diff --git a/api-reference/beta/api/authentication-list-emailmethods.md b/api-reference/beta/api/authentication-list-emailmethods.md
index ace1b9986dc..257f6a5f027 100644
--- a/api-reference/beta/api/authentication-list-emailmethods.md
+++ b/api-reference/beta/api/authentication-list-emailmethods.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of a user's [email Authentication Method](../resources/emailauthenticationmethod.md) objects and their properties. This call will only return a single object as only one email method can be set on users.
+Retrieve a list of a user's [email Authentication Method](../resources/emailauthenticationmethod.md) objects and their properties. This call only returns a single object referenced by ID `3ddfcfc8-9383-446f-83cc-3ab9be4be18f` as only one email method can be set on users.
[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
diff --git a/api-reference/beta/api/authentication-list-passwordmethods.md b/api-reference/beta/api/authentication-list-passwordmethods.md
index 294719c6190..863f640ca59 100644
--- a/api-reference/beta/api/authentication-list-passwordmethods.md
+++ b/api-reference/beta/api/authentication-list-passwordmethods.md
@@ -13,7 +13,7 @@ Namespace: microsoft.graph
[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
-Retrieve a list of [password authentication method](../resources/passwordauthenticationmethod.md) objects. This API returns exactly one object, as a user can have exactly one password.
+Retrieve a list of [password authentication method](../resources/passwordauthenticationmethod.md) objects. This API returns exactly one object referenced by ID `28c10230-6103-485e-b985-444c60001490`, as a user can have exactly one password. For security, the password itself is never returned in the object and the **password** property is always `null`.
[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
diff --git a/api-reference/beta/api/authenticationmethod-resetpassword.md b/api-reference/beta/api/authenticationmethod-resetpassword.md
index a454137f8de..79e77ca2d80 100644
--- a/api-reference/beta/api/authenticationmethod-resetpassword.md
+++ b/api-reference/beta/api/authenticationmethod-resetpassword.md
@@ -35,10 +35,11 @@ Admins with *User Administrator*, *Helpdesk Administrator*, or *Password Adminis
## HTTP request
+The ID of the password authentication method, referenced by `{passwordMethods-id}`, is always `28c10230-6103-485e-b985-444c60001490`.
```http
-POST /users/{id | userPrincipalName}/authentication/methods/{id}/resetPassword
+POST /users/{id | userPrincipalName}/authentication/methods/{passwordMethods-id}/resetPassword
```
## Request headers
diff --git a/api-reference/beta/api/directory-deleteditems-restore.md b/api-reference/beta/api/directory-deleteditems-restore.md
index 9944f4f8af1..6c6f22f3467 100644
--- a/api-reference/beta/api/directory-deleteditems-restore.md
+++ b/api-reference/beta/api/directory-deleteditems-restore.md
@@ -48,7 +48,13 @@ POST /directory/deleteditems/{id}/restore
| Content-type | application/json |
## Request body
-Don't supply a request body for this method.
+In the request body, supply a JSON representation of the parameters.
+
+The following table lists the parameters that are required when you call this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|autoReconcileProxyConflict|Boolean|Optional parameter. Indicates whether Microsoft Entra ID should remove any conflicting proxy addresses while restoring a soft-deleted user whose one or more proxy addresses are currently used for an active user. Used only for restoring soft-deleted [user](../resources/user.md). The default value for this paramater is `false`.|
## Response
@@ -140,4 +146,46 @@ Content-type: application/json
}
-->
+### Request
+
+
+```http
+POST https://graph.microsoft.com/beta/directory/deleteditems/78bf875b-9343-4edc-9130-0d3958113563/restore
+Content-Type: application/json
+
+{
+ "autoReconcileProxyConflict": true
+}
+```
+
+### Response
+> **Note:** The response object shown here might be shortened for readability.
+
+```http
+HTTP/1.1 200 OK
+Content-type: application/json
+
+{
+ "@odata.context": "https://graph.microsoft.com/beta/$metadata#users/$entity",
+ "id": "78bf875b-9343-4edc-9130-0d3958113563",
+ "businessPhones": [],
+ "displayName": "SampleUser",
+ "givenName": "Sample",
+ "jobTitle": "Product Marketing Manager",
+ "mail": "sampleuser@contoso.com",
+ "mobilePhone": "+1 425 555 0109",
+ "officeLocation": "18/2111",
+ "preferredLanguage": "en-US",
+ "surname": "Vance",
+ "userPrincipalName": "sampleuser@contoso.com"
+}
+```
+
diff --git a/api-reference/beta/api/emailauthenticationmethod-delete.md b/api-reference/beta/api/emailauthenticationmethod-delete.md
index dc4cec7b9c5..1a80c3c68ff 100644
--- a/api-reference/beta/api/emailauthenticationmethod-delete.md
+++ b/api-reference/beta/api/emailauthenticationmethod-delete.md
@@ -40,16 +40,18 @@ One of the following permissions is required to call this API. To learn more, in
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
+
Delete the email method from your own account. For a signed-in user to update their own authentication method, they must have satisfied a multi-factor authentication requirement during sign in.
``` http
-DELETE /me/authentication/emailMethods/{id}
+DELETE /me/authentication/emailMethods/{emailMethods-id}
```
Delete the email authentication method from another user's account.
``` http
-DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/beta/api/emailauthenticationmethod-get.md b/api-reference/beta/api/emailauthenticationmethod-get.md
index 48e95b7cc4e..6edf39cc1f9 100644
--- a/api-reference/beta/api/emailauthenticationmethod-get.md
+++ b/api-reference/beta/api/emailauthenticationmethod-get.md
@@ -40,16 +40,18 @@ One of the following permissions is required to call this API. To learn more, in
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
+
Get details of your own email authentication method.
``` http
-GET /me/authentication/emailMethods/{id}
+GET /me/authentication/emailMethods/{emailMethods-id}
```
Get details of your own or another user's email authentication method.
``` http
-GET /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/beta/api/emailauthenticationmethod-update.md b/api-reference/beta/api/emailauthenticationmethod-update.md
index 47894700d5c..405d7342050 100644
--- a/api-reference/beta/api/emailauthenticationmethod-update.md
+++ b/api-reference/beta/api/emailauthenticationmethod-update.md
@@ -28,11 +28,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
Users cannot update their own email authentication method.
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
Update the email authentication method for another user's account.
``` http
-PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/beta/api/passwordauthenticationmethod-get.md b/api-reference/beta/api/passwordauthenticationmethod-get.md
index 2dd3d15c586..018e327d163 100644
--- a/api-reference/beta/api/passwordauthenticationmethod-get.md
+++ b/api-reference/beta/api/passwordauthenticationmethod-get.md
@@ -42,17 +42,18 @@ One of the following permissions is required to call this API. To learn more, in
Admins with *User Administrator*, *Helpdesk Administrator*, or *Password Administrator* roles can also reset passwords for non-admin users and a limited set of admin roles as defined in [Who can reset passwords](/azure/active-directory/roles/privileged-roles-permissions#who-can-reset-passwords).
## HTTP request
+The ID of the password authentication method, referenced by `{passwordMethods-id}`, is always `28c10230-6103-485e-b985-444c60001490`.
Get details of your own password authentication method.
```http
-GET /me/authentication/passwordMethods/{id}
+GET /me/authentication/passwordMethods/{passwordMethods-id}
```
Get details of your own or another user's password authentication method.
``` http
-GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/passwordMethods/{passwordMethods-id}
```
## Optional query parameters
diff --git a/api-reference/beta/resources/device.md b/api-reference/beta/resources/device.md
index b598a2143a3..3a9d182482a 100644
--- a/api-reference/beta/resources/device.md
+++ b/api-reference/beta/resources/device.md
@@ -67,7 +67,7 @@ This resource is an open type that allows other properties to be passed in. You
|isCompliant|Boolean|`true` if the device complies with Mobile Device Management (MDM) policies; otherwise, `false`. Read-only. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`).|
|isManaged|Boolean|`true` if the device is managed by a Mobile Device Management (MDM) app; otherwise, `false`. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`). |
|isManagementRestricted|Boolean|Indicates whether the device is a member of a restricted management administrative unit, in which case it requires a role scoped to the restricted administrative unit to manage. The default value is `false`. Read-only.
To manage a device that's a member of a restricted administrative unit, the calling app must be assigned the `Directory.Write.Restricted` permission. For delegated scenarios, the administrators must also be explicitly assigned supported roles at the restricted administrative unit scope.|
-|isRooted|Boolean|`true` if the device is rooted; `false` if the device is jail-broken. This property can only be updated by Intune.|
+|isRooted|Boolean|`true` if the device is rooted or jail-broken. This property can only be updated by Intune.|
|kind| String| Form factor of the device. Only returned if the user signs in with a Microsoft account as part of Project Rome. |
|managementType|String|Management channel of the device. This property is set by Intune. Possible values are: `eas`, `mdm`, `easMdm`, `intuneClient`, `easIntuneClient`, `configurationManagerClient`, `configurationManagerClientMdm`, `configurationManagerClientMdmEas`, `unknown`, `jamf`, `googleCloudDevicePolicyController`.|
|manufacturer| String| Manufacturer of the device. Read-only. |
diff --git a/api-reference/beta/resources/emailauthenticationmethod.md b/api-reference/beta/resources/emailauthenticationmethod.md
index d4099ee9199..bf252d7c6d8 100644
--- a/api-reference/beta/resources/emailauthenticationmethod.md
+++ b/api-reference/beta/resources/emailauthenticationmethod.md
@@ -31,14 +31,14 @@ This is a derived type that inherits from the [authenticationMethod](authenticat
## Properties
|Property|Type|Description|
|:---|:---|:---|
-|id|String|The identifier of the email address registered to this user.|
+|id|String|The identifier of the email address registered to this user. The ID is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.|
|emailAddress|String|The email address registered to this user.|
## Relationships
None.
## JSON representation
-The following is a JSON representation of the resource.
+The following JSON representation shows the resource type.
```http
-POST /users/{id | userPrincipalName}/authentication/methods/{id}/resetPassword
+POST /users/{id | userPrincipalName}/authentication/methods/{passwordMethods-id}/resetPassword
```
## Request headers
diff --git a/api-reference/v1.0/api/emailauthenticationmethod-delete.md b/api-reference/v1.0/api/emailauthenticationmethod-delete.md
index cec92c63105..1690fa587a4 100644
--- a/api-reference/v1.0/api/emailauthenticationmethod-delete.md
+++ b/api-reference/v1.0/api/emailauthenticationmethod-delete.md
@@ -45,17 +45,18 @@ One of the following permissions is required to call this API. To learn more, in
[!INCLUDE [rbac-authentication-methods-apis-write-others](../includes/rbac-for-apis/rbac-authentication-methods-apis-write-others.md)]
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
Delete the email method from your own account. For a signed-in user to update their own authentication method, they must have satisfied a multi-factor authentication requirement during sign in.
``` http
-DELETE /me/authentication/emailMethods/{id}
+DELETE /me/authentication/emailMethods/{emailMethods-id}
```
Delete the email authentication method from another user's account.
``` http
-DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+DELETE /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/v1.0/api/emailauthenticationmethod-get.md b/api-reference/v1.0/api/emailauthenticationmethod-get.md
index 0ed5b801ff4..98c2378ba3f 100644
--- a/api-reference/v1.0/api/emailauthenticationmethod-get.md
+++ b/api-reference/v1.0/api/emailauthenticationmethod-get.md
@@ -37,17 +37,18 @@ One of the following permissions is required to call this API. To learn more, in
[!INCLUDE [rbac-authentication-methods-apis-read-others](../includes/rbac-for-apis/rbac-authentication-methods-apis-read-others.md)]
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
Get details of your own email authentication method.
``` http
-GET /me/authentication/emailMethods/{id}
+GET /me/authentication/emailMethods/{emailMethods-id}
```
Get details of your own or another user's email authentication method.
``` http
-GET /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/v1.0/api/emailauthenticationmethod-update.md b/api-reference/v1.0/api/emailauthenticationmethod-update.md
index a22cbd51f96..88e84c58d28 100644
--- a/api-reference/v1.0/api/emailauthenticationmethod-update.md
+++ b/api-reference/v1.0/api/emailauthenticationmethod-update.md
@@ -26,11 +26,12 @@ Choose the permission or permissions marked as least privileged for this API. Us
Users cannot update their own email authentication method.
## HTTP request
+The ID of the email authentication method, referenced by `{emailMethods-id}`, is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.
Update the email authentication method for another user's account.
``` http
-PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{id}
+PATCH /users/{id | userPrincipalName}/authentication/emailMethods/{emailMethods-id}
```
## Request headers
diff --git a/api-reference/v1.0/api/passwordauthenticationmethod-get.md b/api-reference/v1.0/api/passwordauthenticationmethod-get.md
index bff1d5e39b2..d894de537f2 100644
--- a/api-reference/v1.0/api/passwordauthenticationmethod-get.md
+++ b/api-reference/v1.0/api/passwordauthenticationmethod-get.md
@@ -42,17 +42,18 @@ One of the following permissions is required to call this API. To learn more, in
Admins with *User Administrator*, *Helpdesk Administrator*, or *Password Administrator* roles can also retrieve password authentication methods for non-admin users and a limited set of admin roles as defined in [Who can reset passwords](/azure/active-directory/roles/privileged-roles-permissions#who-can-reset-passwords).
## HTTP request
+The ID of the password authentication method, referenced by `{passwordMethods-id}`, is always `28c10230-6103-485e-b985-444c60001490`.
Get details of your own password authentication method.
```http
-GET /me/authentication/passwordMethods/{id}
+GET /me/authentication/passwordMethods/{passwordMethods-id}
```
Get details of your own or another user's password authentication method.
``` http
-GET /users/{id | userPrincipalName}/authentication/passwordMethods/{id}
+GET /users/{id | userPrincipalName}/authentication/passwordMethods/{passwordMethods-id}
```
## Optional query parameters
diff --git a/api-reference/v1.0/resources/device.md b/api-reference/v1.0/resources/device.md
index 400e29fc989..abd589a240f 100644
--- a/api-reference/v1.0/resources/device.md
+++ b/api-reference/v1.0/resources/device.md
@@ -61,7 +61,7 @@ This resource is an open type that allows other properties to be passed in. You
|isCompliant|Boolean|`true` if the device complies with Mobile Device Management (MDM) policies; otherwise, `false`. Read-only. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`).|
|isManaged|Boolean|`true` if the device is managed by a Mobile Device Management (MDM) app; otherwise, `false`. This can only be updated by Intune for any device OS type or by an [approved MDM app](/windows/client-management/mdm/azure-active-directory-integration-with-mdm) for Windows OS devices. Supports `$filter` (`eq`, `ne`, `not`). |
|manufacturer|String| Manufacturer of the device. Read-only. |
-|isRooted|Boolean|`true` if the device is rooted; `false` if the device is jail-broken. This property can only be updated by Intune.|
+|isRooted|Boolean|`true` if the device is rooted or jail-broken. This property can only be updated by Intune.|
|managementType|String|The management channel of the device. This property is set by Intune. Possible values are: `eas`, `mdm`, `easMdm`, `intuneClient`, `easIntuneClient`, `configurationManagerClient`, `configurationManagerClientMdm`, `configurationManagerClientMdmEas`, `unknown`, `jamf`, `googleCloudDevicePolicyController`.|
|mdmAppId|String|Application identifier used to register device into MDM. Read-only. Supports `$filter` (`eq`, `ne`, `not`, `startsWith`).|
|model|String| Model of the device. Read-only. |
diff --git a/api-reference/v1.0/resources/emailauthenticationmethod.md b/api-reference/v1.0/resources/emailauthenticationmethod.md
index f70108ad9bc..ac903d6f311 100644
--- a/api-reference/v1.0/resources/emailauthenticationmethod.md
+++ b/api-reference/v1.0/resources/emailauthenticationmethod.md
@@ -30,13 +30,13 @@ This is a derived type that inherits from the [authenticationMethod](authenticat
|Property|Type|Description|
|:---|:---|:---|
|emailAddress|String|The email address registered to this user.|
-|id|String|The identifier of the email address registered to this user.|
+|id|String|The identifier of the email address registered to this user. The ID is always `3ddfcfc8-9383-446f-83cc-3ab9be4be18f`.|
## Relationships
None.
## JSON representation
-The following is a JSON representation of the resource.
+The following JSON representation shows the resource type.