Merge branch 'main' of https://github.com/microsoftgraph/microsoft-graph-docs into sthapliyal/addClientAppIdToAppDef

Author: sweta-thapliyal

.gdn/.gdnbaselines

@@ -0,0 +1,31 @@
+{
+  "hydrated": true,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/baselines",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "baselines": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-08-26 12:06:54Z",
+      "lastUpdatedDate": "2024-08-26 12:06:54Z"
+    }
+  },
+  "results": {
+    "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be": {
+      "signature": "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be",
+      "alternativeSignatures": [
+        "79e125fb7927450b0ebb02d6b3ddb03d7a6a971e21dfdc1c246ba8fd39f0969e"
+      ],
+      "target": "update-permissions-reference.ps1",
+      "line": 170,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "psscriptanalyzer",
+      "ruleId": "PSAvoidUsingConvertToSecureStringWithPlainText",
+      "createdDate": "2024-08-26 12:06:54Z"
+    }
+  }
+}

.gdn/.gdnsuppress

@@ -0,0 +1,31 @@
+{
+  "hydrated": true,
+  "properties": {
+    "helpUri": "https://eng.ms/docs/microsoft-security/security/azure-security/cloudai-security-fundamentals-engineering/security-integration/guardian-wiki/microsoft-guardian/general/suppressions",
+    "hydrationStatus": "This file does not contain identifying data. It is safe to check into your repo. To hydrate this file with identifying data, run `guardian hydrate --help` and follow the guidance."
+  },
+  "version": "1.0.0",
+  "suppressionSets": {
+    "default": {
+      "name": "default",
+      "createdDate": "2024-08-26 12:06:54Z",
+      "lastUpdatedDate": "2024-08-26 12:06:54Z"
+    }
+  },
+  "results": {
+    "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be": {
+      "signature": "b3d46ea406a66acd0fa8b1130ec9be5b501ad4a933d98ce70193c68771b6e7be",
+      "alternativeSignatures": [
+        "79e125fb7927450b0ebb02d6b3ddb03d7a6a971e21dfdc1c246ba8fd39f0969e"
+      ],
+      "target": "update-permissions-reference.ps1",
+      "line": 170,
+      "memberOf": [
+        "default"
+      ],
+      "tool": "psscriptanalyzer",
+      "ruleId": "PSAvoidUsingConvertToSecureStringWithPlainText",
+      "createdDate": "2024-08-26 12:06:54Z"
+    }
+  }
+}

.github/workflows/cloud-support.yml

@@ -37,7 +37,7 @@ jobs:
       run: dotnet build --configuration Release
     - name: Install hidi
       run: dotnet tool install microsoft.openapi.hidi -g
-    - name: Create metadata output director
+    - name: Create metadata output directory
       run: |
         mkdir openapi
         cd openapi
@@ -55,21 +55,22 @@ jobs:
         ./transforms/csdl/transform.ps1 -xslPath preprocess_csdl.xsl -inputPath ../../schemas/beta-Mooncake.csdl -outputPath ../../transformed_beta-Mooncake.csdl -addInnerErrorDescription $true -removeCapabilityAnnotations $false -csdlVersion v1.0
     - name: Transform CSDL with hidi
       working-directory: ./metadata
+      shell: pwsh
       env:
         SETTINGS: ./conversion-settings/openapi.json
       run: |
-        hidi transform --cs transformed_v1.0-Prod.csdl -o ../openapi/v1.0/Prod.yml --co -f Yaml --sp $SETTINGS
-        hidi transform --cs transformed_v1.0-Fairfax.csdl -o ../openapi/v1.0/Fairfax.yml --co -f Yaml --sp $SETTINGS
-        hidi transform --cs transformed_v1.0-Mooncake.csdl -o ../openapi/v1.0/Mooncake.yml --co -f Yaml --sp $SETTINGS
-        hidi transform --cs transformed_beta-Prod.csdl -o ../openapi/beta/Prod.yml --co -f Yaml --sp $SETTINGS
-        hidi transform --cs transformed_beta-Fairfax.csdl -o ../openapi/beta/Fairfax.yml --co -f Yaml --sp $SETTINGS
-        hidi transform --cs transformed_beta-Mooncake.csdl -o ../openapi/beta/Mooncake.yml --co -f Yaml --sp $SETTINGS
+        hidi transform --cs transformed_v1.0-Prod.csdl -o ../openapi/v1.0/Prod.yml --co -f Yaml --sp $Env:SETTINGS
+        hidi transform --cs transformed_v1.0-Fairfax.csdl -o ../openapi/v1.0/Fairfax.yml --co -f Yaml --sp $Env:SETTINGS
+        hidi transform --cs transformed_v1.0-Mooncake.csdl -o ../openapi/v1.0/Mooncake.yml --co -f Yaml --sp $Env:SETTINGS
+        hidi transform --cs transformed_beta-Prod.csdl -o ../openapi/beta/Prod.yml --co -f Yaml --sp $Env:SETTINGS
+        hidi transform --cs transformed_beta-Fairfax.csdl -o ../openapi/beta/Fairfax.yml --co -f Yaml --sp $Env:SETTINGS
+        hidi transform --cs transformed_beta-Mooncake.csdl -o ../openapi/beta/Mooncake.yml --co -f Yaml --sp $Env:SETTINGS
     - name: Run cloud support tool
       env:
         TOOL: ./tool/src/bin/Release/net8.0/CheckCloudSupport
       run: |
-        $TOOL --open-api ./openapi/v1.0 --api-docs ./docs/api-reference/v1.0/api --remove-old-includes
-        $TOOL --open-api ./openapi/beta --api-docs ./docs/api-reference/beta/api --remove-old-includes
+        $TOOL --open-api ./openapi/v1.0 --api-docs ./docs/api-reference/v1.0/api --overrides ./docs/api-reference/cloud.api.overrides.json --excludes ./docs/api-reference/cloud.exclusions.json --remove-old-includes
+        $TOOL --open-api ./openapi/beta --api-docs ./docs/api-reference/beta/api --overrides ./docs/api-reference/cloud.api.overrides.json --excludes ./docs/api-reference/cloud.exclusions.json --remove-old-includes
     - name: Get token
       id: get_token
       uses: microsoftgraph/get-app-token@v1.0.4

.github/workflows/permissions-reference-gen.yml

@@ -0,0 +1,83 @@
+name: Update permissions reference file
+
+on:
+  schedule:
+    - cron: 0 6 * * 1  # Runs every Monday at 6 AM UTC
+  workflow_dispatch:  # Allows manual triggering of the workflow
+    
+permissions:
+  contents: write
+  pull-requests: write
+  
+jobs:
+  update-permissions-reference:
+    name: Update permissions reference
+    runs-on: windows-latest
+    
+    steps:
+    - name: Set up Git to handle long paths
+      run: git config --system core.longpaths true
+
+    - name: Checkout microsoft-graph-docs
+      uses: actions/checkout@v4.1.3
+      with:
+        path: docs
+
+    - name: Run PowerShell script to update permissions
+      shell: pwsh
+      run: | 
+        $ClientId = "${{ secrets.GRAPH_CLIENT_ID }}"
+        $TenantId = "${{ secrets.GRAPH_TENANT_ID }}"
+        $ClientSecret = "${{ secrets.GRAPH_CLIENT_SECRET }}"
+        ./docs/update-permissions-reference.ps1 -ClientId $ClientId -TenantId $TenantId -ClientSecret $ClientSecret
+        
+    - name: Get token
+      id: get_token
+      uses: microsoftgraph/get-app-token@v1.0.4
+      with: 
+        application-id: ${{ secrets.APPLICATION_ID }}
+        application-private-key: ${{ secrets.APPLICATION_PRIVATE_KEY }}
+        
+    - name: Commit updates from service principal
+      working-directory: ./docs
+      shell: pwsh
+      env:
+        GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
+      run: |
+        $status = git status --porcelain
+        if ($status -eq $null) {
+          Write-Host "No changes to commit." -ForegroundColor Green
+        }
+        else {          
+          git config user.email "GraphTooling@service.microsoft.com"
+          git config user.name "Microsoft Graph DevX Tooling"
+          git add .
+          git commit -m "Update permissions reference"
+        } 
+    
+    - name: Run PowerShell script to correct errors in permissions descriptions
+      shell: pwsh
+      run: | 
+        ./docs/correct-permissions-reference-errors.ps1
+    
+    - name: Commit errors correction and open a pull request
+      working-directory: ./docs
+      shell: pwsh
+      env:
+       GH_TOKEN: ${{ steps.get_token.outputs.app-token }}
+      run: |
+        $status = git status --porcelain
+        if ($status -eq $null) {
+          Write-Host "No changes to commit." -ForegroundColor Green
+        } else { 
+          $dateToday = Get-Date -Format 'yyyy-MM-dd'
+          $branchName = "permissions-reference/$dateToday" 
+          $prTitle = "${dateToday}: Automated permissions reference update"
+          
+          git add .
+          git commit -m "Correct errors in permissions reference"
+          git checkout -b $branchName
+          git push --set-upstream origin $branchName
+          
+          gh pr create --base main --title $prTitle --body "Scheduled permissions reference update" --reviewer "FaithOmbongi,msewaweru" --label "ready for content review"
+        }

.vscode/settings.json

@@ -1,5 +1,19 @@
-{
-    "githubPullRequests.ignoredPullRequestBranches": [
-        "main"
-    ]
+{
+    "githubPullRequests.ignoredPullRequestBranches": [
+        "main"
+    ],
+    "json.schemas": [
+        {
+            "fileMatch": [
+                "cloud.api.overrides.json"
+            ],
+            "url": "https://raw.githubusercontent.com/microsoftgraph/msgraph-cloud-support/main/schema/api.overrides.schema.json"
+        },
+        {
+            "fileMatch": [
+                "cloud.exclusions.json"
+            ],
+            "url": "https://raw.githubusercontent.com/microsoftgraph/msgraph-cloud-support/main/schema/cloud.exclusions.schema.json"
+        }
+    ]
 }

api-reference/beta/api/accesspackageassignmentrequest-resume.md

@@ -1,6 +1,6 @@
 ---
 title: "accessPackageAssignmentRequest: resume"
-description: "Resume accessPackageAssignmentRequest objects."
+description: "Resume a user's access package request after waiting for a callback from a custom extension."
 ms.localizationpriority: medium
 author: "vikama-microsoft"
 ms.subservice: "entra-id-governance"
@@ -12,7 +12,9 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It is performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestStatus** is in a `WaitingForCallback` state.
+Resume a user's access package request after waiting for a callback from a custom extension.
+
+In [Microsoft Entra entitlement management](../resources/entitlementmanagement-overview.md), when an access package policy has been enabled to call out a custom extension and the request processing is waiting for the callback from the customer, the customer can initiate a resume action. It's performed on an [accessPackageAssignmentRequest](../resources/accesspackageassignmentrequest.md) object whose **requestStatus** is in a `WaitingForCallback` state.
 
 [!INCLUDE [national-cloud-support](../../includes/global-us.md)]
 
@@ -22,6 +24,9 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_resume" } -->
 [!INCLUDE [permissions-table](../includes/permissions/accesspackageassignmentrequest-resume-permissions.md)]
 
+> [!IMPORTANT]
+> App-only access can be authorized *without* granting the `EntitlementManagement.ReadWrite.All` application permission to the caller. Instead, assign the caller an [Entitlement Management role](/entra/id-governance/entitlement-management-delegate), where `Access package assignment manager` is the least privileged role supported for this operation. For more information on how to assign an Entitlement Management role, see [Create unifiedRoleAssignment](../api/rbacapplication-post-roleassignments.md#example-4-create-a-role-assignment-with-access-package-catalog-scope) or [Delegate access governance to access package managers in entitlement management](/entra/id-governance/entitlement-management-delegate-managers#as-a-catalog-owner-delegate-to-an-access-package-manager).
+
 ## HTTP request
 
 > [!NOTE]

api-reference/beta/api/adminreportsettings-get.md

@@ -26,7 +26,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "adminreportsettings_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/adminreportsettings-get-permissions.md)]
 
-> **Note:** For delegated permissions to allow apps to get report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
+> **Note:** For delegated permissions to allow apps to get report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more information, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
 
 ## HTTP request
 
@@ -36,6 +36,10 @@ Choose the permission or permissions marked as least privileged for this API. Us
 GET /admin/reportSettings
 ```
 
+## Optional query parameters
+
+This method supports the `$select` [OData query parameter](/graph/query-parameters) to help customize the response.
+
 ## Request headers
 
 | Name          | Description               |

api-reference/beta/api/adminreportsettings-update.md

@@ -24,7 +24,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "adminreportsettings_update" } -->
 [!INCLUDE [permissions-table](../includes/permissions/adminreportsettings-update-permissions.md)]
 
-> **Note:** For delegated permissions to allow apps to update report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more details, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
+> **Note:** For delegated permissions to allow apps to update report settings on behalf of a user, the tenant administrator must have assigned the user the appropriate Microsoft Entra ID limited administrator role. For more information, see [Authorization for APIs to read Microsoft 365 usage reports](/graph/reportroot-authorization).
 
 ## HTTP request
 <!-- { "blockType": "ignored" } --> 
@@ -45,7 +45,7 @@ PATCH /admin/reportSettings
 
 | Property       | Type           | Description                                 |
 | -------------- | -------------- | ------------------------------------------- |
-| displayConcealedNames | Boolean | If set to `true`, all reports will conceal user information such as usernames, groups, and sites. If `false`, all reports will show identifiable information. This property represents a setting in the Microsoft 365 admin center. Required. |
+| displayConcealedNames | Boolean | If set to `true`, all reports conceal user information such as usernames, groups, and sites. If `false`, all reports show identifiable information. This property represents a setting in the Microsoft 365 admin center. Required. |
 
 ## Response
 

api-reference/beta/api/alert-updatealerts.md

@@ -36,7 +36,7 @@ POST /security/alerts/updateAlerts
 
 | Name          | Description   |
 |:--------------|:--------------|
-| Authorization | Bearer {code} |
+| Authorization | Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
 
 ## Request body
 

api-reference/beta/api/appcatalogs-list-teamsapps.md

@@ -1,7 +1,7 @@
 ---
 title: "List teamsApp"
 description: "List apps from the Microsoft Teams app catalog."
-author: "nkramer"
+author: "MSFTRickyCastaneda"
 ms.localizationpriority: medium
 ms.subservice: "teams"
 doc_type: apiPageType