query-overview) to track incremental additions, deletions, and updates, by providing a [delta](../api/group-delta.md) function.
 
 > **Microsoft Teams and Microsoft 365 groups support group collaboration**. You can use most of the Microsoft 365 groups API with Microsoft Teams. To create a [team](team.md), first [create group](../api/group-post-groups.md) and then [add a team to it](../api/team-put-teams.md). For details, see the [Microsoft Teams overview](teams-api-overview.md).
 
@@ -109,9 +109,6 @@ This resource supports:
 | **Notes** |  |  |
 | [List notebooks](../api/onenote-list-notebooks.md) | [notebook](notebook.md) collection | Retrieve a list of notebook objects. |
 | [Create notebook](../api/onenote-post-notebooks.md) | [notebook](notebook.md) | Create a new OneNote notebook. |
-| **Open extensions** |  |  |
-| [Create open extension](../api/opentypeextension-post-opentypeextension.md) | [openTypeExtension](opentypeextension.md) | Create an open extension and add custom properties to a new or existing resource. |
-| [Get open extension](../api/opentypeextension-get.md) | [openTypeExtension](opentypeextension.md) collection | Get an open extension identified by the extension name. |
 | **Password-based single sign-on credentials** |  |  |
 | [Get credentials](../api/group-getpasswordsinglesignoncredentials.md) | [passwordSingleSignOnCredentialSet](../resources/passwordsinglesignoncredentialset.md) collection | Get the list of password-based single sign-on credentials for this group. Passwords are never returned, and instead are always returned as null. |
 | [Delete credentials](../api/group-deletepasswordsinglesignoncredentials.md) | None | Delete password-based single sign-on credential for a given service principal that is associated to this group. |
@@ -127,8 +124,6 @@ name. |
 | [Get post](../api/post-get.md) | [post](post.md) | Get a specific post. |
 | [Reply to post](../api/post-reply.md) | None | Reply to a post. |
 | [Forward post](../api/post-forward.md) | None | Forward a post. |
-| **Schema extensions** |  |  |
-| [Add schema extension values](/graph/extensibility-schema-groups) | None | Create a schema extension definition and then use it to add custom-typed data to a resource. |
 | **Other group resources** |  |  |
 | [List permission grants](../api/group-list-permissiongrants.md) | [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection | List permissions granted to apps to access the group. |
 | **User settings** |  |  |
@@ -183,7 +178,7 @@ name. |
 | onPremisesNetBiosName | String | Contains the on-premises **netBios name** synchronized from the on-premises directory. The property is only populated for customers synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect.<br><br>Returned by default. Read-only. |
 | onPremisesProvisioningErrors | [onPremisesProvisioningError](onpremisesprovisioningerror.md) collection | Errors when using Microsoft synchronization product during provisioning. <br><br>Returned by default. Supports `$filter` (`eq`, `not`). |
 | onPremisesSamAccountName | String | Contains the on-premises **SAM account name** synchronized from the on-premises directory. The property is only populated for customers synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect.<br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`). Read-only. |
-| onPremisesSecurityIdentifier | String | Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. <br><br>Returned by default. Supports `$filter` (`eq` including on `null` values). Read-only. |
+| onPremisesSecurityIdentifier | String | Contains the on-premises security identifier (SID) for the group synchronized from on-premises to the cloud. Read-only. <br><br>Returned by default. Supports `$filter` (`eq` including on `null` values). Read-only. |
 | onPremisesSyncEnabled | Boolean | `true` if this group is synced from an on-premises directory; `false` if this group was originally synced from an on-premises directory but is no longer synced; **null** if this object has never been synced from an on-premises directory (default). <br><br>Returned by default. Read-only. Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). |
 | preferredDataLocation | String | The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling app must be granted the *Directory.ReadWrite.All* permission and the user be assigned at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json): <br><ul><li> User Account Administrator <li>Directory Writer <li> Exchange Administrator <li> SharePoint Administrator </ul><br/> For more information about this property, see [OneDrive Online Multi-Geo](/sharepoint/dev/solution-guidance/multigeo-introduction) and [Create a Microsoft 365 group with a specific PDL](/office365/enterprise/multi-geo-add-group-with-pdl). <br><br>Nullable. Returned by default. |
 | preferredLanguage | String | The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example, `en-US`. <br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values). |
@@ -192,7 +187,7 @@ name. |
 | resourceBehaviorOptions | String collection | Specifies the group behaviors that can be set for a Microsoft 365 group during creation. This property can be set only as part of creation (POST). For the list of possible values, see [Microsoft 365 group behaviors and provisioning options](/graph/group-set-options). |
 | resourceProvisioningOptions | String collection | Specifies the group resources that are associated with the Microsoft 365 group. The possible value is `Team`. For more information, see [Microsoft 365 group behaviors and provisioning options](/graph/group-set-options). <br><br>Returned by default. Supports `$filter` (`eq`, `not`, `startsWith`. |
 | securityEnabled | Boolean | Specifies whether the group is a security group. Required.<br><br>Returned by default. Supports `$filter` (`eq`, `ne`, `not`, `in`). |
-| securityIdentifier | String | Security identifier of the group, used in Windows scenarios. <br><br>Returned by default. |
+| securityIdentifier | String | Security identifier of the group, used in Windows scenarios. Read-only. <br><br>Returned by default. |
 | serviceProvisioningErrors | [serviceProvisioningError](serviceprovisioningerror.md) collection | Errors published by a federated service describing a non-transient, service-specific error regarding the properties or link from a group object. |
 | theme | String | Specifies a Microsoft 365 group's color theme. Possible values are `Teal`, `Purple`, `Green`, `Blue`, `Pink`, `Orange` or `Red`. <br><br>Returned by default. |
 | uniqueName | String | The unique identifier that can be assigned to a group and used as an alternate key. Immutable. Read-only. |