Merge branch 'main' into yuyaolian/v1-lobby-admitters

Author: FaithOmbongi

api-reference/beta/api/driveitem-copy.md

@@ -168,6 +168,8 @@ This resource supports:
 |[Upgrade app installed for user](../api/userteamwork-teamsappinstallation-upgrade.md) | None | Upgrades to the latest version of the app installed in the personal scope of a user.|
 |[Get chat between user and app](../api/userscopeteamsappinstallation-get-chat.md)| [Chat](chat.md)| Lists one-on-one chat between the user and the app. |
 |[List permission grants](../api/user-list-permissiongrants.md)| [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection| List all [resource-specific permission grants](../resources/resourcespecificpermissiongrant.md) of a [user](../resources/user.md). |
+| **Terms of use agreements** |||
+| [Agreement acceptances for a user](../api/user-list-agreementacceptances.md) | [agreementAcceptance](agreementacceptance.md) | Retrieve a user's agreementAcceptance objects. |
 | **To-do tasks** |||
 |[List tasks](../api/todotasklist-list-tasks.md)|[todoTask](todotask.md) collection|Get all the [todoTask](todotask.md) resources in the specified list.|
 |[Create task](../api/todotasklist-post-tasks.md)|[todoTask](todotask.md)| Create a [todoTask](todotask.md) in the specified task list.|

api-reference/beta/resources/user.md

@@ -282,6 +282,10 @@ items:
       href: ../../api/userscopeteamsappinstallation-get-chat.md
     - name: List permission grants
       href: ../../api/user-list-permissiongrants.md
+  - name: Terms of use agreements
+    items:
+    - name: Agreement acceptances for a user
+      href: ../../api/user-list-agreementacceptances.md
   - name: To-do tasks
     items:
     - name: List tasks

api-reference/beta/toc/users/toc.yml

@@ -138,6 +138,8 @@ This resource supports:
 | [Upgrade app installed for user](../api/userteamwork-teamsappinstallation-upgrade.md) | None | Upgrades to the latest version of the app installed in the personal scope of a user. |
 | [Get chat between user and app](../api/userscopeteamsappinstallation-get-chat.md) | [Chat](chat.md) | Lists one-on-one chat between the user and the app. |
 |[List permission grants](../api/user-list-permissiongrants.md)| [resourceSpecificPermissionGrant](resourcespecificpermissiongrant.md) collection| List all [resource-specific permission grants](../resources/resourcespecificpermissiongrant.md) of a [user](../resources/user.md). |
+| **Terms of use agreements** |||
+| [Agreement acceptances for a user](../api/user-list-agreementacceptances.md) | [agreementAcceptance](agreementacceptance.md) | Retrieve a user's agreementAcceptance objects. |
 | **To-do tasks** |  |  |
 | [List tasks](../api/todotasklist-list-tasks.md) | [todoTask](todotask.md) collection | Get all the [todoTask](todotask.md) resources in the specified list. |
 | [Create task](../api/todotasklist-post-tasks.md) | [todoTask](todotask.md) | Create a [todoTask](todotask.md) in the specified task list. |

api-reference/v1.0/resources/user.md

@@ -234,6 +234,10 @@ items:
       href: ../../api/userscopeteamsappinstallation-get-chat.md
     - name: List permission grants
       href: ../../api/user-list-permissiongrants.md
+  - name: Terms of use agreements
+    items:
+    - name: Agreement acceptances for a user
+      href: ../../api/user-list-agreementacceptances.md
   - name: To-do tasks
     items:
     - name: List tasks

api-reference/v1.0/toc/users/toc.yml

@@ -7,7 +7,7 @@ ms.reviewer: krbash
 ms.localizationpriority: medium
 ms.topic: how-to
 ms.subservice: entra-applications
-ms.date: 01/12/2024
+ms.date: 01/24/2025
 #Customer intent: As a developer, I want to learn what authentication libraries to use, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph.
 ---
 
@@ -24,19 +24,13 @@ Most apps use an authentication library to acquire and manage access tokens to c
 
 If your app still uses ADAL, use a two-stage migration approach:
 
-1. Update your app to acquire access tokens for Microsoft Graph. Continue to use ADAL for this step. Update the **resourceURL**, which holds the URI representing the resource web API, from:
-
-    `https://graph.windows.net`  
-
-    To:  
-
-    `https://graph.microsoft.com`
+1. Update your app to acquire access tokens for Microsoft Graph. Continue to use ADAL for this step. Update the **resourceURL**, which holds the URI representing the resource web API, from  `https://graph.windows.net` to `https://graph.microsoft.com`.
 
     Newly acquired tokens have the same scopes after this change, but the audience of the access tokens is now Microsoft Graph.  
 
     Once you update **resourceURL** and verified functionality, release an interim update for your app users.
 
-1.  Next, begin migrating your app to use MSAL, which is the only supported library, now that ADAL is retired.
+1. Next, begin migrating your app to use MSAL, which is the only supported library, now that ADAL is retired.
 
 ## Migrating to MSAL
 
@@ -48,7 +42,7 @@ When you switch your app over to MSAL, you need to make a few changes, including
 var scopes = new string[] { "https://graph.microsoft.com/.default" };
 ```
 
-The expression above limits the permission scopes request to the scopes configured during application registration in the Microsoft Entra admin center, and saves your existing users from having to consent to your app again.
+This expression restricts the permission scopes to those configured on the app registration in the Microsoft Entra admin center, preventing existing users from needing to re-consent to your app.
 
 Learn [.NET client library](migrate-azure-ad-graph-client-libraries.md) differences between Azure Active Directory (Azure AD) Graph and Microsoft Graph.
 

concepts/migrate-azure-ad-graph-authentication-library.md

@@ -6,7 +6,7 @@ ms.author: ombongifaith
 ms.reviewer: jackson.woods, krbash
 ms.localizationpriority: medium
 ms.subservice: entra-applications
-ms.date: 01/18/2024
+ms.date: 01/24/2025
 ms.topic: concept-article
 #Customer intent: As a developer migrating apps from Azure AD Graph to Microsoft Graph, I want to understand the differences in permissions between the two APIs, so that I can grant the rightly scoped Microsoft Graph permissions to my app.
 ---
@@ -19,7 +19,7 @@ The least privileged permission for a specific scenario might be different betwe
 
 For example, on Azure AD Graph, reading users in app-only scenarios requires the *Directory.Read.All* permission. This permission also allows your app to read all the groups, apps, and some policies in your tenant. However, on Microsoft Graph, reading users in app-only scenarios requires only the *User.Read.All* permission.
 
-While the permission strings might be the same in both Azure AD Graph and Microsoft Graph, they have different identifiers. However, similar to Azure AD Graph, Microsoft Graph also exposes both application and delegated permissions. Administrator consent is always required for application permissions.
+While the permission display strings might be the same in both Azure AD Graph and Microsoft Graph, they have different permissions IDs. Similar to Azure AD Graph, Microsoft Graph also exposes both application and delegated permissions. Administrator consent is always required for application permissions.
 
 The article provides a mapping of Azure AD Graph to Microsoft Graph permissions to help you migrate your apps.
 
@@ -152,11 +152,11 @@ Not applicable.
 
 ### Delegated
 
-| Parameter               | Azure AD Graph | Microsoft Graph        |
-|-------------------------|----------------|------------------------|
-| Permission ID           | Not available  | Read and write domains |
-| Display String          | Not available  | Read and write domains |
-| Admin consent required? | Not available  | Yes                    |
+| Parameter               | Azure AD Graph | Microsoft Graph                      |
+|-------------------------|----------------|--------------------------------------|
+| Permission ID           | Not available  | 0b5d694c-a244-4bde-86e6-eb5cd07730fe |
+| Display String          | Not available  | Read and write domains               |
+| Admin consent required? | Not available  | Yes                                  |
 
 
 ### Application

concepts/migrate-azure-ad-graph-permissions-differences.md

@@ -7,7 +7,7 @@ ms.reviewer: krbash
 ms.topic: quickstart
 ms.localizationpriority: medium
 ms.subservice: entra-applications
-ms.date: 01/12/2024
+ms.date: 01/20/2025
 #Customer intent: As a developer, what are some of the things I need to consider when migrating my app from Azure AD Graph to Microsoft Graph?
 ---
 
@@ -17,26 +17,26 @@ Use the following checklist to plan your migration from Azure Active Directory (
 
 ## Step 1: Review the differences between the APIs
 
-In many respects, Microsoft Graph is similar to the earlier Azure AD Graph. In many cases, change the endpoint, version, and resource name in your code, and everything should continue to work.
+In many ways, Microsoft Graph resembles Azure AD Graph. Often, you can simply update the endpoint, version, and resource name in your code, and it should function as expected.
 
-Nonetheless, there are differences. Certain resources, properties, methods, and core capabilities changed.
+However, there are differences where some resources, properties, methods, and core capabilities have changed.
 
-Specifically, look for differences in the following areas:
+Look for differences in the following areas:
 
-- [Request call syntax](migrate-azure-ad-graph-request-differences.md) between the two services
-- [Feature differences](migrate-azure-ad-graph-feature-differences.md), such as directory extensions, batching, differential queries, and so on
-- [Entity resource names](migrate-azure-ad-graph-resource-differences.md) and their types
-- [Properties](migrate-azure-ad-graph-property-differences.md) of request and response objects
-- [Methods](migrate-azure-ad-graph-method-differences.md), including parameters and types
-- [Permissions](migrate-azure-ad-graph-permissions-differences.md)
+- [Request call syntax](migrate-azure-ad-graph-request-differences.md) between the two services.
+- [Feature differences](migrate-azure-ad-graph-feature-differences.md), such as directory extensions, batching, differential queries, and so on.
+- [Entity resource names](migrate-azure-ad-graph-resource-differences.md) and their types.
+- [Properties](migrate-azure-ad-graph-property-differences.md) of request and response objects.
+- [Methods](migrate-azure-ad-graph-method-differences.md), including parameters and types.
+- [Permissions](migrate-azure-ad-graph-permissions-differences.md).
 
 ## Step 2: Examine API use
 
 [Examine the APIs](migrate-azure-ad-graph-audit-api-use.md) used by your app, the permissions they require, and compare to the list of known differences.  
 
-For production, verify that the APIs your app needs are generally available in Microsoft Graph v1.0 and inspect whether they work like in Azure AD Graph or differently.
+For production, ensure that the APIs your app requires are generally available in Microsoft Graph v1.0 and verify if they function the same as in Azure AD Graph or have differences.
 
-For testing, use [Graph Explorer](https://aka.ms/ge) to experiment with API calls and to develop new approaches. For best results, sign in using the credentials of a test user in a test tenant so that you verify the API behavior in a realistic environment.
+For testing, use [Graph Explorer](https://aka.ms/ge) to experiment with API calls and develop new approaches. For best results, sign in with the credentials of a test user in a test tenant to verify the API behavior in a realistic environment.
 
 ## Step 3: Review app details
 
@@ -46,7 +46,7 @@ For testing, use [Graph Explorer](https://aka.ms/ge) to experiment with API call
 
 ## Step 4: Deploy, test, and extend your app
 
-Before updating your app for production, ensure you test thoroughly and stage your rollout to your customer audience.
+Before updating your app for production, thoroughly test it and stage the rollout to your customer audience.
 
 After switching to Microsoft Graph, you unlock many more datasets and features that are defined in [Major services and features in Microsoft Graph](./overview-major-services.md).
 

concepts/migrate-azure-ad-graph-planning-checklist.md

@@ -6,7 +6,8 @@ ms.author: ombongifaith
 ms.reviewer: krbash
 ms.localizationpriority: medium
 ms.subservice: "entra-applications"
-ms.date: 01/12/2024
+ms.date: 01/21/2025
+
 #Customer intent: As a developer, I want to understand how REST API endpoints differ between Azure AD Graph and Microsoft Graph, so that I can update my code accordingly as I migrate my app from Azure AD Graph to Microsoft Graph.
 ---
 
@@ -54,7 +55,7 @@ In addition to the primary key, some entities support an alternate key identifie
 
 It's a best practice to only request the properties your app really needs. Use the `$select` query parameter, in GET requests, to customize the response to include only the properties that your app requires.
 
-In some cases in Microsoft Graph, for example, the **GET** or **LIST** operations for **user** and **group** resources, only a subset of all properties are returned. These _default properties_ represent the most commonly used properties for the resources. On the other hand, Azure AD Graph returns the full set of all properties for the respective resource. Where the resource returns only the default properties, your app needs to explicitly request other properties using the `$select` query parameter.
+In some cases in Microsoft Graph, for example, the **GET** or **LIST** operations for **user** and **group** resources, only a subset of all properties are returned. These *default properties* represent the most commonly used properties for the resources. On the other hand, Azure AD Graph returns the full set of all properties for the respective resource. Where the resource returns only the default properties, your app needs to explicitly request other properties using the `$select` query parameter.
 
 To illustrate the difference, use Graph Explorer to run the following requests and compare the different responses.
 
@@ -72,7 +73,7 @@ https://graph.microsoft.com/v1.0/me?$select=displayName,streetAddress,city,state
 To learn more about:
 
 - Default properties on user and group resources, see [users](/graph/api/resources/users) and [groups](/graph/api/resources/groups-overview)
-- The `$select` parameter and other supported ODATA query parameters, see [Use query parameters to customize responses](./query-parameters.md).
+- The `$select` parameter and other supported OData query parameters, see [Use query parameters to customize responses](./query-parameters.md).
 - Other recommended optimizations, see [Best practices](./best-practices-concept.md).
 
 ## Relationships and navigation properties

concepts/migrate-azure-ad-graph-request-differences.md

@@ -7,7 +7,7 @@ ms.localizationpriority: high
 ms.topic: reference
 ms.subservice: entra-applications
 ms.custom: graphiamtop20, scenarios:getting-started
-ms.date: 01/20/2025
+ms.date: 01/27/2025
 #Customer intent: As a developer, I want to learn more about the permissions available in Microsoft Graph, so that I understand the impact of granting specific permissions to my app.
 ---
 
@@ -2016,6 +2016,28 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 ---
 
+### DeviceManagementScripts.Read.All
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | c7a5be92-2b3d-4540-8a67-c96dcaae8b43 | d32381d8-ee89-4220-9c83-b672aa68d404 |
+| DisplayText | Read Microsoft Intune Scripts | Read Microsoft Intune Scripts |
+| Description | Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user. | Allows the app to read Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts on behalf of the signed in user. |
+| AdminConsentRequired | Yes | Yes |
+
+---
+
+### DeviceManagementScripts.ReadWrite.All
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | 9255e99d-faf5-445e-bbf7-cb71482737c4 | 8b9d79d0-ad75-4566-8619-f7500ecfcebe |
+| DisplayText | Read and write Microsoft Intune Scripts | Read and write Microsoft Intune Scripts |
+| Description | Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts, without a signed-in user. | Allows the app to read and write Microsoft Intune device compliance scripts, device management scripts, device shell scripts, device custom attribute shell scripts and device health scripts on behalf of the signed in user. |
+| AdminConsentRequired | Yes | Yes |
+
+---
+
 ### DeviceManagementServiceConfig.Read.All
 
 | Category | Application | Delegated |
@@ -2042,6 +2064,17 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 ---
 
+### DeviceTemplate.Create
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | abf6441f-0772-4932-96e7-0191478dd73a | 0b1717ff-3e42-4a73-8c29-e6b2e1093960 |
+| DisplayText | Create device template | Create device templates |
+| Description | Allows the app to create device templates. The app is marked as owner of the created device template. As a member of owners, the app will be allowed to manage devices created from the template. | Allows the app to create device templates on behalf of the signed in user. The user is marked as owners of the created device template. As a member of owners, the user will be allowed to manage devices created from the template. |
+| AdminConsentRequired | Yes | Yes |
+
+---
+
 ### DeviceTemplate.Read.All
 
 | Category | Application | Delegated |