Merge pull request #25686 from microsoftgraph/main

Merge to publish.

api-reference/beta/resources/devicemanagement-alertrule.md

@@ -32,7 +32,7 @@ For more information, see the [monitoring](devicemanagement-monitoring.md) resou
 
 |Property|Type|Description|
 |:---|:---|:---|
-|alertRuleTemplate|[microsoft.graph.deviceManagement.alertRuleTemplate](#alertruletemplate-values)|The rule template of the alert event. The possible values are: `cloudPcProvisionScenario`, `cloudPcImageUploadScenario`, `cloudPcOnPremiseNetworkConnectionCheckScenario`, `cloudPcInGracePeriodScenario`, `cloudPcFrontlineInsufficientLicensesScenario`, `cloudPcInaccessibleScenario`. You must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `cloudPcInGracePeriodScenario`.|
+|alertRuleTemplate|[microsoft.graph.deviceManagement.alertRuleTemplate](#alertruletemplate-values)|The rule template of the alert event. The possible values are: `cloudPcProvisionScenario`, `cloudPcImageUploadScenario`, `cloudPcOnPremiseNetworkConnectionCheckScenario`, `cloudPcInGracePeriodScenario`, `cloudPcFrontlineInsufficientLicensesScenario`, `cloudPcInaccessibleScenario`. Note that you must use the `Prefer: include-unknown-enum-members` request header to get the following values from this [evolvable enum](/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `cloudPcInGracePeriodScenario`.|
 |description|String|The rule description.|
 |displayName|String|The display name of the rule.|
 |enabled|Boolean|The status of the rule that indicates whether the rule is enabled or disabled. If `true`, the rule is enabled; otherwise, the rule is disabled.|
@@ -50,11 +50,10 @@ For more information, see the [monitoring](devicemanagement-monitoring.md) resou
 |cloudPcProvisionScenario|The alert rule was triggered for an issue with the Cloud PC provisioning. For a system rule, the alert rule was triggered for a Cloud PC provisioning failure.|
 |cloudPcImageUploadScenario|The alert rule was triggered for an issue with the process to upload the Cloud PC image. For a system rule, the alert rule was triggered for a failure to upload the Cloud PC image.|
 |cloudPcOnPremiseNetworkConnectionCheckScenario|The alert rule was triggered for an issue with the on-premises network connection check. For a system rule, the alert rule was triggered for a failure with the on-premises network connection.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
 |cloudPcInGracePeriodScenario |The alert rule was triggered when the Cloud PC entered the grace period.|
 |cloudPcFrontlineInsufficientLicensesScenario| The alert rule was triggered for the Frontline Cloud PCs where more concurrent Cloud PC connections were active than the concurrency limit allows.|
 |cloudPcInaccessibleScenario| The alert rule was triggered when Cloud PCs couldn't connect due to host health failure, connection errors, or a zone outage. Alternatively, because they were under provisioning or restoring device status.|
-|cloudPcFrontlineBufferUsageScenario| The alert rule was triggered for the Frontline Cloud PCs buffer usage when the buffer is used over the time limit or the count limit. When the tenants use all of the frontline licenses, there's a predefined buffer time or number of licenses that allows Cloud PC users to continue to use them. This alert is triggered when tenants use all of the buffered time or licenses.|
 
 ### ruleSeverityType values
 
@@ -64,7 +63,7 @@ For more information, see the [monitoring](devicemanagement-monitoring.md) resou
 |informational|The severity level is `informational`.|
 |warning|The severity level is `warning`.|
 |critical|The severity level is `critical`.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
 
 ## Relationships
 

api-reference/beta/resources/devicemanagement-rulecondition.md

@@ -21,7 +21,7 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 
 |Property|Type|Description|
 |:---|:---|:---|
-|relationshipType|[microsoft.graph.deviceManagement.relationshipType](#relationshiptype-values)| The relationship type. Possible values are: `and`, `or`.|
+|relationshipType|[microsoft.graph.deviceManagement.relationshipType](#relationshiptype-values)| The relationship type.  Possible values are: `and`, `or`.|
 |conditionCategory|[microsoft.graph.deviceManagement.conditionCategory](#conditioncategory-values)|The property that the rule condition monitors. Possible values are:  `provisionFailures`, `imageUploadFailures`, `azureNetworkConnectionCheckFailures`, `cloudPcInGracePeriod`, `frontlineInsufficientLicenses`, `cloudPcConnectionErrors`, `cloudPcHostHealthCheckFailures`, `cloudPcZoneOutage`, `unknownFutureValue`.|
 |aggregation|[microsoft.graph.deviceManagement.aggregationType](#aggregationtype-values)|The built-in aggregation method for the rule condition. The possible values are: `count`, `percentage`, `affectedCloudPcCount`, `affectedCloudPcPercentage`, `unknownFutureValue`.|
 |operator|[microsoft.graph.deviceManagement.operatorType](#operatortype-values)|The built-in operator for the rule condition. The possible values are: `greaterOrEqual`, `equal`, `greater`, `less`, `lessOrEqual`, `notEqual`, `unknownFutureValue`.|
@@ -46,9 +46,7 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |cloudPcConnectionErrors| The rule condition targets Cloud PC connection errors.|
 |cloudPcHostHealthCheckFailures| The rule condition targets Cloud PC host health check failures.|
 |cloudPcZoneOutage| The rule condition targets Cloud PC zone outage.|
-|unknownFutureValue| Evolvable enumeration sentinel value. Don't use.|
-|frontlineBufferUsageDuration| The alert rule condition targets Frontline buffer usage exceeds time duration.|
-|frontlineBufferUsageThreshold| The alert rule condition targets Frontline buffer usage exceeds limiting frequency.|
+|unknownFutureValue| Evolvable enumeration sentinel value. Do not use.|
 
 ### aggregationType values
 
@@ -58,8 +56,7 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |percentage|The percentage of the items that match the rule conditions.|
 |affectedCloudPcCount|The total number of Cloud PCs that meet the rule conditions.|
 |affectedCloudPcPercentage|The percentage of Cloud PCs that meet the rule conditions.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
-|durationInMinute| The time range during which Cloud PCs that meet the alert rule conditions are affected.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
 
 ### operatorType values
 
@@ -71,7 +68,7 @@ Represents the rule conditions for an [alert rule](devicemanagement-alertrule.md
 |less|The operator is less than the threshold target.|
 |lessOrEqual|The operator is less than or equal to the threshold target.|
 |notEqual|The operator isn't equal to the threshold target.|
-|unknownFutureValue|Evolvable enumeration sentinel value. Don't use.|
+|unknownFutureValue|Evolvable enumeration sentinel value. Do not use.|
 
 ## Relationships
 

api-reference/beta/resources/identity-network-access-overview.md

@@ -149,3 +149,4 @@ For detailed information about licensing for different features, see [Microsoft
 
 - [Implement identity standards with Microsoft Entra ID](/entra/standards/)
 - [Microsoft Entra ID Guide for independent software developers](/entra/architecture/guide-for-independent-software-developers)
+- Review the [Microsoft Entra deployment plans](/entra/architecture/deployment-plans) to help you build your plan to deploy the Microsoft Entra suite of capabilities.

api-reference/beta/resources/identitygovernance-overview.md

@@ -74,14 +74,5 @@ Microsoft Entra ID Governance capabilities are available as part of different su
 
 ## Related content
 
-+ [What is Microsoft Entra ID Governance?](/azure/active-directory/governance/identity-governance-overview)
-+ [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json)
-
-
-<!-- {
-  "type": "#page.annotation",
-  "description": "",
-  "keywords": "",
-  "section": "documentation",
-  "suppressions": []
-} -->
+- [What is Microsoft Entra ID Governance?](/azure/active-directory/governance/identity-governance-overview)
+- [Plan new governance scenarios for business partners and external users](/entra/id-governance/scenarios/govern-guest-lifecycle-new-project)

api-reference/beta/resources/signin.md

@@ -91,6 +91,7 @@ The [Microsoft Entra data retention policies](/azure/active-directory/reports-mo
 |servicePrincipalName|String|The application name used for sign-in. This field is populated when you're signing in using an application. <br/><br/> Supports `$filter` (`eq`, `startsWith`).|
 |sessionLifetimePolicies|[sessionLifetimePolicy](sessionlifetimepolicy.md) collection|Any conditional access session management policies that were applied during the sign-in event.|
 |signInEventTypes|String collection|Indicates the category of sign in that the event represents. For user sign ins, the category can be `interactiveUser` or `nonInteractiveUser` and corresponds to the value for the **isInteractive** property on the signin resource. For managed identity sign ins, the category is `managedIdentity`. For service principal sign-ins, the category is **servicePrincipal**. Possible values are: `interactiveUser`, `nonInteractiveUser`, `servicePrincipal`, `managedIdentity`, `unknownFutureValue`. <br/><br/> Supports `$filter` (`eq`, `ne`).|
+|sessionId|String|Identifier of the session that was generated during the sign-in.|
 |signInIdentifier|String|The identification that the user provided to sign in. It can be the userPrincipalName, but is also populated when a user signs in using other identifiers.|
 |signInIdentifierType|signInIdentifierType|The type of sign in identifier. Possible values are: `userPrincipalName`, `phoneNumber`, `proxyAddress`, `qrCode`, `onPremisesUserPrincipalName`, `unknownFutureValue`.|
 |signInTokenProtectionStatus|tokenProtectionStatus|Token protection creates a cryptographically secure tie between the token and the device it's issued to. This field indicates whether the signin token was bound to the device or not. The possible values are: `none`, `bound`, `unbound`, `unknownFutureValue`.|
@@ -216,6 +217,7 @@ The following JSON representation shows the resource type.
   "servicePrincipalCredentialThumbprint": "String",
   "servicePrincipalId": "String",
   "servicePrincipalName": "String",
+  "sessionId": "String",
   "sessionLifetimePolicies": [{"@odata.type": "microsoft.graph.sessionLifetimePolicy"}],
   "signInEventTypes": [
     "String"

api-reference/beta/resources/user.md

@@ -243,7 +243,7 @@ This resource supports:
 | onPremisesUserPrincipalName | String | Contains the on-premises `userPrincipalName` synchronized from the on-premises directory. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`). |
 | otherMails | String collection | A list of additional email addresses for the user; for example: `["[email protected]", "[email protected]"]`.<br>NOTE: This property can't contain accent characters.<br><br>Supports `$filter` (`eq`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, `/$count eq 0`, `/$count ne 0`). |
 | passwordPolicies | String | Specifies password policies for the user. This value is an enumeration with one possible value being `DisableStrongPassword`, which allows weaker passwords than the default policy to be specified. `DisablePasswordExpiration` can also be specified. The two may be specified together; for example: `DisablePasswordExpiration, DisableStrongPassword`. For more information on the default password policies, see [Microsoft Entra password policies](/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts). <br><br>Supports `$filter` (`ne`, `not`, and `eq` on `null` values).|
-| passwordProfile | [passwordProfile](passwordprofile.md) | Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). <br><br>To update this property: <br><li> In delegated access, the calling app must be assigned the *Directory.AccessAsUser.All* delegated permission on behalf of the signed-in user. <li> In application-only access, the calling app must be assigned the *User.ReadWrite.All* (least privilege) or *Directory.ReadWrite.All* (higher privilege) application permission *and* at least the *User Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).|
+| passwordProfile | [passwordProfile](passwordprofile.md) | Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). <br><br>To update this property: <br><li> In delegated access, the calling app must be assigned the *User-PasswordProfile.ReadWrite.All* delegated permission on behalf of the signed-in user. <li> In application-only access, the calling app must be assigned the *User-PasswordProfile.ReadWrite.All* application permission *and* at least the *User Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).|
 | pastProjects | String collection | A list for users to enumerate their past projects. <br><br>Returned only on `$select`. |
 | postalCode | String | The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. <br><br>Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
 | preferredDataLocation | String | The preferred data location for the user. For more information, see [OneDrive Online Multi-Geo](/sharepoint/dev/solution-guidance/multigeo-introduction).|

api-reference/v1.0/resources/identity-network-access-overview.md

@@ -131,3 +131,4 @@ For detailed information about licensing for different features, see [Microsoft
 
 - [Implement identity standards with Microsoft Entra ID](/entra/standards/)
 - [Microsoft Entra ID Guide for independent software developers](/entra/architecture/guide-for-independent-software-developers)
+- Review the [Microsoft Entra deployment plans](/entra/architecture/deployment-plans) to help you build your plan to deploy the Microsoft Entra suite of capabilities.

api-reference/v1.0/resources/identitygovernance-overview.md

@@ -72,6 +72,6 @@ Microsoft Entra ID Governance capabilities are available as part of different su
 
 ## Related content
 
-+ [What is Microsoft Entra ID Governance?](/azure/active-directory/governance/identity-governance-overview)
-+ [Microsoft Entra built-in roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json)
+- [What is Microsoft Entra ID Governance?](/azure/active-directory/governance/identity-governance-overview)
+- [Plan new governance scenarios for business partners and external users](/entra/id-governance/scenarios/govern-guest-lifecycle-new-project)
 

api-reference/v1.0/resources/user.md

@@ -207,7 +207,7 @@ This resource supports:
 |onPremisesUserPrincipalName|String| Contains the on-premises `userPrincipalName` synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Read-only. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`).|
 |otherMails|String collection| A list of other email addresses for the user; for example: `["[email protected]", "[email protected]"]`. <br>NOTE: This property can't contain accent characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `not`, `ge`, `le`, `in`, `startsWith`, `endsWith`, `/$count eq 0`, `/$count ne 0`).|
 |passwordPolicies|String|Specifies password policies for the user. This value is an enumeration with one possible value being `DisableStrongPassword`, which allows weaker passwords than the default policy to be specified. `DisablePasswordExpiration` can also be specified. The two might be specified together; for example: `DisablePasswordExpiration, DisableStrongPassword`. <br><br>Returned only on `$select`. For more information on the default password policies, see [Microsoft Entra password policies](/azure/active-directory/authentication/concept-sspr-policy#password-policies-that-only-apply-to-cloud-user-accounts). Supports `$filter` (`ne`, `not`, and `eq` on `null` values).|
-|passwordProfile|[passwordProfile](passwordprofile.md)|Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). <br><br>To update this property: <br><li> In delegated access, the calling app must be assigned the *Directory.AccessAsUser.All* delegated permission on behalf of the signed-in user. <li> In application-only access, the calling app must be assigned the *User.ReadWrite.All* (least privilege) or *Directory.ReadWrite.All* (higher privilege) application permission *and* at least the *User Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).|
+|passwordProfile|[passwordProfile](passwordprofile.md)|Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by the **passwordPolicies** property. By default, a strong password is required. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `in`, and `eq` on `null` values). <br><br>To update this property: <br><li> In delegated access, the calling app must be assigned the *User-PasswordProfile.ReadWrite.All* delegated permission on behalf of the signed-in user. <li> In application-only access, the calling app must be assigned the *User-PasswordProfile.ReadWrite.All* application permission *and* at least the *User Administrator* [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).|
 |pastProjects|String collection|A list for the user to enumerate their past projects. <br><br>Returned only on `$select`.|
 |postalCode|String|The postal code for the user's postal address. The postal code is specific to the user's country/region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. <br><br>Returned only on `$select`. Supports `$filter` (`eq`, `ne`, `not`, `ge`, `le`, `in`, `startsWith`, and `eq` on `null` values).|
 | preferredDataLocation | String | The preferred data location for the user. For more information, see [OneDrive Online Multi-Geo](/sharepoint/dev/solution-guidance/multigeo-introduction).|

api-reference/v1.0/toc/sites-and-lists/toc.yml

@@ -16,6 +16,8 @@ items:
     href: ../../api/site-getallsites.md
   - name: List subsites for a site
     href: ../../api/site-list-subsites.md
+  - name: List root sites
+    href: ../../api/site-list.md
   - name: Get site by path
     href: ../../api/site-getbypath.md
   - name: Get site for a group