Merge pull request #28299 from microsoftgraph/main

Merge to publish.

Author: Danipocket

api-reference/v1.0/api/authenticationstrengthpolicy-post-combinationconfigurations.md

@@ -70,7 +70,7 @@ The following example shows a request.
 }
 -->
 ``` http
-POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}//combinationConfigurations
+POST https://graph.microsoft.com/v1.0/identity/conditionalAccess/authenticationStrength/policies/{authenticationStrengthPolicyId}/combinationConfigurations
 Content-Type: application/json
 Content-length: 130
 

api-reference/v1.0/api/multitenantorganizationmember-update.md

@@ -64,7 +64,7 @@ The following example changes the role of a tenant in a multitenant organization
 }
 -->
 ```http
-PATCH https://graph.microsoft.com/v1.0/tenantRelationships/multiTenantOrganization/tenant/5036a0a0-a7a4-4933-9086-5dd54535dd6e
+PATCH https://graph.microsoft.com/v1.0/tenantRelationships/multiTenantOrganization/tenants/5036a0a0-a7a4-4933-9086-5dd54535dd6e
 Content-Type: application/json
 
 {

api-reference/v1.0/api/orgcontact-retryserviceprovisioning.md

@@ -14,6 +14,8 @@ Namespace: microsoft.graph
 
 Retry the [orgContact](../resources/orgContact.md) service provisioning.
 
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
 ## Permissions
 
 Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

api-reference/v1.0/api/qrcode-update.md

@@ -69,9 +69,11 @@ PATCH /users/{id}/authentication/qrCodePinMethod/temporaryQRCode
 
 If successful, this method returns a `201 Created` response code and an updated [qrCode](../resources/qrcode.md) object in the response body. The QR code image is returned only when creating a QR code object. It's not returned when updating a standard QR code object.
 
-## Examples to create a standard QR code
+## Examples
 
-### Request
+### Example 1: Create a standard QR code
+
+#### Request
 
 The following example shows a request.
 <!-- {
@@ -91,7 +93,7 @@ Content-Type: application/json
 }
 ```
 
-### Response
+#### Response
 
 The following example shows the response.
 >**Note:** The response object shown here might be shortened for readability.
@@ -122,9 +124,9 @@ Content-Type: application/json
 }
 ```
 
-## Examples to update a standard QR code
+### Example 2: Update a standard QR code
 
-### Request
+#### Request
 
 The following example shows a request.
 <!-- {
@@ -143,7 +145,7 @@ Content-Type: application/json
 }
 ```
 
-### Response
+#### Response
 
 The following example shows the response.
 >**Note:** The response object shown here might be shortened for readability.

api-reference/v1.0/api/serviceprincipalriskdetection-get.md

@@ -47,9 +47,9 @@ Don't supply a request body for this method.
 
 If successful, this method returns a `200 OK` response code and a [servicePrincipalRiskDetection](../resources/serviceprincipalriskdetection.md) object in the response body.
 
-### Example: Get a specific risk detection object
+## Example
 
-#### Request
+### Request
 
 
 # [HTTP](#tab/http)
@@ -92,7 +92,7 @@ GET https://graph.microsoft.com/v1.0/identityProtection/servicePrincipalRiskDete
 
 ---
 
-#### Response
+### Response
 >**Note:** The response object shown here might be shortened for readability.
 <!-- {
   "blockType": "response",

changelog/Manual.NonWorkloadChanges.json

@@ -1,5 +1,47 @@
 {
   "changelog": [
+    {
+      "ChangeList": [
+        {
+          "Id": "74c50b70-259d-4c6e-80fb-2c15dde1e827",
+          "ApiChange": "Permission",
+          "ChangedApiName": "FileStorageContainerType.Manage.All",
+          "ChangeType": "Change",
+          "Description": "Updated the `FileStorageContainerType.Manage.All` delegated permission to no longer require admin consent.",
+          "Target": "FileStorageContainerType.Manage.All"
+        },
+        {
+          "Id": "74c50b70-259d-4c6e-80fb-2c15dde1e827",
+          "ApiChange": "Permission",
+          "ChangedApiName": "FileStorageContainerTypeReg.Manage.All",
+          "ChangeType": "Change",
+          "Description": "Updated the `FileStorageContainerTypeReg.Manage.All` delegated permission to no longer require admin consent.",
+          "Target": "FileStorageContainerTypeReg.Manage.All"
+        },
+        {
+          "Id": "74c50b70-259d-4c6e-80fb-2c15dde1e827",
+          "ApiChange": "Permission",
+          "ChangedApiName": "ThreatSubmission.Read",
+          "ChangeType": "Change",
+          "Description": "Updated the `ThreatSubmission.Read` delegated permission to now require admin consent.",
+          "Target": "ThreatSubmission.Read"
+        },
+        {
+          "Id": "74c50b70-259d-4c6e-80fb-2c15dde1e827",
+          "ApiChange": "Permission",
+          "ChangedApiName": "ThreatSubmission.ReadWrite",
+          "ChangeType": "Change",
+          "Description": "Updated the `ThreatSubmission.ReadWrite` delegated permission to now require admin consent.",
+          "Target": "ThreatSubmission.ReadWrite"
+        }
+      ],
+      "Id": "74c50b70-259d-4c6e-80fb-2c15dde1e827",
+      "Cloud": "prd",
+      "Version": "v1.0",
+      "CreatedDateTime": "2026-02-23T10:54:33.0608937Z",
+      "WorkloadArea": "Permissions",
+      "SubArea": ""
+    },
     {
       "ChangeList": [
         {

concepts/permissions-reference.md

@@ -7,7 +7,7 @@ ms.localizationpriority: high
 ms.topic: reference
 ms.subservice: entra-applications
 ms.custom: graphiamtop20, scenarios:getting-started
-ms.date: 02/16/2026
+ms.date: 02/23/2026
 #Customer intent: As a developer, I want to learn more about the permissions available in Microsoft Graph, so that I understand the impact of granting specific permissions to my app.
 ---
 
@@ -3538,7 +3538,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | 8e6ec84c-5fcd-4cc7-ac8a-2296efc0ed9b |
 | DisplayText | - | Manage file storage container types on behalf of the signed in user |
 | Description | - | Allows the application to manage file storage container types on behalf of the signed in user. The user must be a SharePoint Embedded Admin or Global Admin. |
-| AdminConsentRequired | - | Yes |
+| AdminConsentRequired | - | No |
 
 ---
 
@@ -3549,7 +3549,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | c319a7df-930e-44c0-a43b-7e5e9c7f4f24 |
 | DisplayText | - | Manage file storage container type registrations on behalf of the signed in user |
 | Description | - | Allows the application to manage file storage container type registrations on behalf of the signed in user. The user must be a SharePoint Embedded Admin or Global Admin. |
-| AdminConsentRequired | - | Yes |
+| AdminConsentRequired | - | No |
 
 ---
 
@@ -8549,6 +8549,17 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 
 ---
 
+### TeamworkTargetedMessage.Read.All
+
+| Category | Application | Delegated |
+|--|--|--|
+| Identifier | b0cfd829-be18-4b31-bb0e-ec1df8197ba3 | - |
+| DisplayText | Read all targeted messages of group chat or channel | - |
+| Description | Allows the app to read all group chat or channel targeted messages in Microsoft Teams. | - |
+| AdminConsentRequired | Yes | - |
+
+---
+
 ### TeamworkUserInteraction.Read.All
 
 | Category | Application | Delegated |
@@ -8655,7 +8666,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | fd5353c6-26dd-449f-a565-c4e16b9fce78 |
 | DisplayText | - | Read threat submissions |
 | Description | - | Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. |
-| AdminConsentRequired | - | No |
+| AdminConsentRequired | - | Yes |
 
 ---
 
@@ -8677,7 +8688,7 @@ GET https://graph.microsoft.com/v1.0/servicePrincipals(appId='00000003-0000-0000
 | Identifier | - | 68a3156e-46c9-443c-b85c-921397f082b5 |
 | DisplayText | - | Read and write threat submissions |
 | Description | - | Allows the app to read the threat submissions and threat submission policies owned by the signed-in user. Also allows the app to create new threat submissions on behalf of the signed-in user. |
-| AdminConsentRequired | - | No |
+| AdminConsentRequired | - | Yes |
 
 ---
 

concepts/toc.yml

@@ -1113,6 +1113,8 @@ items:
     - name: Overview
       href: change-notifications-overview.md
       displayName: change notifications, rich notifications, basic notifications, subscriptions, webhooks, Azure Event Hub, Azure Event Grid
+    - name: Rich notifications
+      href: change-notifications-with-resource-data.md
     - name: Notifications delivery channels
       items:
       - name: Notifications through webhooks
@@ -1123,8 +1125,6 @@ items:
         href: /azure/event-grid/subscribe-to-graph-api-events?context=graph%2Fcontext
     - name: Lifecycle notifications for subscriptions
       href: change-notifications-lifecycle-events.md
-    - name: Rich notifications
-      href: change-notifications-with-resource-data.md
     - name: Notifications for cloud printing
       href: universal-print-webhook-notifications.md
     - name: Notifications for Microsoft Teams resources

concepts/whats-new-earlier.md

@@ -12,6 +12,98 @@ ms.topic: whats-new
 
 Find information about previous additions and updates to Microsoft Graph APIs, documentation, SDKs, and other resources.
 
+## December 2025: New and generally available
+
+### Calendars | Places
+
+- Use the **wifiState** property on [building](/graph/api/resources/building) to indicate whether a building has Wi-Fi.
+- Use the **heightAdjustableState** property on [desk](/graph/api/resources/desk) to indicate whether a desk is height adjustable.
+- Use the **teamsEnabledState** property on [room](/graph/api/resources/room) to indicate whether a room is enabled for Microsoft Teams.
+- Use the **placeId** property on [room](/graph/api/resources/room) and [workspace](/graph/api/resources/workspace) as an alternative immutable unique identifier.
+- Use the [unavailablePlaceMode](/graph/api/resources/unavailableplacemode) resource to indicate why a **desk** or **workspace** is marked as unavailable for booking.
+
+### Teamwork and communications | Calls and online meetings
+
+- Use the **sensitivityLabelAssignment** property on [onlineMeeting](/graph/api/resources/onlinemeeting) and [virtualEventSession](/graph/api/resources/virtualeventsession) to specify the sensitivity label applied to the Teams meeting.
+- Use the **expiryDateTime** property on [onlineMeeting](/graph/api/resources/onlinemeeting) and [virtualEventSession](/graph/api/resources/virtualeventsession) to indicate the date and time when the meeting resource expires.
+- Use the **meetingSpokenLanguageTag** property on [onlineMeeting](/graph/api/resources/onlinemeeting) and [virtualEventSession](/graph/api/resources/virtualeventsession) to specify the spoken language used during the meeting for recording and transcription purposes.
+- Use the **meetingOptionsWebUrl** property on [onlineMeeting](/graph/api/resources/onlinemeeting) and [virtualEventSession](/graph/api/resources/virtualeventsession) to get the URL to the Teams meeting options page for the specified meeting.
+
+### Teamwork and communications | Messaging
+
+When `$expand=members` is included, the [List chats](/graph/api/chat-list) API returns a maximum of 25 items, even if a larger `$top` value is specified.
+
+## December 2025: New in preview only
+
+### Calendars | Places
+
+[Upsert](/graph/api/place-patch-places?view=graph-rest-beta&preserve-view=true) one or more [place](/graph/api/resources/place?view=graph-rest-beta&preserve-view=true) objects in async mode.
+
+### Calendars | Work hours and locations
+
+Manage flexible work hours and locations using the following resources: [workHoursAndLocationsSetting](/graph/api/resources/workhoursandlocationssetting?view=graph-rest-beta&preserve-view=true), [workPlanOccurrence](/graph/api/resources/workplanoccurrence?view=graph-rest-beta&preserve-view=true), and [workPlanRecurrence](/graph/api/resources/workplanrecurrence?view=graph-rest-beta&preserve-view=true). These resources allow you to define recurring and specific work patterns, locations, and time off for modern hybrid scenarios.
+
+### Device and app management | Cloud printing
+
+Use the new supported [media sizes](/graph/api/resources/printercapabilities?view=graph-rest-beta&preserve-view=true#mediasizes-values) in the **mediaSizes** property of the [printerCapabilities](/graph/api/resources/printercapabilities?view=graph-rest-beta&preserve-view=true) resource.
+
+### Files
+
+- Use the SharePoint cross-tenant migration task APIs in Microsoft Graph to enable organizations to manage the tasks during tenant-to-tenant migrations. For more information, see [sharePointMigrationTask](/graph/api/resources/sharepointmigrationtask?view=graph-rest-beta&preserve-view=true).
+- Use the **deleted** property on [sharePointGroupIdentityMapping](/graph/api/resources/sharepointgroupidentitymapping?view=graph-rest-beta&preserve-view=true) and [sharePointUserIdentityMapping](/graph/api/resources/sharepointuseridentitymapping?view=graph-rest-beta&preserve-view=true) to indicate that an identity mapping was deleted successfully.
+
+### Identity and access | Governance
+
+- Use the following resources to represent the data sent to Azure Logic Apps as part of a custom extension callout request when a custom extension in a catalog is used:
+  - [accessPackageAssignmentCalloutData](/graph/api/resources/accesspackageassignmentcalloutdata?view=graph-rest-beta&preserve-view=true) - for access package assignments
+  - [accessPackageAssignmentRequestCalloutData](/graph/api/resources/accesspackageassignmentrequestcalloutdata?view=graph-rest-beta&preserve-view=true) - for access package assignment requests
+- Added the [controlConfiguration](/graph/api/resources/controlconfiguration?view=graph-rest-beta&preserve-view=true) resource and the **controlConfigurations** relationship to the [entitlementManagement](/graph/api/resources/entitlementmanagement?view=graph-rest-beta&preserve-view=true) resource to represent the policies that control lifecycle and access to access packages across the organization.
+- Added the [entraIdProtectionRiskyUserApproval](/graph/api/resources/entraidprotectionriskyuserapproval?view=graph-rest-beta&preserve-view=true) resource to represent the approval configuration for risky users detected by Microsoft Entra ID Protection.
+- Added the [insiderRiskyUserApproval](/graph/api/resources/insiderriskyuserapproval?view=graph-rest-beta&preserve-view=true) resource to represent the approval configuration for risky users detected by Microsoft Purview Insider Risk Management.
+
+### Identity and access | Identity and sign-in
+
+Added the `microsoftRevokedSessions` value to the [riskDetail](/graph/api/resources/riskdetail?view=graph-rest-beta&preserve-view=true) enumeration to indicate that Microsoft revoked sessions. This enumeration member applies to the following Microsoft Entra Identity Protection resources: [riskDetection](/graph/api/resources/riskdetection?view=graph-rest-beta&preserve-view=true), [riskUserActivity](/graph/api/resources/riskuseractivity?view=graph-rest-beta&preserve-view=true), [riskyUser](/graph/api/resources/riskyuser?view=graph-rest-beta&preserve-view=true), and [signIn](/graph/api/resources/signin?view=graph-rest-beta&preserve-view=true).
+
+### Identity and access | Network access
+
+Customize the block page message displayed to users when Global Secure Access blocks their access to web resources. Use the [customBlockPage](/graph/api/resources/networkaccess-customblockpage?view=graph-rest-beta&preserve-view=true) resource to configure custom messages with limited markdown support.
+
+### Mail
+
+- Use the [userConfiguration](/graph/api/resources/userconfiguration?view=graph-rest-beta&preserve-view=true) resource and its associated methods to manage user-specific settings, metadata, or application data tied to mailbox folders, using XML, binary, or dictionary formats.
+- The [callRecord: getPstnCalls](/graph/api/callrecords-callrecord-getpstncalls?view=graph-rest-beta&preserve-view=true) API now clarifies that it doesn't return information for **Telstra** calling plans only.
+- The following endpoints are no longer supported for managing [user work location](/graph/api/resources/userworklocation?view=graph-rest-beta&preserve-view=true):
+  - `POST /users/{usersId}/presence/clearAutomaticLocation`
+  - `POST /communications/presences/{presenceId}/clearAutomaticLocation`
+  - `POST /users/{usersId}/presence/clearLocation`
+  - `POST /communications/presences/{presenceId}/clearLocation`
+  - `POST /users/{usersId}/presence/setAutomaticLocation`
+  - `POST /communications/presences/{presenceId}/setAutomaticLocation`
+  - `POST /users/{usersId}/presence/setManualLocation`
+  - `POST /communications/presences/{presenceId}/setManualLocation`
+
+### Teamwork and communications | Calls and online meetings
+
+- When `$expand=members` is included, the [List chats](/graph/api/chat-list?view=graph-rest-beta&preserve-view=true) API returns a maximum of 25 items, even if a larger `$top` value is specified.
+- The following endpoints are no longer supported for managing [work location](/graph/api/resources/userworklocation?view=graph-rest-beta&preserve-view=true) for a user:
+  - `POST /users/{usersId}/presence/clearAutomaticLocation`
+  - `POST /communications/presences/{presenceId}/clearAutomaticLocation`
+  - `POST /users/{usersId}/presence/clearLocation`
+  - `POST /communications/presences/{presenceId}/clearLocation`
+  - `POST /users/{usersId}/presence/setAutomaticLocation`
+  - `POST /communications/presences/{presenceId}/setAutomaticLocation`
+  - `POST /users/{usersId}/presence/setManualLocation`
+  - `POST /communications/presences/{presenceId}/setManualLocation`
+
+### Teamwork and communications | Messaging
+
+- [Get](/graph/api/channel-get-allmembers?view=graph-rest-beta&preserve-view=true) a specific member from the channel **allMembers** collection. This API provides unified access to both direct and indirect members across all channel types, including shared channels.
+- [Start](/graph/api/channel-startmigration?view=graph-rest-beta&preserve-view=true) the migration of external messages by enabling migration mode in an existing channel.
+- [Start](/graph/api/chat-startmigration?view=graph-rest-beta&preserve-view=true) the migration of external messages by enabling migration mode in an existing chat.
+- [Complete](/graph/api/chat-completemigration?view=graph-rest-beta&preserve-view=true) the migration of external messages by removing migration mode from a chat.
+- Use the **layoutType** property on the [channel](/graph/api/resources/channel?view=graph-rest-beta&preserve-view=true) resource to create channels with different conversation experiences and switch between them at any time. The property supports two values: `post` for traditional post-reply format and `chat` for a chat-like threading experience. You can set the layout type when [creating a channel](/graph/api/channel-post?view=graph-rest-beta&preserve-view=true) and [update it](/graph/api/channel-patch?view=graph-rest-beta&preserve-view=true) later to switch between layouts.
+
 ## November 2025: New and generally available
 
 ### Calendars | Places