Merge pull request #28165 from microsoftgraph/main

Auto Publish – main to live - 2026-01-30 00:30 UTC

Author: learn-build-service-prod[bot]

.github/prompts/author-api-docs.prompt.md

@@ -480,13 +480,17 @@ For each copied file, make the following updates:
 3. **Update the `ms.date` field** in the YAML front matter to today's date
 
 **For API method files:**
-1. **Remove SDK snippet links** from the Example Request section:
+1. **Delete the national cloud include statement** that appears immediately before the "## Permissions" header:
+   - Remove the entire include statement (e.g., `[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]`)
+   - This include should be deleted for v1.0 GA documentation
+
+2. **Remove SDK snippet links** from the Example Request section:
    - Remove the `# [HTTP](#tab/http)` tab
    - Remove the tab boundary marker (`---`)
    - Remove all language-specific SDK snippet include links (e.g., `[!INCLUDE [sample-code](../includes/snippets/csharp/...)]`)
    - Keep only the HTTP example in the Request section
 
-2. **Verify examples work with v1.0 endpoint:**
+3. **Verify examples work with v1.0 endpoint:**
    - Run each example using the v1.0 endpoint to ensure all properties are returned in v1.0
    - Remove any properties from examples that are not returned in v1.0
    - Ensure request URLs use `graph.microsoft.com/v1.0/` not `graph.microsoft.com/beta/`
@@ -604,6 +608,7 @@ Remove "(preview)" from TOC entries as applicable:
 **For API method files promoted to v1.0:**
 - [ ] File copied from beta\api to v1.0\api
 - [ ] Beta disclaimer removed
+- [ ] National cloud include statement deleted (immediately before ## Permissions header)
 - [ ] Version references updated from /beta to /v1.0 in all examples
 - [ ] ms.date updated in YAML front matter
 - [ ] SDK snippet links removed from Example Request section

api-reference/beta/resources/security-ediscoverypurgedataoperation.md

@@ -29,6 +29,7 @@ None.
 |createdDateTime|DateTimeOffset| The date and time the operation was created. Inherited from [caseOperation](../resources/security-caseoperation.md).|
 |id|String| The ID for the operation. Read-only. Inherited from [caseOperation](../resources/security-caseoperation.md).|
 |percentProgress|Int32| The progress of the operation. Inherited from [caseOperation](../resources/security-caseoperation.md).|
+|reportFileMetadata|[microsoft.graph.security.reportFileMetadata](../resources/security-ediscoveryreportfilemetadata.md) collection|The purge job report file metadata. It contains the properties for report file metadata, including **downloadUrl**, **fileName**, and **size**.|
 |resultInfo|[resultInfo](../resources/resultinfo.md)| Contains success and failure-specific result information. Inherited from [caseOperation](../resources/security-caseoperation.md).|
 |status|[microsoft.graph.security.caseOperationStatus](../resources/security-caseoperation.md#caseoperationstatus-values)| The status of the case operation. The possible values are: `notStarted`, `submissionFailed`, `running`, `succeeded`, `partiallySucceeded`, `failed`, `unknownFutureValue`. Inherited from [caseOperation](../resources/security-caseoperation.md).|
 
@@ -64,18 +65,15 @@ The following JSON representation shows the resource type.
 ``` json
 {
   "@odata.type": "#microsoft.graph.security.ediscoveryPurgeDataOperation",
-  "id": "String (identifier)",
-  "createdDateTime": "String (timestamp)",
-  "completedDateTime": "String (timestamp)",
   "action": "String",
-  "createdBy": {
-    "@odata.type": "microsoft.graph.identitySet"
-  },
-  "percentProgress": "Integer",
-  "status": "String",
-  "resultInfo": {
-    "@odata.type": "microsoft.graph.resultInfo"
-  }
+  "completedDateTime": "String (timestamp)",
+  "createdBy": {"@odata.type": "microsoft.graph.identitySet"},
+  "createdDateTime": "String (timestamp)",
+  "id": "String (identifier)",
+  "percentProgress": "Int32",
+  "reportFileMetadata": [{"@odata.type": "microsoft.graph.reportFileMetadata"}],
+  "resultInfo": {"@odata.type": "microsoft.graph.resultInfo"},
+  "status": "String"
 }
 ```
 

api-reference/beta/toc/security/toc.yml

@@ -748,6 +748,8 @@ items:
       href: ../../resources/security-ediscoveryaddtoreviewsetoperation.md
     - name: eDiscovery estimate operation
       href: ../../resources/security-ediscoveryestimateoperation.md
+    - name: eDiscovery purge data operation
+      href: ../../resources/security-ediscoverypurgedataoperation.md
     - name: Report file metadata
       href: ../../resources/security-ediscoveryreportfilemetadata.md
 - name: Email and collaboration protection

api-reference/beta/toc/toc.mapping.json

@@ -2954,6 +2954,7 @@
           "complexTypes": [
             "microsoft.graph.security.ediscoveryAddToReviewSetOperation",
             "microsoft.graph.security.ediscoveryEstimateOperation",
+            "microsoft.graph.security.ediscoveryPurgeDataOperation",
             "microsoft.graph.security.reportFileMetadata"
           ]
         },

api-reference/v1.0/api/externalauthenticationmethodconfiguration-delete.md

@@ -0,0 +1,77 @@
+---
+title: "Delete externalAuthenticationMethodConfiguration"
+description: "Delete an externalAuthenticationMethodConfiguration object."
+author: "gregkmsft"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+ms.date: 01/19/2026
+---
+
+# Delete externalAuthenticationMethodConfiguration
+
+Namespace: microsoft.graph
+
+Delete an [externalAuthenticationMethodConfiguration](../resources/externalauthenticationmethodconfiguration.md) object.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "externalauthenticationmethodconfiguration_delete" } -->
+[!INCLUDE [permissions-table](../includes/permissions/externalauthenticationmethodconfiguration-delete-permissions.md)]
+
+[!INCLUDE [rbac-authentication-methods-policy-apis-write](../includes/rbac-for-apis/rbac-authentication-methods-policy-apis-write.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+```http
+DELETE /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "delete_externalauthenticationmethodconfiguration"
+}
+-->
+```http
+DELETE https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/b3107ab7-68c7-4553-a167-48c1e9c24d52
+```
+
+### Response
+
+The following example shows the response.
+<!-- {
+  "blockType": "response",
+  "truncated": true
+}
+-->
+```http
+HTTP/1.1 204 No Content
+```
+

api-reference/v1.0/api/externalauthenticationmethodconfiguration-get.md

@@ -0,0 +1,98 @@
+---
+title: "Get externalAuthenticationMethodConfiguration"
+description: "Read the properties and relationships of an externalAuthenticationMethodConfiguration object."
+author: "gregkmsft"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+ms.date: 01/19/2026
+---
+
+# Get externalAuthenticationMethodConfiguration
+
+Namespace: microsoft.graph
+
+Read the properties and relationships of an [externalAuthenticationMethodConfiguration](../resources/externalauthenticationmethodconfiguration.md) object.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "externalauthenticationmethodconfiguration_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/externalauthenticationmethodconfiguration-get-permissions.md)]
+
+[!INCLUDE [rbac-authentication-methods-policy-apis-read](../includes/rbac-for-apis/rbac-authentication-methods-policy-apis-read.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+```http
+GET /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
+```
+
+## Optional query parameters
+
+This method does not support OData query parameters to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [externalAuthenticationMethodConfiguration](../resources/externalauthenticationmethodconfiguration.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_externalauthenticationmethodconfiguration"
+}
+-->
+```http
+GET https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/b3107ab7-68c7-4553-a167-48c1e9c24d52
+```
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.externalAuthenticationMethodConfiguration"
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.externalAuthenticationMethodConfiguration",
+  "id": "b3107ab7-68c7-4553-a167-48c1e9c24d52",
+  "displayName": "Adatum",
+  "appId": "fb262304-618c-4ffb-878a-114490bdf200",
+  "openIdConnectSetting": {
+      "clientId": "06a011bd-ec92-4404-80fb-db6d5ada8ee2",
+      "discoveryUrl": "https//Adatum.com/.well-known/openid-configuration"
+  },
+  "state": "disabled",
+  "excludeTargets": [],
+  "includeTargets": []
+}
+```
+

api-reference/v1.0/api/externalauthenticationmethodconfiguration-update.md

@@ -0,0 +1,103 @@
+---
+title: "Update externalAuthenticationMethodConfiguration"
+description: "Update the properties of an externalAuthenticationMethodConfiguration object."
+author: "gregkmsft"
+ms.localizationpriority: medium
+ms.subservice: "entra-sign-in"
+doc_type: apiPageType
+ms.date: 01/19/2026
+---
+
+# Update externalAuthenticationMethodConfiguration
+
+Namespace: microsoft.graph
+
+Update the properties of an [externalAuthenticationMethodConfiguration](../resources/externalauthenticationmethodconfiguration.md) object.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "externalauthenticationmethodconfiguration_update" } -->
+[!INCLUDE [permissions-table](../includes/permissions/externalauthenticationmethodconfiguration-update-permissions.md)]
+
+[!INCLUDE [rbac-authentication-methods-policy-apis-write](../includes/rbac-for-apis/rbac-authentication-methods-policy-apis-write.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+```http
+PATCH /policies/authenticationMethodsPolicy/authenticationMethodConfigurations/{id}
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+[!INCLUDE [table-intro](../../includes/update-property-table-intro.md)]
+
+
+|Property|Type|Description|
+|:---|:---|:---|
+|appId|String|**appId** for the app registration in Microsoft Entra ID representing the integration with the external provider.|
+|excludeTargets|[excludeTarget](../resources/excludetarget.md) collection|Groups representing the users that should be excluded from the policy. |
+|includeTargets|[authenticationMethodTarget](../resources/authenticationMethodTarget.md) collection|Groups representing the users that are included in the policy and that can use the external authentication method. |
+|state|authenticationMethodState|The state of the method in the policy. The possible values are: `enabled`, `disabled`. |
+|openIdConnectSetting|[openIdConnectSetting](../resources/openidconnectsetting.md)|Object representing the required settings for the OIDC request to the external provider.|
+
+
+
+## Response
+
+If successful, this method returns a `204 No Content` response code.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "update_externalauthenticationmethodconfiguration"
+}
+-->
+```http
+PATCH https://graph.microsoft.com/v1.0/policies/authenticationMethodsPolicy/authenticationMethodConfigurations/b183b746-e7db-4fa2-bafc-69ecf18850dd
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.externalAuthenticationMethodConfiguration",
+  "includeTargets": [
+    {
+        "targetType": "group",
+        "id": "b183b746-e7db-4fa2-bafc-69ecf18850dd",
+        "isRegistrationRequired": false,
+    }
+  ],
+  "state": "enabled"
+}
+
+```
+
+### Response
+
+The following example shows the response.
+<!-- {
+  "blockType": "response",
+  "truncated": true
+}
+-->
+```http
+HTTP/1.1 204 No Content
+```
+

api-reference/v1.0/includes/permissions/externalauthenticationmethodconfiguration-delete-permissions.md

@@ -0,0 +1,12 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|Not available.|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|Policy.ReadWrite.AuthenticationMethod|Not available.|
+

api-reference/v1.0/includes/permissions/externalauthenticationmethodconfiguration-get-permissions.md

@@ -0,0 +1,12 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|Policy.Read.AuthenticationMethod|Policy.Read.All, Policy.ReadWrite.AuthenticationMethod|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|Policy.Read.AuthenticationMethod|Policy.Read.All, Policy.ReadWrite.AuthenticationMethod|
+

api-reference/v1.0/includes/permissions/externalauthenticationmethodconfiguration-update-permissions.md

@@ -0,0 +1,12 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|Policy.ReadWrite.AuthenticationMethod|Not available.|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|Policy.ReadWrite.AuthenticationMethod|Not available.|
+