Merge branch 'main' into annie-VE-concept-doc

FaithOmbongi · web-flow · commit dc4bc25cad12 · 2024-11-27T13:35:13.000+03:00
diff --git a/api-reference/beta/api/accesspackageassignmentresourcerole-get.md b/api-reference/beta/api/accesspackageassignmentresourcerole-get.md
@@ -5,6 +5,7 @@ ms.localizationpriority: medium
 author: "markwahl-msft"
 ms.subservice: "entra-id-governance"
 doc_type: "apiPageType"
+ms.date: 04/05/2024
 ---
 
 # Get accessPackageAssignmentResourceRole
@@ -24,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "accesspackageassignmentresourcerole_get" } -->
 [!INCLUDE [permissions-table](../includes/permissions/accesspackageassignmentresourcerole-get-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/dailyuserinsightmetricsroot-list-summary.md b/api-reference/beta/api/dailyuserinsightmetricsroot-list-summary.md
@@ -30,7 +30,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 }
 -->
 ``` http
-daily GET /userInsightsRoot/daily/summary
+GET /userInsightsRoot/daily/summary
 ```
 
 ## Optional query parameters
diff --git a/api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentresourceroles.md b/api-reference/beta/api/entitlementmanagement-list-accesspackageassignmentresourceroles.md
@@ -25,6 +25,8 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "entitlementmanagement_list_accesspackageassignmentresourceroles" } -->
 [!INCLUDE [permissions-table](../includes/permissions/entitlementmanagement-list-accesspackageassignmentresourceroles-permissions.md)]
 
+[!INCLUDE [rbac-entitlement-catalog-reader](../includes/rbac-for-apis/rbac-entitlement-management-catalog-reader-apis-read.md)]
+
 ## HTTP request
 
 <!-- { "blockType": "ignored" } -->
diff --git a/api-reference/beta/api/sitepage-createfromtemplate.md b/api-reference/beta/api/sitepage-createfromtemplate.md
@@ -28,7 +28,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "ignored" } -->
 
 ```http
-POST /sites/{site-id}/pages/microsoft.graph.sitePage/createFromTemplate
+POST /sites/{site-id}/pages/createFromTemplate
 ```
 ## Request headers
 
@@ -55,7 +55,7 @@ The following example shows how to create a new page from the page template.
 <!-- { "blockType": "request", "name": "createFromTemplate", "scopes": "sites.readwrite.all" } -->
 
 ```http
-POST /sites/dd00d52e-0db7-4d5f-8269-90060ac688d1/pages/microsoft.graph.sitePage/createFromTemplate
+POST /sites/dd00d52e-0db7-4d5f-8269-90060ac688d1/pages/createFromTemplate
 Content-Type: application/json
 
 {
diff --git a/api-reference/beta/resources/appmanagementpolicyactorexemptions.md b/api-reference/beta/resources/appmanagementpolicyactorexemptions.md
@@ -0,0 +1,38 @@
+---
+title: "appManagementPolicyActorExemptions resource type"
+description: "Represents a collection of exemptions from the enforcement of identifierUri restrictions on an app management policy."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# appManagementPolicyActorExemptions resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a collection of exemptions from the enforcement of [identifierUri restrictions](../resources/identifierurirestriction.md) on an app management policy.
+
+## Properties
+None.
+
+## Relationships
+|Relationship|Type|Description|
+|:---|:---|:---|
+|customSecurityAttributes|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection| The collection of [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) to exempt from the policy enforcement. Limit of 5. |
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.appManagementPolicyActorExemptions"
+}
+```
diff --git a/api-reference/beta/resources/cloudpconpremisesconnectionhealthcheck.md b/api-reference/beta/resources/cloudpconpremisesconnectionhealthcheck.md
@@ -5,6 +5,7 @@ author: "AshleyYangSZ"
 ms.localizationpriority: medium
 ms.subservice: "cloud-pc"
 doc_type: resourcePageType
+ms.date: 11/26/2024
 ---
 
 # cloudPcOnPremisesConnectionHealthCheck resource type
@@ -62,6 +63,7 @@ Represents the result of a Cloud PC Azure network connection health check.
 |endpointConnectivityCheckIntuneUrlNotAllowListed|During provisioning, one or more required Intune URLs couldn't be contacted. Make sure that all of the required URLs are allowed through the firewalls and proxies.|
 |endpointConnectivityCheckAzureADUrlNotAllowListed|During provisioning, one or more required Microsoft Entra URLs couldn't be contacted. Make sure that all of the required URLs are allowed through the firewalls and proxies.|
 |endpointConnectivityCheckLocaleUrlNotAllowListed|During provisioning, one or more language pack URLs couldn't be contacted. If you choose a non-English (United States) **Language & Region** setting in a provisioning policy, the language pack might not be successfully installed. Make sure that all of the required URLs are allowed through your firewalls and proxies. For a list or required URLs, see [Azure network connections health checks](https://go.microsoft.com/fwlink/?linkid=2156206).|
+|endpointConnectivityCheckVMAgentEndPointCommunicationError|The VM extension provisioning failed because the VM-agent-related endpoints were unreachable. Review the onboarding policy settings to ensure the endpoints are reachable for joining the domain.|
 |endpointConnectivityCheckUnknownError|During provisioning, one or more required URLs couldn't be contacted. Make sure that all of the required URLs are allowed through the firewalls and proxies.|
 |azureAdDeviceSyncCheckDeviceNotFound|The Cloud PC object can't be found in Microsoft Entra ID. Make sure that Microsoft Entra Connect works and syncs frequently so that the Cloud PC objects are synced to Microsoft Entra ID. Microsoft Entra device sync must be enabled and synced within the last 60 minutes.|
 |azureAdDeviceSyncCheckLongSyncCircle|The check whether the Cloud PC object has been synced to Microsoft Entra ID has timed out. Make sure that Microsoft Entra Connect works and syncs frequently so that the Cloud PC objects are synced to Microsoft Entra ID. Microsoft Entra device sync must be enabled and synced within the last 60 minutes.|
diff --git a/api-reference/beta/resources/customsecurityattributeexemption.md b/api-reference/beta/resources/customsecurityattributeexemption.md
@@ -0,0 +1,62 @@
+---
+title: "customSecurityAttributeExemption resource type"
+description: "Configuration object to configure a custom security attribute exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+This resource is an abstract type from which the [customSecurityAttributeStringValueExemption](../resources/customSecurityAttributeStringValueExemption.md) derives.
+
+
+Inherits from [entity](../resources/entity.md).
+
+
+## Methods
+None.
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/appmanagementpolicyactorexemptions-list-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) collection|Get a list of the [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) objects and their properties.|
+|[Create](../api/appmanagementpolicyactorexemptions-post-customsecurityattributes.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Create a new [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Get](../api/customsecurityattributeexemption-get.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Read the properties and relationships of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Update](../api/customsecurityattributeexemption-update.md)|[customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md)|Update the properties of a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+|[Delete](../api/appmanagementpolicyactorexemptions-delete-customsecurityattributes.md)|None|Delete a [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | String                                         | Unique identifier with combination of the custom security attribute set name and attribute name. For example, `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeExemption",
+  "baseType": "microsoft.graph.entity",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeExemption",
+  "id": "String (identifier)",
+  "operator": "String"
+}
+```
diff --git a/api-reference/beta/resources/customsecurityattributestringvalueexemption.md b/api-reference/beta/resources/customsecurityattributestringvalueexemption.md
@@ -0,0 +1,61 @@
+---
+title: "customSecurityAttributeStringValueExemption resource type"
+description: "Configuration object to configure a custom security attribute string value exemption for a restriction on application management policies."
+author: "yogesh-randhawa"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: resourcePageType
+ms.date: 11/17/2024
+---
+
+# customSecurityAttributeStringValueExemption resource type
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Configuration object to configure a custom security attribute exemption for a restriction on application management policies.
+
+Inherits from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).
+
+## Methods
+None.
+
+<!-- The direct access methods are not functional in the underlying Service. Excluding them until they are operational.
+
+|Method|Return type|Description|
+|:---|:---|:---|
+|[List](../api/customsecurityattributestringvalueexemption-list.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) collection|Get a list of the [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) objects and their properties.|
+|[Get](../api/customsecurityattributestringvalueexemption-get.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Read the properties and relationships of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Update](../api/customsecurityattributestringvalueexemption-update.md)|[customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md)|Update the properties of a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+|[Delete](../api/customsecurityattributestringvalueexemption-delete.md)|None|Delete a [customSecurityAttributeStringValueExemption](../resources/customsecurityattributestringvalueexemption.md) object.|
+-->
+
+## Properties
+| Property                  | Type                                           | Description                 |
+| :-------------------------| :--------------------------------------------- | :-------------------------- |
+| id                        | string                                         | Unique identifier with combination of the custom security attribute set name and attribute name. , `AttributeSetName_AttributeName`. Inherited from [entity](../resources/entity.md). |
+| operator                  | customSecurityAttributeComparisonOperator      | Inherited from [customSecurityAttributeExemption](../resources/customsecurityattributeexemption.md).The possible values are: `equals`, `unknownFutureValue`. If `equals`, the customSecurityAttributeExemption value is compared to match the custom security attribute value for the exemption to be applied. The comparison is case sensitive. |
+| value                     | string                                         | Value representing custom security attribute value to compare against while evaluating the exemption. |
+
+## Relationships
+None.
+
+## JSON representation
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "keyProperty": "id",
+  "@odata.type": "microsoft.graph.customSecurityAttributeStringValueExemption",
+  "baseType": "microsoft.graph.customSecurityAttributeExemption",
+  "openType": false
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.customSecurityAttributeStringValueExemption",
+  "id": "String (identifier)",
+  "operator": "String",
+  "value": "String"
+}
+```
diff --git a/api-reference/beta/resources/enums.md b/api-reference/beta/resources/enums.md
@@ -756,6 +756,13 @@ Namespace: microsoft.graph
 | trustedCertificateAuthority |
 | unknownFutureValue |
 
+### customSecurityAttributeComparisonOperator values 
+
+| Member |
+| ---- |
+| equals |
+| unknownFutureValue |
+
 ### synchronizationSecret values
 
 | Member |
diff --git a/api-reference/beta/resources/identifierurirestriction.md b/api-reference/beta/resources/identifierurirestriction.md
@@ -5,7 +5,7 @@ author: "yogesh-randhawa"
 ms.localizationpriority: medium
 ms.subservice: "entra-sign-in"
 doc_type: resourcePageType
-ms.date: 09/13/2024
+ms.date: 11/17/2024
 ---
 
 # identifierUriRestriction resource type
@@ -19,7 +19,8 @@ Configuration object to configure a restriction for identifier URIs on applicati
 ## Properties
 | Property                                    | Type                            | Description                 |
 | :------------------------------------------ | :------------------------------ | :-------------------------- |
-| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Entra ID; else, the restriction isn't enforced for those applications.|
+| excludeActors                | [appManagementPolicyActorExemptions](appmanagementpolicyactorexemptions.md)                         | Collection of custom security attribute exemptions. If an actor user or service principal has the custom security attribute, they're exempted from the restriction. |
+| excludeAppsReceivingV2Tokens                | Boolean                         | If `true`, the restriction isn't enforced for applications that are configured to receive V2 tokens in Microsoft Entra ID; else, the restriction isn't enforced for those applications.|
 | excludeSaml                                 | Boolean                         | If `true`, the restriction isn't enforced for SAML applications in Microsoft Entra ID; else, the restriction is enforced for those applications.|
 | restrictForAppsCreatedAfterDateTime         | String                  | Specifies the date from which the policy restriction applies to newly created applications. For existing applications, the enforcement date can be retroactively applied.|
 | state                                       | appManagementRestrictionState   |  String value that indicates if the restriction is evaluated. The possible values are: `enabled`, `disabled`, and `unknownFutureValue`. If `enabled`, the restriction is evaluated. If `disabled`, the restriction isn't evaluated or enforced.|
@@ -40,7 +41,10 @@ The following JSON representation shows the resource type.
   "state": "String",
   "restrictForAppsCreatedAfterDateTime": "String (timestamp)",
   "excludeAppsReceivingV2Tokens": "Boolean",
-  "excludeSaml": "Boolean"
+  "excludeSaml": "Boolean",
+  "excludeActors": {
+      "@odata.type": "microsoft.graph.appManagementPolicyActorExemptions"
+    }
 }
 ```
 
diff --git a/api-reference/beta/resources/user.md b/api-reference/beta/resources/user.md
@@ -224,7 +224,7 @@ This resource supports:
 | isResourceAccount | Boolean | Do not use – reserved for future use. |
 | jobTitle | String | The user's job title. Maximum length is 128 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not` , `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
 | lastPasswordChangeDateTime | DateTimeOffset | When this Microsoft Entra user last changed their password or when their password was created, whichever date the latest action was performed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is `2014-01-01T00:00:00Z`. Read-only. <br><br>Returned only on `$select`.  |
-| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult`, and `Adult`. For more information, see [legal age group property definitions](#legal-age-group-property-definitions). <br><br>Returned only on `$select`. |
+| legalAgeGroupClassification | [legalAgeGroupClassification](#legalagegroupclassification-values) | Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based on **ageGroup** and **consentProvidedForMinor** properties. Allowed values: `null`, `Undefined`, `MinorWithOutParentalConsent`, `MinorWithParentalConsent`, `MinorNoParentalConsentRequired`, `NotAdult`, and `Adult`. For more information, see [legal age group property definitions](#legal-age-group-property-definitions). <br><br>Returned only on `$select`. |
 | licenseAssignmentStates | [licenseAssignmentState](licenseassignmentstate.md) collection | State of license assignments for this user. It also indicates licenses that are directly assigned and the ones the user inherited through group memberships. Read-only. <br><br>Returned only on `$select`. |
 | mail | String | The SMTP address for the user, for example, `admin@contoso.com`. Changes to this property also update the user's **proxyAddresses** collection to include the value as an SMTP address. This property can't contain accent characters. <br/> **NOTE:** We don't recommend updating this property for Azure AD B2C user profiles. Use the **otherMails** property instead. <br><br> Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, and `eq` on `null` values). |
 | mailboxSettings | [mailboxSettings](mailboxsettings.md) | Settings for the primary mailbox of the signed-in user. You can [get](../api/user-get-mailboxsettings.md) or [update](../api/user-update-mailboxsettings.md) settings for sending automatic replies to incoming messages, locale, and time zone. For more information, see [User preferences for languages and regional formats](#user-preferences-for-languages-and-regional-formats). <br><br>Returned only on `$select`. |
@@ -306,6 +306,7 @@ For example, Cameron is an administrator of a directory for an elementary school
 | Member    | Description|
 |:---------------|:----------|
 |null|Default value, no **ageGroup** has been set for the user.|
+|Undefined|No **ageGroup** is set for the user but **consentProvidedForMinor** is either `Granted`, `Denied`, or `NotRequired`.|
 |MinorWithoutParentalConsent |(Reserved for future use)|
 |MinorWithParentalConsent| The user is considered a minor based on the age-related regulations of their country or region, and the administrator of the account has obtained appropriate consent from a parent or guardian.|
 |Adult|The user is considered an adult based on the age-related regulations of their country or region.|
diff --git a/api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md b/api-reference/v1.0/api/entitlementmanagement-post-assignmentrequests.md
diff --git a/api-reference/v1.0/resources/user.md b/api-reference/v1.0/resources/user.md
diff --git a/changelog/Microsoft.CloudManagedDesktop.json b/changelog/Microsoft.CloudManagedDesktop.json
diff --git a/changelog/Microsoft.DirectoryServices.json b/changelog/Microsoft.DirectoryServices.json
diff --git a/changelog/Microsoft.Teams.GraphSvc.json b/changelog/Microsoft.Teams.GraphSvc.json

Original file line number	Diff line number	Diff line change
`@@ -30,7 +30,7 @@ Choose the permission or permissions marked as least privileged for this API. Us`
`30`	`30`	`}`
`31`	`31`	`-->`
`32`	`32`	``` http
`33`		`-daily GET /userInsightsRoot/daily/summary`
	`33`	`+GET /userInsightsRoot/daily/summary`
`34`	`34`	```
`35`	`35`
`36`	`36`	`## Optional query parameters`