Edit

Share via

What's new in Microsoft Graph

Microsoft Graph provides a unified programmability model that you can use to access data in Microsoft 365, Windows, and Enterprise Mobility + Security. This article provides information about what's new in Microsoft Graph APIs, documentation, SDKs, and more.

For more detailed API-level updates, see the Microsoft Graph API changelog.

For details about previous updates to Microsoft Graph, see Microsoft Graph what's new history.

Important

Features in preview status are subject to change without notice, and might not be promoted to generally available (GA) status. Don't use preview features in production apps.

December 2025: New in preview only

Files

Use the SharePoint cross-tenant migration task APIs in Microsoft Graph to enable organizations to manage the tasks during tenant-to-tenant migrations. For more information, see sharePointMigrationTask.

Identity and access | Governance

  • Added the controlConfiguration resource and the controlConfigurations relationship to the entitlementManagement resource to represent the policies that control lifecycle and access to access packages across the organization.
  • Added the entraIdProtectionRiskyUserApproval resource to represent the approval configuration for risky users detected by Microsoft Entra ID Protection.
  • Added the insiderRiskyUserApproval resource to represent the approval configuration for risky users detected by Microsoft Purview Insider Risk Management.

Identity and access | Identity and sign-in

Added the microsoftRevokedSessions value to the riskDetail enumeration to indicate that Microsoft revoked sessions. This enumeration member applies to the following Microsoft Entra Identity Protection resources: riskDetection, riskUserActivity, riskyUser, and signIn.

November 2025: New and generally available

Backup storage

The driveItem: restore method was expanded to enable restoring a driveItem deleted from a fileStorageContainer without mapping it to a recycleBinItem. This complements existing functionality in recycleBinItem: restore which continues to work as expected.

Calendars | Places

Files

Identity and access | Directory management

Deleted security groups can now be restored from deleted items within 30 days of deletion, similar to Microsoft 365 groups. Use the Restore deleted item API to restore a deleted security group.

Identity and access | Governance

Added the userInactivityTrigger resource to support automatic triggering of access reviews based on user inactivity.

Teamwork and communications | Calls and online meetings

Use resource-specific consent (RSC) permissions for virtual events. For more information, see Virtual events town hall API use cases and Virtual events webinar API use cases.

Identity and access | Identity and sign-in

  • Added the webApplicationFirewallProvider and webApplicationFirewallVerificationModel resource types and their associated APIs for configuring and managing Web Application Firewall providers and shield external-facing authentication endpoints from threats such as distributed denial of service (DDoS) attacks, OWASP Top-10 risks, malicious bots, and more. This feature is supported in Microsoft Entra External ID for external tenants.
  • Added the fraudProtectionProvider resource type and its associated APIs to enbale integration with third-party fraud protection providers for sign-up fraud defense. This feature is part of Microsoft Entra Identity Protection capabilities in Microsoft Entra External ID for external tenants.

Teamwork and communications | Calls and online meetings

Use resource-specific consent (RSC) permissions for virtual events. For more information, see Virtual events town hall API use cases and Virtual events webinar API use cases.

November 2025: New in preview only

Agents

Use the Microsoft Entra Agent ID APIs to manage identities for AI agents using the same identity and access management capabilities that protect human users. The APIs include capabilities to manage the following objects:

  • Agent registrations
  • Agent users
  • The Microsoft Entra agent registry

Additionally, the first-class Microsoft Entra experience allows you to leverage the familiar automation capabilities in Conditional Access, ID Governance, and Identity Protection.

Applications

Added the riskFactors and riskScore properties to the applicationTemplate resource type which represents apps on the Microsoft Entra app gallery. These properties provide insights into the security posture of application templates.

Calendars | Places

  • Use the wifiState property on building to indicate whether a building has Wi-Fi.
  • Use the heightAdjustableState property on desk to indicate whether a desk is height adjustable.
  • Use the teamsEnabledState property on room to indicate whether a room is enabled for Microsoft Teams.
  • Removed the placeId property from the place resource and its derived types. Going forward only the following derived types of place have the placeId property: room and workspace.
  • Removed the offlinePlaceMode resource in favor of the unavailablePlaceMode resource.

Devices and app management | Cloud PC

Removed the osArchitecture property from the cloudPcDeviceImage and cloudPcGalleryImage resources.

Files

Identity and access | Directory management

  • Added the b2bManagementPolicy resource and the b2bManagementPolicies relationship to the policyRoot resource to manage Microsoft Entra B2B features in Microsoft Entra External ID for workforce tenants.
  • Added the onPremAuthenticationPolicy resource and the onPremAuthenticationPolicies relationship to the policyRoot resource to manage how authentication requests from on-premises environments are handled for users and applications.

Identity and access | Governance

  • Added the customDataProvidedResource resource to support user-centric access reviews.
  • Added the administrationScopeTargets relationship to the workflowBase resource and its derived types to support scoping lifecycle workflows to specific administrative units.

Identity and access | Identity and sign-in

  • Added support for managing Microsoft Entra agent identities using Conditional Access policies with the introduction of the following changes:

  • Added the agentRiskDetection and riskyAgent resources to support detecting and managing risky agents through Microsoft Entra Identity Protection.

  • Added the organizationalBrandingTheme and organizationalBrandingThemeLocalization resource types to apply branding themes to applications as opposed to the global tenant-based branding for sign-in experiences. This also enabled locale-specific branding for applications.

  • In Microsoft Entra External ID for customer tenants, you can now enable your customers to sign-in with their username or alias. This capability includes a sign-in identifiers policy for you to configure whether username can be used as a sign-in identifier and you can specify a custom regex to be applied at run-time. For more information, see the signInIdentifierBase resource type and its associated APIs.

  • Added the verifiedIdProfile resource type to represent a verified identity profile as one of the supported authentication methods in Microsoft Entra.

  • Added the defaultPasskeyProfile property and the passkeyProfiles navigation property to the FIDO2 authentication method policy resource. In addition, use the passkeyType property in the FIDO2 authentication method resource to configure allowed passkeys for the user's FIDO2 authentication method.

Identity and access | Network access

Microsoft MCP Server for Enterprise

Introducing the Microsoft MCP Server for Enterprise - the official MCP server for querying Microsoft Entra data using natural language. The server calls the Microsoft Entra APIs on Microsoft Graph to retrieve data and generate responses based on user queries. It supports a wide range of Microsoft Entra data, including users, groups, devices, applications, and more. See Overview of Microsoft MCP server for Enterprise for more information.

Reports | Identity and access reports

  • Added support for sign in logs for Microsoft Entra agent identities to Microsoft Entra sign-in reports with the introduction of the following changes:
    • Added agentSubjectParentId and agentSubjectType properties to the agentSignIn resource.
    • Added agentIdentityBlueprintPrincipal and agentIDuser enumeration members to the agentType property of the agentSignIn resource.

Security

  • Use the Security Copilot APIs to integrate advanced AI assistance related to Microsoft Entra into your custom portals and applications. The APIs provide capabilities to create sessions, prompts, and evaluations using the available plugins, enabling tailored AI-driven security workflows for your line-of-business applications.
  • Added the identityAccounts resource type to represent user and service accounts associated with an identity in the context of security investigations and alerts in Microsoft Defender for Identity.
  • Added the hasProtection property to the sensitivityLabel resource to indicate whether the label has protection actions such as encryption and forwarding restrictions.

Security | Data security and compliance

Use the hasProtection property on sensitivityLabel to indicate whether the label has protection actions.

Tasks and plans

  • Get the usage rights for a specific plan based on its sensitivity label assignment and the requesting user's permissions.
  • Use the contentSensitivityLabelAssignment property on plannerPlan to get or set the sensitivity label assignment for a plan.

Teamwork and communications | Calls and online meetings

  • Added the sensitivityLabelAssignment property to the onlineMeeting, which represents the meeting's sensitivity level. This ID corresponds to the identifier configured in the Microsoft Purview portal.
  • Use the Accept-Language header with the Create virtualEventWebinar and Create virtualEventTownhall methods to specify an acceptable human language for the response.
  • Use the expiryDateTime property on onlineMeeting and virtualEventSession to indicate the date and time when the meeting resource expires.
  • Use the meetingSpokenLanguageTag property on onlineMeeting and virtualEventSession to specify the spoken language used during the meeting for recording and transcription purposes.
  • Use the following new endpoints to enable the management of work location for a user:
    • Clear the automatic work location value for a user.
    • Clear the work location signals for a user, including both the manual and automatic layers for the current date.
    • Update the automatic work location for a user.
    • Set the user's manual work location signal.

Contribute to Microsoft Graph

Are there scenarios you'd like Microsoft Graph to support?

  • Suggest and vote for new features by using the Microsoft Graph Feedback Portal. Some new features originate as popular requests from the developer community. The Microsoft Graph team regularly evaluates customer needs and releases new features to the beta (https://graph.microsoft.com/beta) and v1.0 (https://graph.microsoft.com/v1.0) endpoints.

  • Join the weekly Microsoft 365 platform community call and become an active member of the Microsoft Graph community. To discover the full calendar of developer calls, visit the Microsoft 365 and Power Platform community page.

  • Join our research panel to provide your input on our developer experiences.

Related content

  • Last updated on