Merge pull request #26721 from microsoftgraph/main

Danielabom · web-flow · commit ee4deefc1b39 · 2025-05-21T17:33:32.000-06:00
Merge to publish.
diff --git a/api-reference/beta/api/profilepropertysetting-delete.md b/api-reference/beta/api/profilepropertysetting-delete.md
@@ -20,11 +20,7 @@ Delete a [profilePropertySetting](../resources/profilepropertysetting.md) object
 
 Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
 
-<!-- {
-  "blockType": "permissions",
-  "name": "profilepropertysetting-delete-permissions"
-}
--->
+<!-- { "blockType": "permissions", "name": "profilepropertysetting_delete" } -->
 [!INCLUDE [permissions-table](../includes/permissions/profilepropertysetting-delete-permissions.md)]
 
 >**Note:** To use delegated permissions for this operation, the signed-in user must have either the [Global Administrator](/entra/identity/role-based-access-control/permissions-reference#global-administrator) role or the [People Administrator](/entra/identity/role-based-access-control/permissions-reference#people-administrator) role.
diff --git a/api-reference/beta/api/security-alert-update.md b/api-reference/beta/api/security-alert-update.md
@@ -47,6 +47,7 @@ PATCH /security/alerts_v2/{alertId}
 |:---|:---|:---|
 |status|microsoft.graph.security.alertStatus|The status of the alert. Possible values are: `new`, `inProgress`, `resolved`, `unknownFutureValue`.|
 |classification|microsoft.graph.security.alertClassification|Specifies the classification of the alert. Possible values are: `unknown`, `falsePositive`, `truePositive`, `informationalExpectedActivity`, `unknownFutureValue`.|
+|customDetails|microsoft.graph.security.dictionary| User defined custom fields with string values. |
 |determination|microsoft.graph.security.alertDetermination|Specifies the determination of the alert. Possible values are: `unknown`, `apt`, `malware`, `securityPersonnel`, `securityTesting`, `unwantedSoftware`, `other`, `multiStagedAttack`, `compromisedUser`, `phishing`, `maliciousUserActivity`, `clean`, `insufficientData`, `confirmedUserActivity`, `lineOfBusinessApplication`, `unknownFutureValue`.|
 |assignedTo|String|Owner of the incident, or null if no owner is assigned.|
 
@@ -76,7 +77,8 @@ Content-length: 2450
     "assignedTo": "secAdmin@contoso.com",
     "classification": "truePositive",
     "determination": "malware",
-    "status": "inProgress"
+    "status": "inProgress",
+    "CustomDetails": {"newKey":"newValue"}
 }
 ```
 
@@ -161,6 +163,7 @@ Content-type: application/json
     "lastActivityDateTime": "2021-05-02T07:56:58.222Z",
     "comments": [],
     "evidence": [],
-    "systemTags" : []
+    "systemTags" : [],
+    "customDetails": {"newKey":"newValue"}
 }
 ```
diff --git a/api-reference/beta/includes/permissions/profilepropertysetting-delete-permissions.md b/api-reference/beta/includes/permissions/profilepropertysetting-delete-permissions.md
@@ -1,10 +1,10 @@
 ---
-description: Automatically generated file. DO NOT MODIFY
+description: "Automatically generated file. DO NOT MODIFY"
 ms.topic: include
 ms.localizationpriority: medium
 ---
 
-|Permission type|Least privileged permission|Higher privileged permissions|
+|Permission type|Least privileged permissions|Higher privileged permissions|
 |:---|:---|:---|
 |Delegated (work or school account)|PeopleSettings.ReadWrite.All|Not available.|
 |Delegated (personal Microsoft account)|Not supported.|Not supported.|
diff --git a/api-reference/beta/resources/appscope.md b/api-reference/beta/resources/appscope.md
@@ -10,19 +10,27 @@ ms.date: 07/23/2024
 
 # appScope resource type
 
+Namespace: microsoft.graph
+
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-The scope of a role assignment determines the set of resources for which the principal is granted access. An app scope is a scope defined and understood by a specific application. The other type of scope is directory scope. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. 
+The scope of a role assignment determines the set of resources for which the principal has access. An app scope is a scope defined and understood by a specific application. The other type of scope is directory scope. Directory scopes are shared scopes stored in the directory that are understood by multiple applications. 
+
+App scopes support the following principal and scope scenarios:
++ A single principal and a single scope
++ Multiple principals and multiple scopes.
 
-This scope is employed in both the single principal, single scope entity and multiple principal, multiple scope entities.
+## Methods
+
+None.
 
 ## Properties
 
 | Property | Type | Description |
 |:-------- |:---- |:----------- |
-| id | string | ID of an app-specific container or resource representing the scope of the assignment. Usually the immutable ID of the resource. The scope of an assignment determines the set of resources for which the principal is granted access. Required. |
-| type | String | Describes the type of app-specific resource represented by the app scope. For display purposes, so a user interface can convey to the user the kind of app specific resource represented by the app scope. Read only. |
-| displayName | string | Provides the display name of the app-specific resource represented by the app scope. Provided for display purposes since appScopeId is often an immutable, non-human-readable ID. Read only. |
+| displayName | string | Provides the display name of the app-specific resource represented by the app scope. Read only. |
+| id | string | ID of an app-specific container or resource representing the scope of the assignment. Usually the immutable ID of the resource. The scope of an assignment determines the set of resources for which the principal is granted access. Required. Read-only.|
+| type | String | Describes the type of app-specific resource represented by the app scope. Read-only. |
 
 ## Relationships
 
diff --git a/api-reference/beta/resources/employeeexperienceuser.md b/api-reference/beta/resources/employeeexperienceuser.md
@@ -14,7 +14,7 @@ Namespace: microsoft.graph
 
 [!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
 
-"Represents a container that exposes navigation properties for the employee experience resources of a user.
+Represents a container that exposes navigation properties for the employee experience resources of a user.
 
 Inherits from [entity](../resources/entity.md).
 
diff --git a/api-reference/beta/resources/security-alert.md b/api-reference/beta/resources/security-alert.md
@@ -40,6 +40,7 @@ Security providers create an alert in the system when they detect a threat. Micr
 |classification|[microsoft.graph.security.alertClassification](#alertclassification-values)| Specifies whether the alert represents a true threat. Possible values are: `unknown`, `falsePositive`, `truePositive`, `informationalExpectedActivity`, `unknownFutureValue`.|
 |comments|[microsoft.graph.security.alertComment](security-alertComment.md) collection| Array of comments created by the Security Operations (SecOps) team during the alert management process.|
 |createdDateTime|DateTimeOffset| Time when Microsoft 365 Defender created the alert.|
+|customDetails|microsoft.graph.security.dictionary| User defined custom fields with string values. |
 |description|String| String value describing each alert.|
 |detectionSource|[microsoft.graph.security.detectionSource](#detectionsource-values)| Detection technology or sensor that identified the notable component or activity. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `antivirus`, `smartScreen`, `customTi`, `microsoftDefenderForOffice365`, `automatedInvestigation`, `microsoftThreatExperts`, `customDetection`, `microsoftDefenderForIdentity`, `cloudAppSecurity`, `microsoft365Defender`, `azureAdIdentityProtection`, `manual`, `microsoftDataLossPrevention`, `appGovernancePolicy`, `appGovernanceDetection`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftDefenderForIoT`, `microsoftDefenderForServers`, `microsoftDefenderForStorage`, `microsoftDefenderForDNS`, `microsoftDefenderForDatabases`, `microsoftDefenderForContainers`, `microsoftDefenderForNetwork`, `microsoftDefenderForAppService`, `microsoftDefenderForKeyVault`, `microsoftDefenderForResourceManager`, `microsoftDefenderForApiManagement`, `microsoftSentinel`, `nrtAlerts`, `scheduledAlerts`, `microsoftDefenderThreatIntelligenceAnalytics`, `builtInMl`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftDefenderForIoT`, `microsoftDefenderForServers`, `microsoftDefenderForStorage`, `microsoftDefenderForDNS`, `microsoftDefenderForDatabases`, `microsoftDefenderForContainers`, `microsoftDefenderForNetwork`, `microsoftDefenderForAppService`, `microsoftDefenderForKeyVault`, `microsoftDefenderForResourceManager`, `microsoftDefenderForApiManagement`, `microsoftSentinel`, `nrtAlerts`, `scheduledAlerts`, `microsoftDefenderThreatIntelligenceAnalytics`, `builtInMl`.|
 |detectorId|String| The ID of the detector that triggered the alert.|
@@ -241,6 +242,9 @@ The following JSON representation shows the resource type.
   ],
   "additionalData": {
     "@odata.type": "microsoft.graph.security.dictionary"
+  },
+  "customDetails": {
+    "@odata.type": "microsoft.graph.security.dictionary"
   }
 }
 ```
diff --git a/api-reference/v1.0/api/driveitem-assignsensitivitylabel.md b/api-reference/v1.0/api/driveitem-assignsensitivitylabel.md
@@ -117,6 +117,6 @@ The value of the `Location` header provides a URL for a service that will return
 You can use this information to [determine when the assign sensitivity label operation has finished](/graph/long-running-actions-overview).
 
 ### Remarks
-The response from the API only indicates that the assign sensitivity label operation was accepted or rejected. The operation might be rejected, for example, if the file type isn't supported, or the file is double encrypted.
+The response from the API only indicates that the assign sensitivity label operation was accepted or rejected. The operation might be rejected, for example, if the file type isn't supported, or the file is double encrypted. Audit events for both success and failure cases are logged. For more information, see [Audit log activities](/purview/audit-log-activities#sensitivity-label-activities).
 
 [item-resource]: ../resources/driveitem.md
diff --git a/api-reference/v1.0/api/security-alert-update.md b/api-reference/v1.0/api/security-alert-update.md
@@ -45,6 +45,7 @@ PATCH /security/alerts_v2/{alertId}
 |:---|:---|:---|
 |status|microsoft.graph.security.alertStatus|The status of the alert. Possible values are: `new`, `inProgress`, `resolved`, `unknownFutureValue`.|
 |classification|microsoft.graph.security.alertClassification|Specifies the classification of the alert. Possible values are: `unknown`, `falsePositive`, `truePositive`, `informationalExpectedActivity`, `unknownFutureValue`.|
+|customDetails|microsoft.graph.security.dictionary| User defined custom fields with string values. |
 |determination|microsoft.graph.security.alertDetermination|Specifies the determination of the alert. Possible values are: `unknown`, `apt`, `malware`, `securityPersonnel`, `securityTesting`, `unwantedSoftware`, `other`, `multiStagedAttack`, `compromisedUser`, `phishing`, `maliciousUserActivity`, `clean`, `insufficientData`, `confirmedUserActivity`, `lineOfBusinessApplication`, `unknownFutureValue`.|
 |assignedTo|String|Owner of the incident, or `null` if no owner is assigned.|
 
diff --git a/api-reference/v1.0/resources/appscope.md b/api-reference/v1.0/resources/appscope.md
@@ -11,24 +11,26 @@ ms.date: 07/26/2024
 
 # appScope resource type
 
-The scope of a role assignment determines the set of resources for which the principal has been granted access. An app scope is a scope defined and understood by a specific application, unlike directory scopes that are shared scopes stored in the directory and understood by multiple applications.
+Namespace: microsoft.graph
 
-This may be in both the following principal and scope scenarios:
+The scope of a role assignment determines the set of resources for which the principal has access. An app scope is a scope defined and understood by a specific application, unlike directory scopes that are shared scopes stored in the directory and understood by multiple applications.
+
+App scopes support the following principal and scope scenarios:
 + A single principal and a single scope
 + Multiple principals and multiple scopes.
 	
 Inherits from [entity](entity.md).
 
 ## Methods
-None
+None.
 
 ## Properties
 
 | Property | Type | Description |
 |:-------- |:---- |:----------- |
-| displayName | string | Provides the display name of the app-specific resource represented by the app scope. Provided for display purposes since appScopeId is often an immutable, non-human-readable id. Read-only. |
-| id | string | Identifier of an app-specific container or resource representing the scope of the assignment. Usually the immutable id of the resource. The scope of an assignment determines the set of resources for which the principal has been granted access. Required. |
-| type | String | Describes the type of app-specific resource represented by the app scope and is provided for display purposes, so a user interface can convey to the user the kind of app specific resource represented by the app scope. Read-only. |
+| displayName | string | Provides the display name of the app-specific resource represented by the app scope. Read only. |
+| id | string | ID of an app-specific container or resource representing the scope of the assignment. Usually the immutable ID of the resource. The scope of an assignment determines the set of resources for which the principal is granted access. Required. Read-only. |
+| type | String | Describes the type of app-specific resource represented by the app scope. Read-only. |
 
 ## Relationships
 
diff --git a/api-reference/v1.0/resources/security-alert.md b/api-reference/v1.0/resources/security-alert.md
@@ -38,6 +38,7 @@ When a security provider detects a threat, it creates an alert in the system. Mi
 |classification|[microsoft.graph.security.alertClassification](#alertclassification-values)| Specifies whether the alert represents a true threat. Possible values are: `unknown`, `falsePositive`, `truePositive`, `informationalExpectedActivity`, `unknownFutureValue`.|
 |comments|[microsoft.graph.security.alertComment](security-alertComment.md) collection| Array of comments created by the Security Operations (SecOps) team during the alert management process.|
 |createdDateTime|DateTimeOffset| Time when Microsoft 365 Defender created the alert.|
+|customDetails|microsoft.graph.security.dictionary| User defined custom fields with string values. |
 |description|String| String value describing each alert.|
 |detectionSource|[microsoft.graph.security.detectionSource](#detectionsource-values)| Detection technology or sensor that identified the notable component or activity. Possible values are: `unknown`, `microsoftDefenderForEndpoint`, `antivirus`, `smartScreen`, `customTi`, `microsoftDefenderForOffice365`, `automatedInvestigation`, `microsoftThreatExperts`, `customDetection`, `microsoftDefenderForIdentity`, `cloudAppSecurity`, `microsoft365Defender`, `azureAdIdentityProtection`, `manual`, `microsoftDataLossPrevention`, `appGovernancePolicy`, `appGovernanceDetection`, `unknownFutureValue`, `microsoftDefenderForCloud`, `microsoftDefenderForIoT`, `microsoftDefenderForServers`, `microsoftDefenderForStorage`, `microsoftDefenderForDNS`, `microsoftDefenderForDatabases`, `microsoftDefenderForContainers`, `microsoftDefenderForNetwork`, `microsoftDefenderForAppService`, `microsoftDefenderForKeyVault`, `microsoftDefenderForResourceManager`, `microsoftDefenderForApiManagement`, `microsoftSentinel`, `nrtAlerts`, `scheduledAlerts`, `microsoftDefenderThreatIntelligenceAnalytics`, `builtInMl`. Use the `Prefer: include-unknown-enum-members` request header to get the following value(s) in this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `microsoftDefenderForCloud`, `microsoftDefenderForIoT`, `microsoftDefenderForServers`, `microsoftDefenderForStorage`, `microsoftDefenderForDNS`, `microsoftDefenderForDatabases`, `microsoftDefenderForContainers`, `microsoftDefenderForNetwork`, `microsoftDefenderForAppService`, `microsoftDefenderForKeyVault`, `microsoftDefenderForResourceManager`, `microsoftDefenderForApiManagement`, `microsoftSentinel`, `nrtAlerts`, `scheduledAlerts`, `microsoftDefenderThreatIntelligenceAnalytics`, `builtInMl`.|
 |detectorId|String| The ID of the detector that triggered the alert.|
@@ -238,6 +239,9 @@ The following JSON representation shows the resource type.
   ],
   "additionalData": {
     "@odata.type": "microsoft.graph.security.dictionary"
+  },
+  "customDetails": {
+    "@odata.type": "microsoft.graph.security.dictionary"
   }
 }
 ```
diff --git a/changelog/Microsoft.M365.Defender.json b/changelog/Microsoft.M365.Defender.json
@@ -2669,6 +2669,42 @@
         "CreatedDateTime": "2025-03-26T20:20:31.9078919Z",
         "WorkloadArea": "Security",
         "SubArea": ""
+      },
+      {
+        "ChangeList": [
+          {
+            "Id": "0b42926b-ca34-4b46-8ece-7d2ebc57d92c",
+            "ApiChange": "Property",
+            "ChangedApiName": "customDetails",
+            "ChangeType": "Addition",
+            "Description": "Added the **customDetails** property to the [alert](https://learn.microsoft.com/en-us/graph/api/resources/security-alert?view=graph-rest-beta) resource.",
+            "Target": "alert"
+          }
+        ],
+        "Id": "0b42926b-ca34-4b46-8ece-7d2ebc57d92c",
+        "Cloud": "Review",
+        "Version": "beta",
+        "CreatedDateTime": "2025-05-21T03:30:26.499353Z",
+        "WorkloadArea": "Security",
+        "SubArea": ""
+      },
+      {
+        "ChangeList": [
+          {
+            "Id": "00bffed3-c1fc-46a7-bdf5-e62c5a7bd69f",
+            "ApiChange": "Property",
+            "ChangedApiName": "customDetails",
+            "ChangeType": "Addition",
+            "Description": "Added the **customDetails** property to the [alert](https://learn.microsoft.com/en-us/graph/api/resources/security-alert?view=graph-rest-1.0) resource.",
+            "Target": "alert"
+          }
+        ],
+        "Id": "00bffed3-c1fc-46a7-bdf5-e62c5a7bd69f",
+        "Cloud": "Review",
+        "Version": "v1.0",
+        "CreatedDateTime": "2025-05-21T03:30:26.4995892Z",
+        "WorkloadArea": "Security",
+        "SubArea": ""
       }
   ]
 }
diff --git a/concepts/changenotifications-for-virtualevent.md b/concepts/changenotifications-for-virtualevent.md
diff --git a/concepts/social-intel-concept-overview.md b/concepts/social-intel-concept-overview.md
diff --git a/concepts/whats-new-overview.md b/concepts/whats-new-overview.md
