Skip to content

Commit bdc210a

Browse files
Merge pull request #28277 from microsoftgraph/main
Merge to publish.
2 parents f79b48e + a6bd8ab commit bdc210a

12 files changed

Lines changed: 421 additions & 16 deletions

.github/prompts/author-api-docs.prompt.md

Lines changed: 7 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1377,7 +1377,12 @@ When a new relationship is added to an existing resource:
13771377

13781378
**When to use:**
13791379
- Member names are self-explanatory
1380-
- No descriptions needed
1380+
- No or minimal descriptions needed
1381+
1382+
Example where minimal descriptions are needed:
1383+
```markdown
1384+
The possible values are: <br/><li>`none`: No cross-tenant access. Indicates a single-tenant, non-B2B scenario. </li> <li>`b2bCollaboration`: The connection involves B2B collaboration across tenants. </li> <li>`unknownFutureValue`: Evolvable enumeration sentinel value. Do not use.</li>
1385+
```
13811386

13821387
**Note:** enums.md and enums-{subnamespace}.md files are not customer-facing (they're for API Doctor validation only).
13831388

@@ -1474,7 +1479,7 @@ Create a dedicated topic for the enumeration. This option is rarely applicable.
14741479
**When to use:**
14751480
- Need descriptions for enum members and Option 2 isn't suitable
14761481
- Multiple resources use the enum
1477-
- Enum has many members requiring detailed descriptions
1482+
- Enum has many members requiring detailed descriptions that might reduce scannability in Options 1 or 2
14781483

14791484
**Important:** Use only when necessary. Prefer Option 1 or 2 whenever possible.
14801485

api-reference/beta/resources/groups-overview.md

Lines changed: 10 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ ms.localizationpriority: high
88
ms.subservice: entra-groups
99
doc_type: conceptualPageType
1010
ms.topic: overview
11-
ms.date: 04/29/2025
11+
ms.date: 02/19/2026
1212
#customer intent: As a developer, I want to understand how to create and manage groups using Microsoft Graph so that I can simplify access management for my organization.
1313
---
1414

@@ -97,6 +97,10 @@ Content-type: application/json
9797
}
9898
```
9999

100+
## Group ownership
101+
102+
Groups can have one or more owners who manage the group. Owners can be users or service principals. We recommend assigning at least two owners to a group to ensure continuity.
103+
100104
## Group membership
101105

102106
Groups can have static or dynamic memberships. Dynamic membership uses rules to automatically add or remove members based on their properties. Not all object types can be members of Microsoft 365 and security groups.
@@ -254,13 +258,7 @@ The Microsoft Graph groups API supports these common operations:
254258

255259
## Microsoft Entra roles for managing groups
256260

257-
To manage groups, the signed-in user must have the appropriate Microsoft Graph permissions and be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json).
258-
259-
The least privileged roles for managing groups are:
260-
261-
- Directory Writers
262-
- Groups Administrator
263-
- User Administrator
261+
To manage groups, the signed-in user must have the appropriate Microsoft Graph permissions and be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with supported permissions. *Groups Administrator* is the main role for managing groups, but other roles such as *User Administrator*, *Exchange Administrator*, and *Directory Writers* can also manage groups with varying levels of permissions.
264262

265263
For more information, see [Least privileged roles to manage groups](/entra/identity/role-based-access-control/delegate-by-task#groups).
266264

@@ -269,3 +267,7 @@ For more information, see [Least privileged roles to manage groups](/entra/ident
269267
> [!div class="nextstepaction"]
270268
> [Start working with groups](../resources/group.md)
271269
270+
## See also
271+
272+
- [Best practices for managing groups in the cloud](/entra/fundamentals/concept-learn-about-groups#best-practices-for-managing-groups-in-the-cloud)
273+

api-reference/v1.0/api/identitygovernance-lifecycleworkflowscontainer-post-workflows.md

Lines changed: 91 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -370,3 +370,94 @@ Content-Type: application/json
370370
}
371371
}
372372
```
373+
374+
375+
### Example 3: Create a mover workflow with a set target scope
376+
377+
#### Request
378+
379+
The following example shows a request that creates a workflow with the following configuration:
380+
+ It's a "mover" workflow-enabled and set to run on-demand only.
381+
+ It runs for users within the set target scope of the administrative units "4f9dc456-0574-4122-9e55-8b4cc494b27d" and "2c987843-e9b1-4b1a-b924-ff1d2a9b054d".
382+
+ One task is carried out, which is to send an email to notify the user's manager of the move.
383+
384+
<!-- {
385+
"blockType": "request",
386+
"name": "lifecycleworkflows_create_workflow_with_administrative_scope"
387+
}
388+
-->
389+
``` http
390+
POST https://graph.microsoft.com/v1.0/identityGovernance/lifecycleWorkflows/workflows
391+
Content-Type: application/json
392+
393+
{
394+
"category": "mover",
395+
"displayName": "On Demand workflow move",
396+
"description": "Execute real-time tasks for employee job changes",
397+
"tasks": [
398+
{
399+
"arguments": [],
400+
"description": "Send email to notify user's manager of user move",
401+
"displayName": "Send email to notify manager of user move",
402+
"isEnabled": true,
403+
"continueOnError": false,
404+
"taskDefinitionId": "aab41899-9972-422a-9d97-f626014578b7",
405+
"category": "mover"
406+
}
407+
],
408+
"executionConditions": {
409+
"@odata.type": "#microsoft.graph.identityGovernance.onDemandExecutionOnly"
410+
},
411+
"isEnabled": true,
412+
"isSchedulingEnabled": false,
413+
"administrationScopeTargets": [
414+
{
415+
"@odata.type": "#microsoft.graph.administrativeUnit",
416+
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
417+
},
418+
{
419+
"@odata.type": "#microsoft.graph.administrativeUnit",
420+
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
421+
}
422+
]
423+
}
424+
```
425+
426+
427+
#### Response
428+
429+
The following example shows the response.
430+
>**Note:** The response object shown here might be shortened for readability.
431+
<!-- {
432+
"blockType": "response",
433+
"truncated": true,
434+
"@odata.type": "microsoft.graph.identityGovernance.workflow"
435+
}
436+
-->
437+
``` http
438+
HTTP/1.1 201 Created
439+
Content-Type: application/json
440+
441+
{
442+
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
443+
"category": "mover",
444+
"description": "Execute real-time tasks for employee job changes",
445+
"displayName": "On Demand workflow move",
446+
"isEnabled": true,
447+
"isSchedulingEnabled": false,
448+
"lastModifiedDateTime": "2025-01-09T15:28:24.0565594Z",
449+
"createdDateTime": "2025-01-09T15:28:24.0565526Z",
450+
"id": "465d0d08-3099-483f-9d93-16aad77bcd22",
451+
"version": 1,
452+
"administrationScopeTargets": [
453+
{
454+
"@odata.type": "#microsoft.graph.administrativeUnit",
455+
"id": "4f9dc456-0574-4122-9e55-8b4cc494b27d"
456+
},
457+
{
458+
"@odata.type": "#microsoft.graph.administrativeUnit",
459+
"id": "2c987843-e9b1-4b1a-b924-ff1d2a9b054d"
460+
}
461+
]
462+
}
463+
```

0 commit comments

Comments
 (0)