You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: api-reference/beta/resources/identity-network-access-overview.md
+11-8Lines changed: 11 additions & 8 deletions
Original file line number
Diff line number
Diff line change
@@ -7,8 +7,8 @@ ms.topic: overview
7
7
ms.subservice: entra-id
8
8
author: FaithOmbongi
9
9
ms.author: ombongifaith
10
-
ms.reviewer: dkershaw10
11
-
ms.date: 05/31/2024
10
+
ms.reviewer: dkershaw10, krbash
11
+
ms.date: 12/31/2024
12
12
---
13
13
14
14
# Manage Microsoft Entra identity and network access by using Microsoft Graph
@@ -46,25 +46,25 @@ A core functionality of identity and access management is managing your tenant c
46
46
| Use cases | API operations |
47
47
|--|--|
48
48
| Manage administrative units including the following operations: <li>Create administrative units <li> Create and manage members and membership rules of administrative units <li> Assign administrator roles that are scoped to administrative units |[administrativeUnit resource type](administrativeunit.md) and its associated APIs |
49
+
| Grant, revoke, and retrieve app roles on a resource application for users, groups, or service principals |[appRoleAssignment resource type](approleassignment.md) and its associated APIs |
49
50
| Retrieve BitLocker recovery keys |[bitlockerRecoveryKey resource type](bitlockerrecoverykey.md) and its associated APIs |
50
-
| Monitor licenses and subscriptions for the tenant | <li> [companySubscription resource type](companysubscription.md) and its associated APIs <li> [subscribedSku resource type](subscribedsku.md) and its associated APIs |
51
51
| Manage custom security attributes | See [Overview of custom security attributes using the Microsoft Graph API](custom-security-attributes-overview.md)|
52
-
| Manage deleted directory objects. The functionality to store deleted objects in a "recycle bin" is supported for the following objects: <li> Administrative units <li> Applications <li> External user profiles <li> Groups <li> Pending external user profiles <li> Service principals <li> Users | <li> [Get](../api/directory-deleteditems-get.md) or [List](../api/directory-deleteditems-list.md) deleted objects <li> [Permanently delete](../api/directory-deleteditems-delete.md) a deleted object <li> [Restore a deleted item](../api/directory-deleteditems-restore.md) <li> [List deleted items owned by user](../api/directory-deleteditems-getuserownedobjects.md)|
52
+
| Manage deleted directory objects. The functionality to store deleted objects in a "recycle bin" is supported for the following objects: <li> Administrative units <li> Applications <li> Public key infrastructure<li> External user profiles <li> Groups <li> Pending external user profiles <li> Service principals <li> Users | <li> [Get](../api/directory-deleteditems-get.md) or [List](../api/directory-deleteditems-list.md) deleted objects <li> [Permanently delete](../api/directory-deleteditems-delete.md) a deleted object <li> [Restore a deleted item](../api/directory-deleteditems-restore.md) <li> [List deleted items owned by user](../api/directory-deleteditems-getuserownedobjects.md)|
53
53
| Manage devices in the cloud |[device resource type](device.md) and its associated APIs |
54
54
| View local administrator credential information for all device objects in Microsoft Entra ID that are enabled with Local Admin Password Solution (LAPS). This feature is the cloud-based LAPS solution |[deviceLocalCredentialInfo resource type](devicelocalcredentialinfo.md) and its associated APIs |
55
55
| Directory objects are the core objects in Microsoft Entra ID, such as users, groups, and applications. You can use the directoryObject resource type and its associated APIs to check memberships of directory objects, track changes for multiple directory objects, or validate that a Microsoft 365 group's display name or mail nickname complies with naming policies |[directoryObject resource type](directoryobject.md) and its associated APIs |
56
-
| Administrator roles, including Microsoft Entra administrator roles, are one of the most sensitive resources in a tenant. You can manage the lifecycle of their assignment in the tenant, including creating custom roles, assigning roles, tracking changes to role assignments, and removing assignees from roles |[directoryRole resource type](directoryrole.md) and [directoryRoleTemplate resource type](directoryroletemplate.md)and their associated APIs <br/><br/> [roleManagement resource type](rolemanagement.md) and its associated APIs <br/><br/> These APIs allow you to make direct role assignments. Alternatively, you can use Privileged Identity Management APIs for [Microsoft Entra roles](privilegedidentitymanagementv3-overview.md) and [groups](privilegedidentitymanagement-for-groups-api-overview.md) to make just-in-time and time-bound role assignments, instead of direct forever active assignments. |
56
+
| Administrator roles, including Microsoft Entra administrator roles, are one of the most sensitive resources in a tenant. You can manage the lifecycle of their assignment in the tenant, including creating custom roles, assigning roles, tracking changes to role assignments, and removing assignees from roles |[directoryRole resource type](directoryrole.md) and [directoryRoleTemplate resource type](directoryroletemplate.md)and their associated APIs <br/><br/> [roleManagement resource type](rolemanagement.md) and its associated APIs (**recommended**)<br/><br/> These APIs allow you to make direct role assignments. Alternatively, you can use Privileged Identity Management APIs for [Microsoft Entra roles](privilegedidentitymanagementv3-overview.md) and [groups](privilegedidentitymanagement-for-groups-api-overview.md) to make just-in-time and time-bound role assignments, instead of direct forever active assignments. |
57
57
| Define the following configurations that can be used to customize the tenant-wide and object-specific restrictions and allowed behavior. <li> Settings for Microsoft 365 groups such as guest user access, classifications, and naming policies <li> Password rule settings such as banned password lists and lockout duration <li> Prohibited names for applications, reserved words, and blocking trademark violations <li> Custom conditional access policy URL <li> Consent policies such as user consent requests, group-specific consent, and consent for risky apps |[directorySetting resource type](directorysetting.md) and [directorySettingTemplate resource type](directorysettingtemplate.md) and their associated APIs <br/><br/> For more information, see [Overview of group settings](/graph/group-directory-settings). |
58
58
| Domain management operations such as: <li> associating a domain with your tenant <li> retrieving DNS records <li> verifying domain ownership <li> associating specific services with specific domains <li> deleting domains |[domain resource type](domain.md) and its associated APIs |
59
59
| Manage the profile objects for external users that you're invited to collaborate via Teams. These APIs aren't similar to the invitation APIs for Microsoft Entra External ID B2B collaboration |[externalUserProfile resource type](externaluserprofile.md) and [pendingExternalUserProfile resource type](externaluserprofile.md) and their associated APIs |
60
60
| Configure and manage staged rollout of specific Microsoft Entra ID features |[featureRolloutPolicy resource type](featurerolloutpolicy.md) and its associated APIs |
61
+
| Monitor licenses and subscriptions for the tenant | <li> [companySubscription resource type](companysubscription.md) and its associated APIs <li> [subscribedSku resource type](subscribedsku.md) and its associated APIs |
61
62
| Manage the policies for Mobile Device Management (MDM) and Mobile Application Management (MAM) autoenrollment for Microsoft Entra joined and registered devices |[mobilityManagementPolicy resource type](mobilitymanagementpolicy.md) and its associated APIs |
62
63
| Configure options that are available in Microsoft Entra Cloud Sync such as preventing accidental deletions and managing group writebacks. |[onPremisesDirectorySynchronization resource type](onpremisesdirectorysynchronization.md) and its associated APIs |
63
64
| Manage the base settings for your Microsoft Entra tenant |[organization resource type](organization.md) and its associated APIs |
64
65
| Manage the tenant-wide settings for your Microsoft Entra tenant, such as whether people and item insights are enabled for the organization |[organizationSettings resource type](organizationsettings.md) and its associated APIs |
65
66
| Retrieve the organizational contacts that might be synchronized from on-premises directories or from Exchange Online |[orgContact resource type](orgcontact.md) and its associated APIs |
66
67
| Discover the basic details of other Microsoft Entra tenants by querying using the tenant ID or the domain name |[tenantInformation resource type](tenantinformation.md) and its associated APIs |
67
-
| Configure trusted certificate authorities for certificates that can be assigned to apps and service principals in the tenant. |[certificateBasedApplicationConfiguration resource type](certificatebasedapplicationconfiguration.md) and its associated APIs |
68
68
| Manage the delegated permissions and their assignments to service principals in the tenant |[oAuth2PermissionGrant resource type](oauth2permissiongrant.md) and its associated APIs |
69
69
70
70
---
@@ -76,7 +76,7 @@ A core functionality of identity and access management is managing your tenant c
76
76
| Configure listeners that monitor events that should trigger or invoke custom logic, typically defined outside Microsoft Entra ID |[authenticationEventListener resource type](authenticationeventlistener.md) and its associated APIs |
77
77
| Manage authentication methods that are supported in Microsoft Entra ID | See [Microsoft Entra authentication methods API overview](authenticationmethods-overview.md) and [Microsoft Entra authentication methods policies API overview](authenticationmethodspolicies-overview.md)|
78
78
| Manage the authentication methods or combinations of authentication methods that you can apply as grant control in Microsoft Entra Conditional Access | See [Microsoft Entra authentication strengths API overview](authenticationstrengths-overview.md)|
79
-
|Manage tenant-wide authorization policies such as: <li> enable SSPR for administrator accounts <li>enable self-service join for guests <li> limit who can invite guests <li> whether users can consent to risky apps <li> block the use of MSOL <li> customize the default user permissions <li> identity private preview features enabled <li>Customize the guest user permissions between *User*, *Guest User*, and *Restricted Guest User*|[authorizationPolicy resource type](authorizationpolicy.md) and its associated APIs|
79
+
| Customize the UI/UX in Azure AD B2C using the Identity Experience Framework (IEF) |[trustFrameworkKeySet resource type](trustframeworkkeyset.md)and [trustFrameworkPolicy resource type](trustframeworkpolicy.md) and their associated APIs|
80
80
|Configure Continuous Access Evaluation (CAE), which allows access tokens to be revoked based on critical events and policy evaluation rather than relying on token expiry based on lifetime|[continuousAccessEvaluationPolicy resource type](continuousaccessevaluationpolicy.md) and its associated APIs|
81
81
| Manage the policies for certificate-based authentication in the tenant |[certificateBasedAuthConfiguration resource type](certificatebasedauthconfiguration.md) and its associated APIs |
82
82
| Manage Microsoft Entra conditional access policies |[conditionalAccessRoot resource type](conditionalaccessroot.md) and its associated APIs |
@@ -90,12 +90,15 @@ A core functionality of identity and access management is managing your tenant c
90
90
| Detect, investigate, and remediate identity-based risks using Microsoft Entra ID Protection and feed the data into security information and event management (SIEM) tools for further investigation and correlation | See [Use the Microsoft Graph identity protection APIs](identityprotection-overview.md)|
91
91
| Manage identity providers for Microsoft Entra ID, Microsoft Entra External ID, and Azure AD B2C tenants. You can perform the following operations: <li> Manage identity providers for external identities, including social identity providers, OIDC, Apple, SAML/WS-Fed, and built-in providers <li> Manage configuration for federated domains and token validation |[identityProviderBase resource type](identityproviderbase.md) and its associated APIs |
92
92
| Invite external users to collaborate with your tenant by using Microsoft Entra External ID |[invitation resource type](invitation.md) and its associated APIs |
93
+
| Stay informed about Microsoft Entra product lifecycle updates, including the product roadmap and change announcements | See <li>[changeItemBase resource type](changeitembase.md) and its associated APIs for product updates <li> [announcement resource type](announcement.md) and its associated APIs for change annoncements <li> [roadmap resource type](roadmap.md) and its associated APIs for product roadmap information |
93
94
| Define a group of tenants belonging to your organization and streamline intra-organization cross-tenant collaboration | See [Multitenant organization API overview](multitenantorganization-overview.md)|
94
95
| Customize sign-in UIs to match your company branding, including applying branding that's based on the browser language |[organizationalBranding resource type](organizationalbranding.md) and its associated APIs |
95
-
|Customize the UI/UX in Azure AD B2C using the Identity Experience Framework (IEF) |[trustFrameworkKeySet resource type](trustframeworkkeyset.md) and [trustFrameworkPolicy resource type](trustframeworkpolicy.md) and their associated APIs |
96
+
|Configure trusted certificate authorities for certificates that can be assigned to apps and service principals in the tenant. |[certificateBasedApplicationConfiguration resource type](certificatebasedapplicationconfiguration.md) and its associated APIs |
96
97
| User flows for Microsoft Entra External ID in workforce tenants | The following resource types and their associated APIs: <li>[b2xIdentityUserFlow](b2xidentityuserflow.md) to configure the base user flow and its properties such as identity providers <li> [identityUserFlowAttribute](identityuserflowattribute.md) to manage built-in and custom user flow attributes <li> [identityUserFlowAttributeAssignment](identityuserflowattributeassignment.md) to manage user flow attribute assignments <li> [userFlowLanguageConfiguration resource type](userflowlanguageconfiguration.md) to configure custom languages for user flows |
97
98
| User flows for Azure AD B2C | The following resource types and their associated APIs: <li>[b2cIdentityUserFlow ](b2cidentityuserflow.md) to configure the base user flow and its properties such as identity providers <li> [identityUserFlowAttribute](identityuserflowattribute.md) to manage built-in and custom user flow attributes <li> [identityUserFlowAttributeAssignment](identityuserflowattributeassignment.md) to manage user flow attribute assignments <li> [userFlowLanguageConfiguration resource type](userflowlanguageconfiguration.md) to configure custom languages for user flows |
98
99
| User flows for Microsoft Entra External ID in external tenants | The following resource types and their associated APIs: <li> [authenticationEventsFlow resource type](authenticationeventsflow.md) and its associated APIs <li> [identityUserFlowAttribute](identityuserflowattribute.md) to manage built-in and custom user flow attributes|
100
+
|**Other policies**||
101
+
|Manage tenant-wide authorization policies such as: <li> enable SSPR for administrator accounts <li>enable self-service join for guests <li> limit who can invite guests <li> whether users can consent to risky apps <li> block the use of MSOL <li> customize the default user permissions <li> identity private preview features enabled <li>Customize the guest user permissions between *User*, *Guest User*, and *Restricted Guest User*|[authorizationPolicy resource type](authorizationpolicy.md) and its associated APIs|
99
102
|Manage app consent policies and condition sets|[permissionGrantPolicy resource type](permissiongrantpolicy.md)|
|Enable or disable security defaults in Microsoft Entra ID|[identitySecurityDefaultsEnforcementPolicy resource type](identitysecuritydefaultsenforcementpolicy.md)|
0 commit comments