microsoftgraph
diff --git a/‎api-reference/beta/api/attacksimulationroot-post-simulation.md
Lines changed: 3 additions & 37 deletions b/‎api-reference/beta/api/attacksimulationroot-post-simulation.md
Lines changed: 3 additions & 37 deletions
diff --git a/‎api-reference/beta/api/intune-shared-deviceappmanagement-get.md
Lines changed: 1 addition & 1 deletion b/‎api-reference/beta/api/intune-shared-deviceappmanagement-get.md
Lines changed: 1 addition & 1 deletion
diff --git a/‎api-reference/beta/api/payload-get.md
Lines changed: 3 additions & 2 deletions b/‎api-reference/beta/api/payload-get.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎api-reference/beta/api/payloaddetail-get.md
Lines changed: 3 additions & 2 deletions b/‎api-reference/beta/api/payloaddetail-get.md
Lines changed: 3 additions & 2 deletions
diff --git a/‎api-reference/beta/api/security-ediscoverysearch-purgedata.md
Lines changed: 2 additions & 2 deletions b/‎api-reference/beta/api/security-ediscoverysearch-purgedata.md
Lines changed: 2 additions & 2 deletions
diff --git a/‎api-reference/beta/api/serviceactivity-getactiveusermetricsfordesktopmailbyreademail.md
Lines changed: 98 additions & 0 deletions b/‎api-reference/beta/api/serviceactivity-getactiveusermetricsfordesktopmailbyreademail.md
Lines changed: 98 additions & 0 deletions
diff --git a/‎api-reference/beta/api/serviceactivity-getactiveusermetricsforemailbymodernauthentication.md
Lines changed: 98 additions & 0 deletions b/‎api-reference/beta/api/serviceactivity-getactiveusermetricsforemailbymodernauthentication.md
Lines changed: 98 additions & 0 deletions
@@ -5,6 +5,7 @@ author: "stuartcl"
 ms.localizationpriority: medium
 ms.subservice: "security"
 doc_type: apiPageType
+ms.date: 12/01/2024
 ---
 
 # Create simulation
@@ -49,7 +50,7 @@ The following table lists the properties that are required when you create the s
 
 | Property | Type        | Description |
 |:-------------|:------------|:------------|
-|attackTechnique|[simulationAttackTechnique](../resources/simulation.md#simulationattacktechnique-values)|The social engineering technique used in the attack simulation and training campaign. Supports `$filter` and `$orderby`. Possible values are: `unknown`, `credentialHarvesting`, `attachmentMalware`, `driveByUrl`, `linkInAttachment`, `linkToMalwareFile`, `unknownFutureValue`, `oAuthConsentGrant`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `oAuthConsentGrant`. For more information about the types of social engineering attack techniques, see [simulations](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide&preserve-view=true#simulations).|
+|attackTechnique|[simulationAttackTechnique](../resources/simulation.md#simulationattacktechnique-values)|The social engineering technique used in the attack simulation and training campaign. Supports `$filter` and `$orderby`. Possible values are: `unknown`, `credentialHarvesting`, `attachmentMalware`, `driveByUrl`, `linkInAttachment`, `linkToMalwareFile`, `unknownFutureValue`, `oAuthConsentGrant`, `phishTraining`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `oAuthConsentGrant`, `phishTraining`. For more information about the types of social engineering attack techniques, see [simulations](/microsoft-365/security/office-365-security/attack-simulation-training-get-started?view=o365-worldwide&preserve-view=true#simulations).|
 |attackType|[simulationAttackType](../resources/simulation.md#simulationattacktype-values)|Attack type of the attack simulation and training campaign. Supports `$filter` and `$orderby`. Possible values are: `unknown`, `social`, `cloud`, `endpoint`, `unknownFutureValue`.|
 |createdBy|[emailIdentity](../resources/emailidentity.md)|Identity of the user who created the attack simulation and training campaign.|
 |displayName|String|Display name of the attack simulation and training campaign. Supports `$filter` and `$orderby`.|
@@ -76,7 +77,6 @@ If successful, this method returns a `202 Accepted` response code and a tracking
 
 The following example shows a request.
 
-# [HTTP](#tab/http)
 <!-- {
   "blockType": "request",
   "name": "create_simulations"
@@ -113,7 +113,7 @@ Content-type: application/json
     "settingType": "noTraining",
     "positiveReinforcement": {
       "deliveryPreference": "deliverAfterCampaignEnd",
-      "endUserNotification": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
+      "endUserNotification@odata.bind": "https://graph.microsoft.com/beta/security/attacksimulation/endUserNotifications/1ewer3678-9abc-def0-123456789a",
       "defaultLanguage": "en"
     },
     "simulationNotification": {
@@ -125,40 +125,6 @@ Content-type: application/json
 }
 ```
 
-# [C#](#tab/csharp)
-[!INCLUDE [sample-code](../includes/snippets/csharp/create-simulations-csharp-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [CLI](#tab/cli)
-[!INCLUDE [sample-code](../includes/snippets/cli/create-simulations-cli-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Go](#tab/go)
-[!INCLUDE [sample-code](../includes/snippets/go/create-simulations-go-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Java](#tab/java)
-[!INCLUDE [sample-code](../includes/snippets/java/create-simulations-java-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [JavaScript](#tab/javascript)
-[!INCLUDE [sample-code](../includes/snippets/javascript/create-simulations-javascript-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PHP](#tab/php)
-[!INCLUDE [sample-code](../includes/snippets/php/create-simulations-php-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PowerShell](#tab/powershell)
-[!INCLUDE [sample-code](../includes/snippets/powershell/create-simulations-powershell-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Python](#tab/python)
-[!INCLUDE [sample-code](../includes/snippets/python/create-simulations-python-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
----
-
 ### Response
 
 The following example shows the response.
 
@@ -18,7 +18,7 @@ Namespace: microsoft.graph
 
 Read properties and relationships of the [deviceAppManagement](../resources/intune-shared-deviceappmanagement.md) object.
 
-        ## Permissions
+## Permissions
 
 One of the following permissions is required to call this API. To learn more, including how to choose permissions, see [Permissions](/graph/permissions-reference).  Note that the appropriate permission varies according to the workflow.
 
 
@@ -5,6 +5,7 @@ author: "stuartcl"
 ms.localizationpriority: medium
 ms.subservice: "security"
 doc_type: apiPageType
+ms.date: 12/01/2024
 ---
 
 # Get payload
@@ -37,7 +38,7 @@ GET /security/attackSimulation/simulations/{simulationId}/payload
 
 ## Optional query parameters
 
-This method does not currently support the [OData query parameters](/graph/query-parameters) to customize the response.
+This method doesn't currently support the [OData query parameters](/graph/query-parameters) to customize the response.
 
 ## Request headers
 
@@ -66,7 +67,7 @@ The following example shows a request.
 }
 -->
 ``` http
-GET https://graph.microsoft.com/beta/security/attackSimulation/payload/f1b13829-3829-f1b1-2938-b1f12938b1a
+GET https://graph.microsoft.com/beta/security/attackSimulation/payloads/f1b13829-3829-f1b1-2938-b1f12938b1a
 ```
 
 ### Response
 
@@ -5,6 +5,7 @@ author: "stuartcl"
 ms.localizationpriority: medium
 ms.subservice: "security"
 doc_type: apiPageType
+ms.date: 12/01/2024
 ---
 
 # Get payloadDetail
@@ -34,7 +35,7 @@ GET /security/attackSimulation/payloads/{payloadId}/detail
 
 ## Optional query parameters
 
-This method does not currently support the [OData query parameters](/graph/query-parameters) to customize the response.
+This method doesn't currently support the [OData query parameters](/graph/query-parameters) to customize the response.
 
 ## Request headers
 
@@ -63,7 +64,7 @@ The following example shows a request.
 }
 -->
 ``` http
-GET https://graph.microsoft.com/beta/security/attackSimulation/payload/f1b13829-3829-f1b1-2938-b1f12938b1a/detail
+GET https://graph.microsoft.com/beta/security/attackSimulation/payloads/f1b13829-3829-f1b1-2938-b1f12938b1a/detail
 ```
 
 ### Response
 
@@ -15,15 +15,15 @@ Namespace: microsoft.graph.security
 
 Delete Exchange mailbox items or Microsoft Teams messages contained in an [eDiscovery search](../resources/security-ediscoverysearch.md).
 
->**Note:** This request purges a maximum of 100 items per location only.
-
 You can collect and purge the following categories of Teams content:
 - **Teams 1:1 chats** - Chat messages, posts, and attachments shared in a Teams conversation between two people. Teams 1:1 chats are also called *conversations*.
 - **Teams group chats** - Chat messages, posts, and attachments shared in a Teams conversation between three or more people. Also called *1:N* chats or *group conversations*.
 - **Teams channels** - Chat messages, posts, replies, and attachments shared in a standard Teams channel.
 - **Private channels** - Message posts, replies, and attachments shared in a private Teams channel.
 - **Shared channels** - Message posts, replies, and attachments shared in a shared Teams channel.
 
+>**Note:** This request purges a maximum of 100 items per location only. When **purgeType** is set to either `recoverable` or `permanentlyDelete` and **purgeAreas** is set to `teamsMessages`, the Teams messages are permanently deleted.
+
 For more information about purging Teams messages, see:
 - [eDiscovery solution series: Data spillage scenario - Search and purge](/microsoft-365/compliance/data-spillage-scenariosearch-and-purge)
 - [eDiscovery (Premium) workflow for content in Microsoft Teams](/microsoft-365/compliance/teams-workflow-in-advanced-ediscovery) 
 
@@ -0,0 +1,98 @@
+---
+title: "serviceActivity: getActiveUserMetricsForDesktopMailByReadEmail"
+description: "Get all the active usage based on the number of users who successfully read emails using desktop mail apps."
+author: "mkuninty"
+ms.localizationpriority: medium
+ms.subservice: "m365-monitoring-service"
+doc_type: apiPageType
+ms.date: 12/02/2024
+---
+
+# serviceActivity: getActiveUserMetricsForDesktopMailByReadEmail
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Get all the active usage based on the number of users who successfully read emails using desktop mail apps.
+
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|ServiceActivity-Exchange.Read.All|Not available.|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|ServiceActivity-Exchange.Read.All|Not available.|
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /reports/serviceActivity/getActiveUserMetricsForDesktopMailByReadEmail
+```
+
+## Function parameters
+In the request URL, provide the following query parameters with values.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|aggregationIntervalInMinutes|Int32|Aggregation interval in minutes. The default value is `15`, which sets the data to be aggregated into 15-minute sets. Allowed values are `5`, `10`, `15`, and `30`. Optional.|
+|exclusiveIntervalEndDateTime|DateTimeOffset|The ending date and time in UTC. Required.|
+|inclusiveIntervalStartDateTime|DateTimeOffset|The starting date and time in UTC. The earliest start time allowed is 30 days in the past. Required.|
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [serviceActivityValueMetric](../resources/serviceactivityvaluemetric.md) collection in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "serviceactivitythis.getactiveusermetricsfordesktopmailbyreademail"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/reports/serviceActivity/getActiveUserMetricsForDesktopMailByReadEmail(inclusiveIntervalStartDateTime=2024-10-02T10:30:00Z,exclusiveIntervalEndDateTime=2024-10-02T10:59:59Z,aggregationIntervalInMinutes=10)
+```
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "Collection(microsoft.graph.serviceActivityValueMetric)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.serviceActivityValueMetric)",
+    "value": [
+        {
+            "intervalStartDateTime": "2024-10-02T10:30:00Z",
+            "value": 6880
+        },
+        {
+            "intervalStartDateTime": "2024-10-02T10:40:00Z",
+            "value": 6480
+        }
+    ]
+}
+```
@@ -0,0 +1,98 @@
+---
+title: "serviceActivity: getActiveUserMetricsForEmailByModernAuthentication"
+description: "Get all the active usage based on the number of users who signed in with modern authentication across all email apps."
+author: "mkuninty"
+ms.localizationpriority: medium
+ms.subservice: "m365-monitoring-service"
+doc_type: apiPageType
+ms.date: 12/02/2024
+---
+
+# serviceActivity: getActiveUserMetricsForEmailByModernAuthentication
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Get all the active usage based on the number of users who signed in with modern authentication across all email apps.
+
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|ServiceActivity-Exchange.Read.All|Not available.|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|ServiceActivity-Exchange.Read.All|Not available.|
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /reports/serviceActivity/getActiveUserMetricsForEmailByModernAuthentication
+```
+
+## Function parameters
+In the request URL, provide the following query parameters with values.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|aggregationIntervalInMinutes|Int32|Aggregation interval in minutes. The default value is `15`, which sets the data to be aggregated into 15-minute sets. Allowed values are `5`, `10`, `15`, and `30`. Optional.|
+|exclusiveIntervalEndDateTime|DateTimeOffset|The ending date and time in UTC. Required.|
+|inclusiveIntervalStartDateTime|DateTimeOffset|The starting date and time in UTC. The earliest start time allowed is 30 days in the past. Required.|
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this function returns a `200 OK` response code and a [serviceActivityValueMetric](../resources/serviceactivityvaluemetric.md) collection in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "serviceactivitythis.getactiveusermetricsforemailbymodernauthentication"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/reports/serviceActivity/getActiveUserMetricsForEmailByModernAuthentication(inclusiveIntervalStartDateTime=2024-10-02T10:30:00Z,exclusiveIntervalEndDateTime=2024-10-02T10:59:59Z,aggregationIntervalInMinutes=10)
+```
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "Collection(microsoft.graph.serviceActivityValueMetric)"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+    "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.serviceActivityValueMetric)",
+    "value": [
+        {
+            "intervalStartDateTime": "2024-10-02T10:30:00Z",
+            "value": 200715
+        },
+        {
+            "intervalStartDateTime": "2024-10-02T10:40:00Z",
+            "value": 192954
+        }
+    ]
+}
+```