Movatterモバイル変換

Namespace: microsoft.graph

Represents a Microsoft Entra user account. This resource is an open type that allows other properties to be passed in. Inherits fromdirectoryObject. Onlya subset of user properties are returned by default in v1.0. To retrieve other properties, you must specify them in a$select query option.

This resource supports:

Adding your own data to custom properties asextensions.
Subscribing tochange notifications.
Usingdelta query to track incremental additions, deletions, and updates, by providing adelta function.

Methods

Method	Return Type	Description
List	user collection	Get a list of user objects.
Create	user	Create a new user object.
Get	user	Read properties and relationships of user object.
Update	user	Update user object.
Delete	None	Delete user object.
Get delta	user collection	Get incremental changes for users.
Change password	None	Update your own password.
Retry service provisioning	None	Retry the user service provisioning.
Revoke sign-in sessions	None	Revokes all the user's refresh and session tokens issued to applications, by resetting thesignInSessionsValidFromDateTime user property to the current date-time. It forces the user to sign in to those applications again.
Export personal data	None	Submits a data policy operation request, made by a company administrator to export an organizational user's data.
App role assignments
List	appRoleAssignment collection	Get the apps and app roles assigned to this user.
Add	appRoleAssignment	Assign an app role to this user.
Remove	None	Remove an app role assignment from this user.
Calendar
List calendars	calendar collection	Get a Calendar object collection.
Create calendar	Calendar	Create a new Calendar by posting to the calendars collection.
List calendar groups	calendarGroup collection	Get a CalendarGroup object collection.
Create calendar group	CalendarGroup	Create a new CalendarGroup by posting to the calendarGroups collection.
List events	event collection	Get a list of event objects in the user's mailbox. The list contains single instance meetings and series masters.
Create event	event	Create a new event by posting to the events collection.
Find meeting times	meetingTimeSuggestionsResult	Find time and locations to meet based on attendee availability, location, or time constraints.
Get free/busy schedule	scheduleInformation	Get the free/busy availability information for a collection of users, distributions lists, or resources (rooms or equipment) for a specified period.
List calendar view	event collection	Get an event object collection.
Reminder view	Reminder collection	Return a list of calendar reminders within the start and end times specified.
Cloud PC
List Cloud PCs	cloudPC collection	List thecloudPC devices that are attributed to the signed-in user.
Data security and governance
Compute protection scopes	policyUserScope collection	Compute the protection scopes for the signed-in user.
Create content activity	contentActivity	Create a content activity for the signed-in user.
Process content	processContentResponse	Process content against data protection policies in the context of the signed-in user.
Delegated permission grants
List delegated permission grants	oAuth2PermissionGrant collection	Retrieve a list of delegated permissions granted to enable a client application to access an API on behalf of the user.
Directory objects
Get by IDs	String collection	Returns the directory objects specified in a list of IDs.
Get delta for directory object	directoryObject collection	Get incremental changes for directory objects such asusers,groups,applications, andservice principals. Filtering is required on either theid of the derived type or the derived type itself. For more information on delta queries, see theUse delta query to track changes in Microsoft Graph data.
Check member groups	String collection	Check for membership in a list of groups. The check is transitive.
Get member groups	String collection	Return all the groups that the user is a member of. The check is transitive.
Check member objects	String collection	Check for membership in a list of group, directory role, or administrative unit objects. The function is transitive.
Get member objects	String collection	Return all of the groups, administrative units, and directory roles that the user is a member of. The check is transitive.
List created objects	directoryObject collection	Get the directory objects created by the user from the createdObjects navigation property.
List owned devices	directoryObject collection	Get the devices that the user owns from the ownedDevices navigation property.
List owned objects	directoryObject collection	Get the directory objects owned by the user from the ownedObjects navigation property.
List deleted groups owned by user	directoryObject collection	Retrieve the groups deleted in the tenant in the last 30 days and that owned by a user.
List registered devices	directoryObject collection	Get the devices that are registered for the user from the registeredDevices navigation property.
List deleted items	directoryObject collection	Retrieve the users deleted in the tenant in the last 30 days.
Get deleted item	directoryObject collection	Retrieve a deleted user by ID.
Restore deleted item	directoryObject collection	Restore a user deleted in the tenant in the last 30 days.
Permanently delete item	directoryObject collection	Permanently delete a deleted user from the tenant.
Drive
Get drive	drive	Retrieve the properties and relationships of a Drive resource.
List children	DriveItems	Return a collection of DriveItems in the children relationship of a DriveItem.
Employee experience
List assigned roles	engagementRole collection	Get a list of all theroles assigned to a user in Viva Engage.
Groups
List joined teams	team collection	Get the Microsoft Teams teams that the user is a direct member of from the joinedTeams navigation property.
List member of	directoryObject collection	Get the groups, directory roles, and administrative units that the user is a direct member of. This operation isn't transitive.
List transitive member of	directoryObject collection	Get the groups, directory roles, and administrative units that the user is a member of through either direct or transitive membership.
Insights
List shared	sharedInsight collection	Get a list of shared files.
List trending	trending collection	Get a list of trending files.
List used	usedInsight collection	Get a list of used files.
Get content discovery settings	userSettings	Get users's content discovery settings.
Update content discovery settings	None	Update users's content discovery settings.
License management
Assign license	user	Add or remove subscriptions for the user. You can also enable and disable specific plans associated with a subscription.
List license details	licenseDetails collection	Get a licenseDetails object collection.
Reprocess license assignment	user	Reprocess subscription assignments for the user.
Mail
List mail folders	mailFolder collection	Get the mail folder collection under the root folder of the signed-in user.
Create mail folder	mailFolder	Create a new MailFolder by posting to the mailFolders collection.
List messages	message collection	Get all the messages in the signed-in user's mailbox.
Create message	message	Create a new Message by posting to the messages collection.
List overrides	inferenceClassificationOverride collection	Get the Focused Inbox overrides that a user configured to always classify messages from certain senders in specific ways.
Create override	inferenceClassificationOverride	Create a Focused Inbox override for a sender identified by an SMTP address.
List rules	messageRule collection	Get all the messageRule objects defined for the user's inbox.
Create rule	messageRule	Create a messageRule object by specifying a set of conditions and actions.
Send mail	None	Send the message specified in the request body.
Get mail tips	mailTips collection	Return the MailTips of one or more recipients as available to the signed-in user.
Notes
List notebooks	notebook collection	Retrieve a list of notebook objects.
Create notebook	notebook	Create a new OneNote notebook.
Org hierarchy
Assign manager	directoryObject	Assign a user or an organizational contact as this user's manager.
Get manager	directoryObject	Get the user or organizational contact that is this user's manager from the manager navigation property.
Remove manager	None	Remove the manager of a user.
List direct reports	directoryObject collection	Get the users and contacts that report to the user from the directReports navigation property.
Outlook settings
Get user mailbox settings	mailboxSettings	Get the user's mailboxSettings.
Update user mailbox settings	mailboxSettings	Enable, configure, or disable one or more mailboxSettings for a user.
List Outlook categories	outlookCategory collection	Get all the categories defined for the user.
Create Outlook category	outlookCategory	Create an outlookCategory object in the user's master list of categories.
Get supported languages	localeInfo collection	Get the list of locales and languages that are supported for the user, as configured on the user's mailbox server.
Get supported time zones	timeZoneInformation collection	Get the list of time zones that are supported for the user, as configured on the user's mailbox server.
Translate Exchange IDs	convertIdResult collection	Translate identifiers of Outlook-related resources between formats.
People
List	person collection	Get a collection of person objects ordered by their relevance to the user.
Personal contacts
List contacts	contact collection	Get a contact collection from the default Contacts folder of the signed-in user.
Create contact	contact	Create a new Contact by posting to the contacts collection.
List contact folders	contactFolder collection	Get the contact folder collection in the default Contacts folder of the signed-in user.
Create contact folder	contactFolder	Create a new ContactFolder by posting to the contactFolders collection.
Profile photo
Get	profilePhoto	Get the specified profilePhoto or its metadata (profilePhoto properties).
Update	None	Update the photo for any user in the tenant including the signed-in user, or the specified group or contact.
Delete	None	Delete the photo for any user in the tenant including the signed-in user or the specified group.
Planner
List tasks	plannerTask collection	Get plannerTasks assigned to the user.
Sponsors
Assign	None	Assign a user a sponsor.
List	directoryObject collection	Get the users and groups who are this user's sponsors.
Remove	None	Remove a user's sponsor.
Teamwork
List associated teams	associatedTeamInfo collection	Get the list of teams in Microsoft Teams that a user is associated with.
List apps installed for user	userScopeTeamsAppInstallation collection	Lists apps installed in the personal scope of a user.
Gets the installed app for user	userScopeTeamsAppInstallation	Lists the specified app installed in the personal scope of a user.
Add app for user	None	Adds (installs) an app in the personal scope of a user.
Remove app for user	None	Removes (uninstalls) an app in the personal scope of a user.
Upgrade app installed for user	None	Upgrades to the latest version of the app installed in the personal scope of a user.
Get chat between user and app	Chat	Lists one-on-one chat between the user and the app.
List permission grants	resourceSpecificPermissionGrant collection	List allresource-specific permission grants of auser.
Terms of use agreements
Agreement acceptances for a user	agreementAcceptance	Retrieve a user's agreementAcceptance objects.
To-do tasks
List tasks	todoTask collection	Get all thetodoTask resources in the specified list.
Create task	todoTask	Create atodoTask in the specified task list.
List task lists	todoTaskList collection	Get all the task lists in the user's mailbox.
Create task list	todoTaskList	Create a To Do task list in the user's mailbox.
User settings
Get	userSettings	Read the user and organization settings object.
Update	userSettings	Update the properties of the settings object.

Properties

Important

Specific usage of$filter and the$search query parameter is supported only when you use theConsistencyLevel header set toeventual and$count. For more information, seeAdvanced query capabilities on directory objects.

Property	Type	Description
aboutMe	String	A freeform text entry field for the user to describe themselves. Returned only on`$select`.
accountEnabled	Boolean	`true` if the account is enabled; otherwise,`false`. This property is required when a user is created. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`, and`in`).
ageGroup	ageGroup	Sets the age group of the user. Allowed values:`null`,`Minor`,`NotAdult`, and`Adult`. For more information, seelegal age group property definitions. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`, and`in`).
assignedLicenses	assignedLicense collection	The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate between directly assigned and inherited licenses. Use thelicenseAssignmentStates property to identify the directly assigned and inherited licenses. Not nullable. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`/$count eq 0`,`/$count ne 0`).
assignedPlans	assignedPlan collection	The plans that are assigned to the user. Read-only. Not nullable. Returned only on`$select`. Supports`$filter` (`eq` and`not`).
birthday	DateTimeOffset	The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is`2014-01-01T00:00:00Z`. Returned only on`$select`.
businessPhones	String collection	The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory. Returned by default. Supports`$filter` (`eq`,`not`,`ge`,`le`,`startsWith`).
city	String	The city where the user is located. Maximum length is 128 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
companyName	String	The name of the company that the user is associated with. This property can be useful for describing the company that a guest comes from. The maximum length is 64 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
consentProvidedForMinor	consentProvidedForMinor	Sets whether consent was obtained for minors. Allowed values:`null`,`Granted`,`Denied`, and`NotRequired`. For more information, seelegal age group property definitions. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`, and`in`).
country	String	The country or region where the user is located; for example,`US` or`UK`. Maximum length is 128 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
createdDateTime	DateTimeOffset	The date and time the user was created, in ISO 8601 format and UTC. The value can't be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Microsoft Entra ID. Property is`null` for some users created before June 2018 and on-premises users that were synced to Microsoft Entra ID before June 2018. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`).
creationType	String	Indicates whether the user account was created through one of the following methods: As a regular school or work account (`null`). As an external account (`Invitation`). As a local account for an Azure Active Directory B2C tenant (`LocalAccount`). Through self-service sign-up by an internal user using email verification (`EmailVerified`). Through self-service sign-up by a guest signing up through a link that is part of a user flow (`SelfServiceSignUp`). Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`in`).
customSecurityAttributes	customSecurityAttributeValue	An open complex type that holds the value of a custom security attribute that is assigned to a directory object. Nullable. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`startsWith`). The filter value is case-sensitive. To read this property, the calling app must be assigned theCustomSecAttributeAssignment.Read.All permission. To write this property, the calling app must be assigned theCustomSecAttributeAssignment.ReadWrite.All permissions. To read or write this property in delegated scenarios, the admin must be assigned theAttribute Assignment Administrator role.
deletedDateTime	DateTimeOffset	The date and time the user was deleted. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`).
department	String	The name of the department in which the user works. Maximum length is 64 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`, and`eq` on`null` values).
displayName	String	The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and family name. This property is required when a user is created and it can't be cleared during updates. Maximum length is 256 characters. Returned by default. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values),`$orderby`, and`$search`.
employeeHireDate	DateTimeOffset	The date and time when the user was hired or will start work in a future hire. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`).
employeeLeaveDateTime	DateTimeOffset	The date and time when the user left or will leave the organization. To read this property, the calling app must be assigned theUser-LifeCycleInfo.Read.All permission. To write this property, the calling app must be assigned theUser.Read.All andUser-LifeCycleInfo.ReadWrite.All permissions. To read this property in delegated scenarios, the admin needs at least one of the following Microsoft Entra roles:Lifecycle Workflows Administrator (least privilege),Global Reader. To write this property in delegated scenarios, the admin needs theGlobal Administrator role. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`). For more information, seeConfigure the employeeLeaveDateTime property for a user.
employeeId	String	The employee identifier assigned to the user by the organization. The maximum length is 16 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
employeeOrgData	employeeOrgData	Represents organization data (for example, division and costCenter) associated with a user. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`).
employeeType	String	Captures enterprise worker type. For example,`Employee`,`Contractor`,`Consultant`, or`Vendor`. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`).
externalUserState	String	For a guest invited to the tenant using theinvitation API, this property represents the invited user's invitation status. For invited users, the state can be`PendingAcceptance` or`Accepted`, or`null` for all other users. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`in`).
externalUserStateChangeDateTime	DateTimeOffset	Shows the timestamp for the latest change to theexternalUserState property. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`in`).
faxNumber	String	The fax number of the user. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
givenName	String	The given name (first name) of the user. Maximum length is 64 characters. Returned by default. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
hireDate	DateTimeOffset	The hire date of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is`2014-01-01T00:00:00Z`. Returned only on`$select`. Note: This property is specific to SharePoint in Microsoft 365. We recommend using the nativeemployeeHireDate property to set and update hire date values using Microsoft Graph APIs.
id	String	The unique identifier for the user. Should be treated as an opaque identifier. Inherited fromdirectoryObject. Key. Not nullable. Read-only. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`in`).
identities	objectIdentity collection	Represents the identities that can be used to sign in to this user account. Microsoft (also known as a local account), organizations, or social identity providers such as Facebook, Google, and Microsoft can provide identity and tie it to a user account. It might contain multiple items with the samesignInType value. Returned only on`$select`. Supports`$filter` (`eq`) with limitations.
imAddresses	String collection	The instant message voice-over IP (VOIP) session initiation protocol (SIP) addresses for the user. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`ge`,`le`,`startsWith`).
interests	String collection	A list for the user to describe their interests. Returned only on`$select`.
isManagementRestricted	Boolean	`true` if the user is a member of a restricted management administrative unit. If not set, the default value is`null` and the default behavior is false. Read-only. To manage a user who is a member of a restricted management administrative unit, the administrator or calling app must be assigned a Microsoft Entra role at the scope of the restricted management administrative unit. Returned only on`$select`.
isResourceAccount	Boolean	Don't use – reserved for future use.
jobTitle	String	The user's job title. Maximum length is 128 characters. Returned by default. Supports`$filter` (`eq`,`ne`,`not` ,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
lastPasswordChangeDateTime	DateTimeOffset	The time when this Microsoft Entra user last changed their password or when their password was created, whichever date the latest action was performed. The date and time information uses ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is`2014-01-01T00:00:00Z`. Returned only on`$select`.
legalAgeGroupClassification	legalAgeGroupClassification	Used by enterprise applications to determine the legal age group of the user. This property is read-only and calculated based onageGroup andconsentProvidedForMinor properties. Allowed values:`null`,`Undefined`,`MinorWithOutParentalConsent`,`MinorWithParentalConsent`,`MinorNoParentalConsentRequired`,`NotAdult`, and`Adult`. For more information, seelegal age group property definitions. Returned only on`$select`.
licenseAssignmentStates	licenseAssignmentState collection	State of license assignments for this user. Also indicates licenses that are directly assigned or the user inherited through group memberships. Read-only. Returned only on`$select`.
mail	String	The SMTP address for the user, for example,`jeff@contoso.com`. Changes to this property update the user'sproxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use theotherMails property instead. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`,`endsWith`, and`eq` on`null` values).
mailboxSettings	mailboxSettings	Settings for the primary mailbox of the signed-in user. You canget orupdate settings for sending automatic replies to incoming messages, locale, and time zone. Returned only on`$select`.
mailNickname	String	The mail alias for the user. This property must be specified when a user is created. Maximum length is 64 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
mobilePhone	String	The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. Maximum length is 64 characters. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values) and`$search`.
mySite	String	The URL for the user's site. Returned only on`$select`.
officeLocation	String	The office location in the user's place of business. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
onPremisesDistinguishedName	String	Contains the on-premises Active Directory`distinguished name` or`DN`. The property is only populated for customers who are synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Read-only. Returned only on`$select`.
onPremisesDomainName	String	Contains the on-premises`domainFQDN`, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Read-only. Returned only on`$select`.
onPremisesExtensionAttributes	onPremisesExtensionAttributes	Contains extensionAttributes1-15 for the user. These extension attributes are also known as Exchange custom attributes 1-15. Each attribute can store up to 1024 characters. For anonPremisesSyncEnabled user, the source of authority for this set of properties is the on-premises and is read-only. For a cloud-only user (whereonPremisesSyncEnabled is`false`), these properties can be set during the creation or update of a user object. For a cloud-only user previously synced from on-premises Active Directory, these properties are read-only in Microsoft Graph but can be fully managed through the Exchange Admin Center or the Exchange Online V2 module in PowerShell. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`in`).
onPremisesImmutableId	String	This property is used to associate an on-premises Active Directory user account to their Microsoft Entra user object. This property must be specified when creating a new user account in the Graph if you're using a federated domain for the user'suserPrincipalName (UPN) property.NOTE: The$ and_ characters can't be used when specifying this property. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`).
onPremisesLastSyncDateTime	DateTimeOffset	Indicates the last time at which the object was synced with the on-premises directory; for example:`2013-02-16T03:04:54Z`. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014 is`2014-01-01T00:00:00Z`. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`).
onPremisesProvisioningErrors	onPremisesProvisioningError collection	Errors when using Microsoft synchronization product during provisioning. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`ge`,`le`).
onPremisesSamAccountName	String	Contains the on-premises`samAccountName` synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`).
onPremisesSecurityIdentifier	String	Contains the on-premises security identifier (SID) for the user that was synchronized from on-premises to the cloud. Read-only. Returned only on`$select`. Supports`$filter` (`eq` including on`null` values).
onPremisesSyncEnabled	Boolean	`true` if this user object is currently being synced from an on-premises Active Directory (AD); otherwise the user isn't being synced and can be managed in Microsoft Entra ID. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`in`, and`eq` on`null` values).
onPremisesUserPrincipalName	String	Contains the on-premises`userPrincipalName` synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Microsoft Entra ID via Microsoft Entra Connect. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`).
otherMails	String collection	A list of other email addresses for the user; for example:`["bob@contoso.com", "Robert@fabrikam.com"]`. Can store up to 250 values, each with a limit of 250 characters. NOTE: This property can't contain accent characters. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`ge`,`le`,`in`,`startsWith`,`endsWith`,`/$count eq 0`,`/$count ne 0`).
passwordPolicies	String	Specifies password policies for the user. This value is an enumeration with one possible value being`DisableStrongPassword`, which allows weaker passwords than the default policy to be specified.`DisablePasswordExpiration` can also be specified. The two might be specified together; for example:`DisablePasswordExpiration, DisableStrongPassword`. Returned only on`$select`. For more information on the default password policies, seeMicrosoft Entra password policies. Supports`$filter` (`ne`,`not`, and`eq` on`null` values).
passwordProfile	passwordProfile	Specifies the password profile for the user. The profile contains the user's password. This property is required when a user is created. The password in the profile must satisfy minimum requirements as specified by thepasswordPolicies property. By default, a strong password is required. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`in`, and`eq` on`null` values). To update this property: User-PasswordProfile.ReadWrite.All is the least privileged permission to update this property. In delegated scenarios, theUser AdministratorMicrosoft Entra role is the least privileged admin role supported to update this property for nonadmin users.Privileged Authentication Administrator is the least privileged role that's allowed to update this property forall administrators in the tenant. In general, the signed-in user must have a higher privileged administrator role as indicated inWho can reset passwords. In app-only scenarios, the calling app must be assigned a supported permissionand at least theUser AdministratorMicrosoft Entra role.
pastProjects	String collection	A list for the user to enumerate their past projects. Returned only on`$select`.
postalCode	String	The postal code for the user's postal address. The postal code is specific to the user's country or region. In the United States of America, this attribute contains the ZIP code. Maximum length is 40 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
preferredDataLocation	String	The preferred data location for the user. For more information, seeOneDrive Online Multi-Geo.
preferredLanguage	String	The preferred language for the user. The preferred language format is based on RFC 4646. The name is a combination of an ISO 639 two-letter lowercase culture code associated with the language, and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: "en-US", or "es-ES". Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values)
preferredName	String	The preferred name for the user.Not Supported. This attribute returns an empty string. Returned only on`$select`.
provisionedPlans	provisionedPlan collection	The plans that are provisioned for the user. Read-only. Not nullable. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`ge`,`le`).
proxyAddresses	String collection	For example:`["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]`. Changes to themail property update this collection to include the value as an SMTP address. For more information, seemail and proxyAddresses properties. The proxy address prefixed with`SMTP` (capitalized) is the primary proxy address, while those addresses prefixed with`smtp` are the secondary proxy addresses. For Azure AD B2C accounts, this property has a limit of 10 unique addresses. Read-only in Microsoft Graph; you can update this property only through theMicrosoft 365 admin center. Not nullable. Returned only on`$select`. Supports`$filter` (`eq`,`not`,`ge`,`le`,`startsWith`,`endsWith`,`/$count eq 0`,`/$count ne 0`).
refreshTokensValidFromDateTime	DateTimeOffset	Any refresh tokens or session tokens (session cookies) issued before this time are invalid. Applications get an error when using an invalid refresh or session token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application needs to acquire a new refresh token by requesting the authorized endpoint. Returned only on`$select`. Read-only.
responsibilities	String collection	A list for the user to enumerate their responsibilities. Returned only on`$select`.
serviceProvisioningErrors	serviceProvisioningError collection	Errors published by a federated service describing a nontransient, service-specific error regarding the properties or link from a user object. Supports`$filter` (`eq`,`not`, for isResolved and serviceInstance).
schools	String collection	A list for the user to enumerate the schools they attended. Returned only on`$select`.
securityIdentifier	String	Security identifier (SID) of the user, used in Windows scenarios. Read-only. Returned by default. Supports`$select` and`$filter` (`eq`,`not`,`ge`,`le`,`startsWith`).
showInAddressList	Boolean	Do not use in Microsoft Graph. Manage this property through the Microsoft 365 admin center instead. Represents whether the user should be included in the Outlook global address list. SeeKnown issue.
signInActivity	signInActivity	Get the last signed-in date and request ID of the sign-in for a given user. Read-only. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`)but not with any other filterable properties. Note: Details for this property require a Microsoft Entra ID P1 or P2 license and theAuditLog.Read.All permission. This property isn't returned for a user who never signed in or last signed in before April 2020.
signInSessionsValidFromDateTime	DateTimeOffset	Any refresh tokens or session tokens (session cookies) issued before this time are invalid. Applications get an error when using an invalid refresh or session token to acquire a delegated access token (to access APIs such as Microsoft Graph). If this happens, the application needs to acquire a new refresh token by requesting the authorized endpoint. Read-only. UserevokeSignInSessions to reset. Returned only on`$select`.
skills	String collection	A list for the user to enumerate their skills. Returned only on`$select`.
state	String	The state or province in the user's address. Maximum length is 128 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
streetAddress	String	The street address of the user's place of business. Maximum length is 1,024 characters. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
surname	String	The user's surname (family name or last name). Maximum length is 64 characters. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
usageLocation	String	A two-letter country code (ISO standard 3166). Required for users that are assigned licenses due to legal requirements to check for availability of services in countries/regions. Examples include:`US`,`JP`, and`GB`. Not nullable. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`, and`eq` on`null` values).
userPrincipalName	String	The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this value should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's collection of verified domains. This property is required when a user is created. The verified domains for the tenant can be accessed from theverifiedDomains property oforganization. NOTE: This property can't contain accent characters. Only the following characters are allowed`A - Z`,`a - z`,`0 - 9`, `' . - _ ! # ^ ~`. For the complete list of allowed characters, seeusername policies. Returned by default. Supports`$filter` (`eq`,`ne`,`not`,`ge`,`le`,`in`,`startsWith`,`endsWith`) and`$orderby`.
userType	String	A string value that can be used to classify user types in your directory. The possible values are`Member` and`Guest`. Returned only on`$select`. Supports`$filter` (`eq`,`ne`,`not`,`in`, and`eq` on`null` values).NOTE: For more information about the permissions for members and guests, seeWhat are the default user permissions in Microsoft Entra ID?

Tip

Directory and schema extensions and their associated data are returned only on$select; Open extensions and their associated data are returned only on$expand.

mail and proxyAddresses properties

mail andproxyAddresses are both email-related properties. TheproxyAddresses property is a collection of addresses only relevant to the Microsoft Exchange server. It's used to store a list of mail addresses for a user that are tied to a single mailbox. Themail property is used as the user's email address for various purposes including user sign-in and defines the primary proxy address.

Bothmail andproxyAddresses can be retrieved through theGET user API. You can update themail via theUpdate user API, but can't updateproxyAddresses through Microsoft Graph. When a user'smail property is updated, it triggers recalculation ofproxyAddresses and the newly updated mail is set to be the primary proxy address, except in the following scenarios:

If a user has a license that includes Microsoft Exchange, all their proxy addresses must belong to a verified domain on the tenant. Any that don't belong to verified domains are silently removed.
A user's mail is NOT set to the primary proxy address if the user is a guest and the primary proxy address contains the guest's UPN string with #EXT#.
A user's mail is NOT removed, even if they no longer have proxy addresses if the user is a guest.

proxyAddresses are unique across directory objects (users, groups, and organizational contacts). If a user'smail property conflicts with one of theproxyAddresses of another object, an attempt to update themail fails, and theproxyAddresses property isn't updated either.

Legal age group property definitions

This section explains how the three age group properties (legalAgeGroupClassification,ageGroup, andconsentProvidedForMinor) are used by Microsoft Entra administrators and enterprise application developers to meet age-related regulations:

ThelegalAgeGroupClassification property is read-only. It's used by enterprise application developers to ensure the correct handling of a user based on their legal age group. It's calculated based on the user'sageGroup andconsentProvidedForMinor properties.
ageGroup andconsentProvidedForMinor are optional properties used by Microsoft Entra administrators to help ensure the use of an account is handled correctly based on the age-related regulatory rules governing the user's country or region.

For example: Cameron is the administrator of a directory for an elementary school in Holyport in the United Kingdom. At the beginning of the school year, he uses the admissions paperwork to obtain consent from the minor's parents based on the age-related regulations of the United Kingdom. The consent obtained from the parent allows the minor's account to be used by Holyport School and Microsoft apps. Cameron then creates all the accounts and setsageGroup tominor andconsentProvidedForMinor togranted. Applications used by his students are then able to suppress features that aren't suitable for minors.

legalAgeGroupClassification values

Member	Description
null	Default value, noageGroup is set for the user.
Undefined	NoageGroup is set for the user butconsentProvidedForMinor is either`Granted`,`Denied`, or`NotRequired`.
MinorWithoutParentalConsent	(Reserved for future use)
MinorWithParentalConsent	The user is considered a minor based on the age-related regulations of their country or region, and the administrator of the account obtained appropriate consent from a parent or guardian.
Adult	The user is considered an adult based on the age-related regulations of their country or region.
NotAdult	The user is from a country or region that has additional age-related regulations, such as the United States, United Kingdom, European Union, or South Korea, and the user's age is between a minor and an adult age (as stipulated based on country or region). Generally, this means that teenagers are considered as`notAdult` in regulated countries/regions.
MinorNoParentalConsentRequired	The user is a minor but is from a country or region that has no age-related regulations.

ageGroup values

Member	Description
null	Default value, noageGroup is set for the user.
Minor	The user is considered a minor.
NotAdult	The user is from a country or region that has statutory regulations, such as the United States, United Kingdom, European Union, or South Korea, and the user's age is more than the upper limit of kid age (as per country or region) and less than lower limit of adult age (as stipulated based on country or region). So basically, teenagers are considered as`notAdult` in regulated countries/regions.
Adult	The user should be treated as an adult.

consentProvidedForMinor values

Member	Description
null	Default value, noconsentProvidedForMinor is set for the user.
Granted	Consent is obtained for the user to have an account.
Denied	Consent isn't obtained for the user to have an account.
NotRequired	The user is from a location that doesn't require consent.

Relationships

Relationship	Type	Description
activities	userActivity collection	The user's activities across devices. Read-only. Nullable.
agreementAcceptances	agreementAcceptance collection	The user's terms of use acceptance statuses. Read-only. Nullable.
appRoleAssignments	appRoleAssignment collection	Represents the app roles a user is granted for an application. Supports`$expand`.
authentication	authentication	The authentication methods that are supported for the user.
calendar	calendar	The user's primary calendar. Read-only.
calendarGroups	calendarGroup collection	The user's calendar groups. Read-only. Nullable.
calendars	calendar collection	The user's calendars. Read-only. Nullable.
calendarView	event collection	The calendar view for the calendar. Read-only. Nullable.
cloudPCs	cloudPC collection	The user's Cloud PCs. Read-only. Nullable.
contactFolders	contactFolder collection	The user's contacts folders. Read-only. Nullable.
contacts	contact collection	The user's contacts. Read-only. Nullable.
createdObjects	directoryObject collection	Directory objects that the user created. Read-only. Nullable.
dataSecurityAndGovernance	userDataSecurityAndGovernance	The data security and governance settings for the user. Read-only. Nullable.
directReports	directoryObject collection	The users and contacts that report to the user. (The users and contacts that have their manager property set to this user.) Read-only. Nullable. Supports`$expand`.
drive	drive	The user's OneDrive. Read-only.
drives	drive collection	A collection of drives available for this user. Read-only.
events	event collection	The user's events. Default is to show Events under the Default Calendar. Read-only. Nullable.
extensions	extension collection	The collection of open extensions defined for the user. Read-only. Supports`$expand`. Nullable.
inferenceClassification	inferenceClassification	Relevance classification of the user's messages based on explicit designations that override inferred relevance or importance.
insights	itemInsights	Represents relationships between a user and items such as OneDrive for work or school documents, calculated using advanced analytics and machine learning techniques. Read-only. Nullable.
licenseDetails	licenseDetails collection	A collection of this user's license details. Read-only.
mailFolders	mailFolder collection	The user's mail folders. Read-only. Nullable.
manager	directoryObject	The user or contact that is this user's manager. Read-only. Supports`$expand`.
memberOf	directoryObject collection	The groups and directory roles that the user is a member of. Read-only. Nullable. Supports`$expand`.
messages	message collection	The messages in a mailbox or folder. Read-only. Nullable.
onenote	onenote	Read-only.
onlineMeetings	onlineMeeting collection	Information about a meeting, including the URL used to join a meeting, the attendees list, and the description.
outlook	outlookUser	Read-only.
ownedDevices	directoryObject collection	Devices the user owns. Read-only. Nullable. Supports`$expand` and`$filter` (`/$count eq 0`,`/$count ne 0`,`/$count eq 1`,`/$count ne 1`).
ownedObjects	directoryObject collection	Directory objects the user owns. Read-only. Nullable. Supports`$expand`,`$select` nested in`$expand`, and`$filter` (`/$count eq 0`,`/$count ne 0`,`/$count eq 1`,`/$count ne 1`).
people	person collection	People that are relevant to the user. Read-only. Nullable.
permissionGrants	resourceSpecificPermissionGrant collection	List all resource-specific permission grants of a user.
photo	profilePhoto	The user's profile photo. Read-only.
photos	profilePhoto collection	The collection of the user's profile photos in different sizes. Read-only.
planner	plannerUser	Entry-point to the Planner resource that might exist for a user. Read-only.
registeredDevices	directoryObject collection	Devices that are registered for the user. Read-only. Nullable. Supports`$expand` and returns up to 100 objects.
solutions	userSolutionRoot	The identifier that relates the user to the working time schedule triggers. Read-Only. Nullable
sponsors	directoryObject collection	The users and groups responsible for this guest's privileges in the tenant and keeping the guest's information and access updated. (HTTP Methods: GET, POST, DELETE.). Supports`$expand`.
teamwork	userTeamwork	A container for Microsoft Teams features available for the user. Read-only. Nullable.
todo	todo	Represents the To Do services available to a user.
transitiveMemberOf	directoryObject collection	The groups, including nested groups, and directory roles that a user is a member of. Nullable.

JSON representation

The following JSON representation shows the resource type.

{  "aboutMe": "String",  "accountEnabled": true,  "ageGroup": "String",  "assignedLicenses": [{"@odata.type": "microsoft.graph.assignedLicense"}],  "assignedPlans": [{"@odata.type": "microsoft.graph.assignedPlan"}],  "birthday": "String (timestamp)",  "businessPhones": ["String"],  "city": "String",  "companyName": "String",  "consentProvidedForMinor": "String",  "country": "String",  "createdDateTime": "String (timestamp)",  "creationType": "String",  "customSecurityAttributes": {    "@odata.type": "microsoft.graph.customSecurityAttributeValue"  },  "department": "String",  "displayName": "String",  "employeeHireDate": "2020-01-01T00:00:00Z",  "employeeId": "String",  "employeeOrgData": {"@odata.type": "microsoft.graph.employeeOrgData"},  "employeeType": "String",  "faxNumber" : "String",  "givenName": "String",  "hireDate": "String (timestamp)",  "id": "String (identifier)",  "identities": [{"@odata.type": "microsoft.graph.objectIdentity"}],  "imAddresses": ["String"],  "interests": ["String"],  "isManagementRestricted": "Boolean",  "isResourceAccount": false,  "jobTitle": "String",  "legalAgeGroupClassification": "String",  "licenseAssignmentStates": [{"@odata.type": "microsoft.graph.licenseAssignmentState"}],  "lastPasswordChangeDateTime": "String (timestamp)",  "mail": "String",  "mailboxSettings": {"@odata.type": "microsoft.graph.mailboxSettings"},  "mailNickname": "String",  "mobilePhone": "String",  "mySite": "String",  "officeLocation": "String",  "onPremisesDistinguishedName": "String",  "onPremisesDomainName": "String",  "onPremisesExtensionAttributes": {"@odata.type": "microsoft.graph.onPremisesExtensionAttributes"},  "onPremisesImmutableId": "String",  "onPremisesLastSyncDateTime": "String (timestamp)",  "onPremisesProvisioningErrors": [{"@odata.type": "microsoft.graph.onPremisesProvisioningError"}],  "onPremisesSamAccountName": "String",  "onPremisesSecurityIdentifier": "String",  "onPremisesSyncEnabled": true,  "onPremisesUserPrincipalName": "String",  "otherMails": ["String"],  "passwordPolicies": "String",  "passwordProfile": {"@odata.type": "microsoft.graph.passwordProfile"},  "pastProjects": ["String"],  "postalCode": "String",  "preferredDataLocation": "String",  "preferredLanguage": "String",  "preferredName": "String",  "provisionedPlans": [{"@odata.type": "microsoft.graph.provisionedPlan"}],  "proxyAddresses": ["String"],  "responsibilities": ["String"],  "schools": ["String"],  "securityIdentifier": "String",  "serviceProvisioningErrors": [    { "@odata.type": "microsoft.graph.serviceProvisioningXmlError" }  ],  "showInAddressList": true,  "signInActivity": {"@odata.type": "microsoft.graph.signInActivity"},  "signInSessionsValidFromDateTime": "String (timestamp)",  "skills": ["String"],  "state": "String",  "streetAddress": "String",  "surname": "String",  "usageLocation": "String",  "userPrincipalName": "String",  "userType": "String",  "calendar": { "@odata.type": "microsoft.graph.calendar" },  "calendarGroups": [{ "@odata.type": "microsoft.graph.calendarGroup" }],  "calendarView": [{ "@odata.type": "microsoft.graph.event" }],  "calendars": [ {"@odata.type": "microsoft.graph.calendar"} ],  "contacts": [ { "@odata.type": "microsoft.graph.contact" } ],  "contactFolders": [ { "@odata.type": "microsoft.graph.contactFolder" } ],  "createdObjects": [ { "@odata.type": "microsoft.graph.directoryObject" } ],  "directReports": [ { "@odata.type": "microsoft.graph.directoryObject" } ],  "drive": { "@odata.type": "microsoft.graph.drive" },  "drives": [ { "@odata.type": "microsoft.graph.drive" } ],  "events": [ { "@odata.type": "microsoft.graph.event" } ],  "inferenceClassification": { "@odata.type": "microsoft.graph.inferenceClassification" },  "mailFolders": [ { "@odata.type": "microsoft.graph.mailFolder" } ],  "manager": { "@odata.type": "microsoft.graph.directoryObject" },  "memberOf": [ { "@odata.type": "microsoft.graph.directoryObject" } ],  "messages": [ { "@odata.type": "microsoft.graph.message" } ],  "outlook": { "@odata.type": "microsoft.graph.outlookUser" },  "ownedDevices": [ { "@odata.type": "microsoft.graph.directoryObject" } ],  "ownedObjects": [ { "@odata.type": "microsoft.graph.directoryObject" } ],  "photo": { "@odata.type": "microsoft.graph.profilePhoto" },  "photos": [ { "@odata.type": "microsoft.graph.profilePhoto" } ],  "registeredDevices": [ { "@odata.type": "microsoft.graph.directoryObject" } ]}

Movatterモバイル変換

Share via

user resource type

In this article