Identity Management

List Graph Request

get

Generic endpoint for making Graph API requests with different parameters

Query parameters

EndpointstringRequired

The Graph API endpoint to call

Example: {"value":"users"}

manualPaginationbooleanOptional

Whether to use manual pagination

$selectstringOptional

Fields to select

$countbooleanOptional

Whether to include count

$orderbystringOptional

Field to order by

$topintegerOptional

Number of records to return

$formatstringOptional

Response format

Responses

200

Successful response

application/json

get

/api/ListGraphRequest

GET /api/ListGraphRequest?Endpoint=text HTTP/1.1
Accept: */*

200

Successful response

{
  "Results": [
    {}
  ],
  "Metadata": {}
}

Create Temporary Access Password

post

Creates a temporary access password for a user

Body

IDstringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecCreateTAP

POST /api/ExecCreateTAP HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Reset MFA

post

Re-requires MFA registration for a user

Body

IDstringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecResetMFA

POST /api/ExecResetMFA HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Send MFA Push

post

Sends an MFA push notification to a user

Body

UserEmailstringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecSendPush

POST /api/ExecSendPush HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 20

{
  "UserEmail": "text"
}

200

Successful response

No content

Set Per-User MFA

post

Sets per-user MFA for a user

Body

userIdstringRequired

User Principal Name

Statestring · enumRequired

MFA State

Possible values:

Responses

200

Successful response

post

/api/ExecPerUserMFA

POST /api/ExecPerUserMFA HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 36

{
  "userId": "text",
  "State": "Enforced"
}

200

Successful response

No content

Convert Mailbox

post

Converts a mailbox between shared and regular types

Body

IDstringRequired

User Principal Name

MailboxTypestring · enumRequired

Mailbox Type

Possible values:

Responses

200

Successful response

post

/api/ExecConvertMailbox

POST /api/ExecConvertMailbox HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 37

{
  "ID": "text",
  "MailboxType": "!Shared"
}

200

Successful response

No content

Enable Online Archive

post

Enables online archive for a user

Body

IDstringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecEnableArchive

POST /api/ExecEnableArchive HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Set Out of Office

post

Sets or disables out of office for a user

Body

userIdstringRequired

User Principal Name

AutoReplyStatestring · enumRequired

Auto Reply State

Possible values:

inputstringOptional

Out of Office Message

Responses

200

Successful response

post

/api/ExecSetOoO

POST /api/ExecSetOoO HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 59

{
  "userId": "text",
  "AutoReplyState": "Enabled",
  "input": "text"
}

200

Successful response

No content

Edit Group

post

Edits a group, including adding/removing members and owners

Body

tenantIdstringRequired

Tenant ID

groupIdstringRequired

Group ID to add member to

AddMemberstring[]Optional

Members to add

AddOwnerstring[]Optional

Owners to add

RemoveMemberstring[]Optional

Members to remove

RemoveOwnerstring[]Optional

Owners to remove

addMemberstringOptional

Single member to add

Responses

200

Successful response

post

/api/EditGroup

POST /api/EditGroup HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 143

{
  "tenantId": "text",
  "groupId": "text",
  "AddMember": [
    "text"
  ],
  "AddOwner": [
    "text"
  ],
  "RemoveMember": [
    "text"
  ],
  "RemoveOwner": [
    "text"
  ],
  "addMember": "text"
}

200

Successful response

No content

List Groups

get

Lists groups in the tenant

Query parameters

groupIDstringOptional

Group ID to get details for

tenantFilterstringOptional

Tenant to filter by

membersbooleanOptional

Whether to include members

ownersbooleanOptional

Whether to include owners

Responses

200

Successful response

application/json

get

/api/ListGroups

GET /api/ListGroups HTTP/1.1
Accept: */*

200

Successful response

{
  "groupInfo": {},
  "members": [
    {}
  ],
  "owners": [
    {}
  ]
}

Email Forwarding

post

Manages email forwarding for a user

Body

usernamestringRequired

User Principal Name

useridstringRequired

User Principal Name

ForwardOptionstringRequired

Forward Option

Responses

200

Successful response

post

/api/ExecEmailForward

POST /api/ExecEmailForward HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 58

{
  "username": "text",
  "userid": "text",
  "ForwardOption": "text"
}

200

Successful response

No content

Provision OneDrive

post

Pre-provisions OneDrive for a user

Body

UserPrincipalNamestringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecOneDriveProvision

POST /api/ExecOneDriveProvision HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 28

{
  "UserPrincipalName": "text"
}

200

Successful response

No content

Add OneDrive Shortcut

post

Adds a shortcut to a SharePoint site in a user's OneDrive

Body

usernamestringRequired

User Principal Name

useridstringRequired

User ID

siteUrlstringRequired

SharePoint Site URL

Responses

200

Successful response

post

/api/ExecOneDriveShortCut

POST /api/ExecOneDriveShortCut HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 52

{
  "username": "text",
  "userid": "text",
  "siteUrl": "text"
}

200

Successful response

No content

List Sites

get

Lists SharePoint sites

Query parameters

typestringOptional

Type of sites to list

URLOnlybooleanOptional

Whether to return only URLs

Responses

200

Successful response

application/json

get

/api/ListSites

GET /api/ListSites HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "webUrl": "text"
  }
]

Disable/Enable User

post

Blocks or unblocks sign-in for a user

Body

IDstringRequired

User ID

EnablebooleanOptional

Whether to enable the user

Responses

200

Successful response

post

/api/ExecDisableUser

POST /api/ExecDisableUser HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 27

{
  "ID": "text",
  "Enable": true
}

200

Successful response

No content

Reset Password

post

Resets a user's password

Body

MustChangebooleanRequired

Whether the user must change password at next logon

IDstringRequired

User Principal Name

displayNamestringOptional

User Display Name

Responses

200

Successful response

post

/api/ExecResetPass

POST /api/ExecResetPass HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 52

{
  "MustChange": true,
  "ID": "text",
  "displayName": "text"
}

200

Successful response

No content

Clear Immutable ID

post

Clears the immutable ID for a user

Body

IDstringRequired

User ID

Responses

200

Successful response

post

/api/ExecClrImmId

POST /api/ExecClrImmId HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Revoke Sessions

post

Revokes all sessions for a user

Body

IDstringRequired

User ID

UsernamestringRequired

User Principal Name

Responses

200

Successful response

post

/api/ExecRevokeSessions

POST /api/ExecRevokeSessions HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 31

{
  "ID": "text",
  "Username": "text"
}

200

Successful response

No content

Remove User

post

Deletes a user

Body

IDstringRequired

User ID

Responses

200

Successful response

post

/api/RemoveUser

POST /api/RemoveUser HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Add User

post

Creates a new user

Body

tenantFilterstringRequired

Tenant ID

givenNamestringRequired

First Name

surnamestringRequired

Last Name

mailNicknamestringRequired

Mail Nickname

Responses

200

Successful response

post

/api/AddUser

POST /api/AddUser HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 174

{
  "tenantFilter": "text",
  "givenName": "text",
  "surname": "text",
  "mailNickname": "text",
  "primDomain": {
    "label": "text",
    "value": "text"
  },
  "usageLocation": {
    "label": "text",
    "value": "text"
  }
}

200

Successful response

No content

List MFA Users

get

Lists users with MFA information

Responses

200

Successful response

application/json

get

/api/ListMFAUsers

GET /api/ListMFAUsers HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "UPN": "text",
    "AccountEnabled": "text",
    "isLicensed": "text",
    "MFARegistration": "text",
    "PerUser": "text",
    "CoveredBySD": "text",
    "CoveredByCA": "text",
    "MFAMethods": [
      "text"
    ],
    "CAPolicies": [
      "text"
    ]
  }
]

List Sign Ins

get

Lists sign-in events

Query parameters

DaysintegerOptional

Number of days to look back

filterstringOptional

Custom filter

failedLogonsOnlybooleanOptional

Whether to show only failed logons

FailureThresholdintegerOptional

Failure threshold

Responses

200

Successful response

application/json

get

/api/ListSignIns

GET /api/ListSignIns HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "createdDateTime": "text",
    "userPrincipalName": "text",
    "clientAppUsed": "text",
    "authenticationRequirement": "text",
    "errorCode": "text",
    "additionalDetails": "text",
    "ipAddress": "text",
    "locationcipp": "text"
  }
]

List Inactive Accounts

get

Lists inactive user accounts (6 months)

Responses

200

Successful response

application/json

get

/api/ListInactiveAccounts

GET /api/ListInactiveAccounts HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "tenantDisplayName": "text",
    "userPrincipalName": "text",
    "displayName": "text",
    "lastSignInDateTime": "text",
    "lastNonInteractiveSignInDateTime": "text",
    "numberOfAssignedLicenses": 1,
    "lastRefreshedDateTime": "text"
  }
]

List Azure AD Connect Status

get

Lists Azure AD Connect status

Query parameters

DataToReturnstringOptional

Type of data to return

Responses

200

Successful response

application/json

get

/api/ListAzureADConnectStatus

GET /api/ListAzureADConnectStatus HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "displayName": "text",
    "ObjectType": "text",
    "createdDateTime": "text",
    "onPremisesProvisioningErrors": [
      {}
    ]
  }
]

Hide/Unhide Group from GAL

post

Hides or unhides a group from the Global Address List

Body

IDstringRequired

Group Email

GroupTypestringRequired

Group Type

HidefromGALbooleanRequired

Whether to hide from GAL

Responses

200

Successful response

post

/api/ExecGroupsHideFromGAL

POST /api/ExecGroupsHideFromGAL HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 51

{
  "ID": "text",
  "GroupType": "text",
  "HidefromGAL": true
}

200

Successful response

No content

Manage Group Delivery Settings

post

Manages delivery settings for a group

Body

IDstringRequired

Group Email

GroupTypestringRequired

Group Type

OnlyAllowInternalbooleanRequired

Whether to only allow internal messages

Responses

200

Successful response

post

/api/ExecGroupsDeliveryManagement

POST /api/ExecGroupsDeliveryManagement HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 57

{
  "ID": "text",
  "GroupType": "text",
  "OnlyAllowInternal": true
}

200

Successful response

No content

Delete Group

post

Deletes a group

Body

IDstringRequired

Group ID

GroupTypestringRequired

Group Type

DisplayNamestringRequired

Group Display Name

Responses

200

Successful response

post

/api/ExecGroupsDelete

POST /api/ExecGroupsDelete HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 53

{
  "ID": "text",
  "GroupType": "text",
  "DisplayName": "text"
}

200

Successful response

No content

Add Group

post

Creates a new group

Body

tenantFilterstringRequired

Tenant ID

groupNamestringRequired

Group Name

groupTypestringRequired

Group Type

Responses

200

Successful response

post

/api/AddGroup

POST /api/AddGroup HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 61

{
  "tenantFilter": "text",
  "groupName": "text",
  "groupType": "text"
}

200

Successful response

No content

List Roles

get

Lists roles in the tenant

Responses

200

Successful response

application/json

get

/api/ListRoles

GET /api/ListRoles HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "DisplayName": "text",
    "Description": "text",
    "Members": [
      "text"
    ]
  }
]

Dismiss Risky User

post

Dismisses the risk for a user

Body

userIdstringRequired

User ID

userDisplayNamestringRequired

User Display Name

Responses

200

Successful response

post

/api/ExecDismissRiskyUser

POST /api/ExecDismissRiskyUser HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 42

{
  "userId": "text",
  "userDisplayName": "text"
}

200

Successful response

No content

List JIT Admins

get

Lists JIT admins

Query parameters

Actionstring · enumOptional

Action to perform

Possible values:

Responses

200

Successful response

application/json

get

/api/ExecJITAdmin

GET /api/ExecJITAdmin HTTP/1.1
Accept: */*

200

Successful response

{
  "Results": [
    {}
  ]
}

Execute JIT Admin

post

Creates or updates a JIT admin

Body

tenantFilterstringRequired

Tenant ID

userActionstring · enumRequired

User Action

Possible values:

firstNamestringOptional

First Name

lastNamestringOptional

Last Name

userNamestringOptional

Username

domainstringOptional

Domain Name

existingUserstringOptional

Existing User

startDatestring · dateRequired

Start Date

endDatestring · dateRequired

End Date

adminRolesstring[]Required

Admin Roles

UseTAPbooleanOptional

Generate TAP

expireActionstring · enumOptional

Expiration Action

Possible values:

Responses

200

Successful response

post

/api/ExecJITAdmin

POST /api/ExecJITAdmin HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 278

{
  "tenantFilter": "text",
  "userAction": "create",
  "firstName": "text",
  "lastName": "text",
  "userName": "text",
  "domain": "text",
  "existingUser": "text",
  "startDate": "2026-02-01",
  "endDate": "2026-02-01",
  "adminRoles": [
    "text"
  ],
  "UseTAP": true,
  "expireAction": "DeleteUser",
  "postExecution": [
    "Webhook"
  ]
}

200

Successful response

No content

Manage Device

post

Enables, disables, or deletes a device

Body

IDstringRequired

Device ID

actionstring · enumRequired

Action to perform

Possible values:

Responses

200

Successful response

post

/api/ExecDeviceDelete

POST /api/ExecDeviceDelete HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 32

{
  "ID": "text",
  "action": "!Enable"
}

200

Successful response

No content

Get Recovery Key

post

Retrieves BitLocker recovery keys for a device

Body

GUIDstringRequired

Device ID

Responses

200

Successful response

post

/api/ExecGetRecoveryKey

POST /api/ExecGetRecoveryKey HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 15

{
  "GUID": "text"
}

200

Successful response

No content

List Deleted Items

get

Lists deleted items

Responses

200

Successful response

application/json

get

/api/ListDeletedItems

GET /api/ListDeletedItems HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "displayName": "text",
    "TargetType": "text",
    "userPrincipalName": "text",
    "deletedDateTime": "text",
    "onPremisesSyncEnabled": true
  }
]

Restore Deleted Object

post

Restores a deleted object

Body

IDstringRequired

Object ID

Responses

200

Successful response

post

/api/ExecRestoreDeleted

POST /api/ExecRestoreDeleted HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

Offboard User

post

Offboards a user

Body

tenantFilterstringRequired

Tenant ID

userstring[]Required

Users to offboard

Responses

200

Successful response

post

/api/ExecOffboardUser

POST /api/ExecOffboardUser HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 68

{
  "tenantFilter": "text",
  "user": [
    "text"
  ],
  "Scheduled": {
    "enabled": true
  }
}

200

Successful response

No content

List Extensions Configuration

get

Lists extensions configuration

Responses

200

Successful response

application/json

get

/api/ListExtensionsConfig

GET /api/ListExtensionsConfig HTTP/1.1
Accept: */*

200

Successful response

{
  "GitHub": {
    "Enabled": true
  }
}

Execute Community Repository Action

post

Executes an action on a community repository

Body

Actionstring · enumRequired

Action to perform

Possible values:

GUIDstringRequired

Template GUID

FullNamestringRequired

Repository Full Name

MessagestringRequired

Commit Message

Responses

200

Successful response

post

/api/ExecCommunityRepo

POST /api/ExecCommunityRepo HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 76

{
  "Action": "UploadTemplate",
  "GUID": "text",
  "FullName": "text",
  "Message": "text"
}

200

Successful response

No content

List Community Repositories

get

Lists community repositories

Query parameters

WriteAccessbooleanOptional

Whether to only show repositories with write access

Responses

200

Successful response

application/json

get

/api/ListCommunityRepos

GET /api/ListCommunityRepos HTTP/1.1
Accept: */*

200

Successful response

{
  "Results": [
    {
      "FullName": "text"
    }
  ]
}

Remove Group Template

post

Removes a group template

Body

IDstringRequired

Template GUID

Responses

200

Successful response

post

/api/RemoveGroupTemplate

POST /api/RemoveGroupTemplate HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 13

{
  "ID": "text"
}

200

Successful response

No content

List Group Templates

get

Lists group templates

Responses

200

Successful response

application/json

get

/api/ListGroupTemplates

GET /api/ListGroupTemplates HTTP/1.1
Accept: */*

200

Successful response

[
  {
    "Displayname": "text",
    "Description": "text",
    "groupType": "text",
    "GUID": "text"
  }
]

Add Group Template

post

Creates a new group template

Body

tenantFilterstringOptional

Tenant ID

DisplaynamestringRequired

Template Display Name

DescriptionstringRequired

Template Description

groupTypestringRequired

Group Type

Responses

200

Successful response

post

/api/AddGroupTemplate

POST /api/AddGroupTemplate HTTP/1.1
Content-Type: application/json
Accept: */*
Content-Length: 84

{
  "tenantFilter": "text",
  "Displayname": "text",
  "Description": "text",
  "groupType": "text"
}

200

Successful response

No content

PreviousEndpoints NextTenant Administration

Last updated 6 months ago

Was this helpful?

hashtagList Graph Request

hashtagCreate Temporary Access Password

hashtagReset MFA

hashtagSend MFA Push

hashtagSet Per-User MFA

hashtagConvert Mailbox

hashtagEnable Online Archive

hashtagSet Out of Office

hashtagEdit Group

hashtagList Groups

hashtagEmail Forwarding

hashtagProvision OneDrive

hashtagAdd OneDrive Shortcut

hashtagList Sites

hashtagDisable/Enable User

hashtagReset Password

hashtagClear Immutable ID

hashtagRevoke Sessions

hashtagRemove User

hashtagAdd User

hashtagList MFA Users

hashtagList Sign Ins

hashtagList Inactive Accounts

hashtagList Azure AD Connect Status

hashtagHide/Unhide Group from GAL

hashtagManage Group Delivery Settings

hashtagDelete Group

hashtagAdd Group

hashtagList Roles

hashtagDismiss Risky User

hashtagList JIT Admins

hashtagExecute JIT Admin

hashtagManage Device

hashtagGet Recovery Key

hashtagList Deleted Items

hashtagRestore Deleted Object

hashtagOffboard User

hashtagList Extensions Configuration

hashtagExecute Community Repository Action

hashtagList Community Repositories

hashtagRemove Group Template

hashtagList Group Templates

hashtagAdd Group Template

List Graph Request

Create Temporary Access Password

Reset MFA

Send MFA Push

Set Per-User MFA

Convert Mailbox

Enable Online Archive

Set Out of Office

Edit Group

List Groups

Email Forwarding

Provision OneDrive

Add OneDrive Shortcut

List Sites

Disable/Enable User

Reset Password

Clear Immutable ID

Revoke Sessions

Remove User

Add User

List MFA Users

List Sign Ins

List Inactive Accounts

List Azure AD Connect Status

Hide/Unhide Group from GAL

Manage Group Delivery Settings

Delete Group

Add Group

List Roles

Dismiss Risky User

List JIT Admins

Execute JIT Admin

Manage Device

Get Recovery Key

List Deleted Items

Restore Deleted Object

Offboard User

List Extensions Configuration

Execute Community Repository Action

List Community Repositories

Remove Group Template

List Group Templates

Add Group Template