Skip to content

Promote agentUser APIs from beta to v1.0 #9881

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
tafra00 wants to merge 1 commit into from
Closed

Promote agentUser APIs from beta to v1.0 #9881

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion api-reference/beta/toc/toc.mapping.json
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -163,7 +163,7 @@
]
},
{
"name": "Agent user (preview)",
"name": "Agent user",
"resources": [
"agentUser"
]
Expand Down
81 changes: 81 additions & 0 deletions api-reference/v1.0/api/agentuser-delete-manager.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
---
title: "Remove manager (for agentUser)"
description: "Remove an agent user's manager."
author: "yyuank"
ms.reviewer: "iamut"
ms.date: 4/27/2026
ms.localizationpriority: medium
ms.subservice: "entra-agent-id"
doc_type: apiPageType
---

# Remove manager (for agentUser)

Namespace: microsoft.graph

Remove an [agentUser's](../resources/agentuser.md) manager.

## Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
|Permission type | Least privileged permission | Higher privileged permissions |
|:--------------------|:---------------------------|:-----------------------------|
|Delegated (work or school account) | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.ReadWrite.All |
|Delegated (personal Microsoft account) | Not supported. | Not supported.|
|Application | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.ReadWrite.All |

[!INCLUDE [rbac-agent-user-apis-write](../includes/rbac-for-apis/rbac-agent-user-apis-write.md)]

## HTTP request

<!-- {
"blockType": "ignored"
}
-->
``` http
DELETE /users/{usersId}/manager/{id}/$ref
```
Comment on lines +37 to +39

## Request headers

|Name|Description|
|:---|:---|
|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

## Request body

Don't supply a request body for this method.

## Response

If successful, this method returns a `204 No Content` response code.

## Examples

### Request

The following example shows a request.
<!-- {
"blockType": "request",
"name": "delete_manager_from_agentuser"
}
-->
``` http
DELETE https://graph.microsoft.com/v1.0/users/{usersId}/manager/{id}/$ref
```

### Response

The following example shows the response.
<!-- {
"blockType": "response",
"truncated": true
}
-->
``` http
HTTP/1.1 204 No Content
```


81 changes: 81 additions & 0 deletions api-reference/v1.0/api/agentuser-delete-sponsors.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,81 @@
---
title: "Remove sponsor (for agentUser)"
description: "Remove a user or group from the sponsors of an agent user."
author: "yyuank"
ms.reviewer: "iamut"
ms.date: 4/27/2026
ms.localizationpriority: medium
ms.subservice: "entra-agent-id"
doc_type: apiPageType
---

# Remove sponsor (for agentUser)

Namespace: microsoft.graph

Remove an [agentUser's](../resources/agentuser.md) sponsor.

## Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
|Permission type | Least privileged permission | Higher privileged permissions |
|:--------------------|:---------------------------|:-----------------------------|
|Delegated (work or school account) | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.ReadWrite.All |
|Delegated (personal Microsoft account) | Not supported. | Not supported.|
|Application | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.ReadWrite.All |

[!INCLUDE [rbac-user-sponsors-apis-write](../includes/rbac-for-apis/rbac-user-sponsors-apis-write.md)]

## HTTP request

<!-- {
"blockType": "ignored"
}
-->
``` http
DELETE /users/{usersId}/sponsors/{id}/$ref
```

## Request headers

|Name|Description|
|:---|:---|
|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

## Request body

Don't supply a request body for this method.

## Response

If successful, this method returns a `204 No Content` response code.

## Examples

### Request

The following example shows a request.
<!-- {
"blockType": "request",
"name": "delete_sponsors_from_agentuser"
}
-->
``` http
DELETE https://graph.microsoft.com/v1.0/users/{usersId}/sponsors/{id}/$ref
```

### Response

The following example shows the response.
<!-- {
"blockType": "response",
"truncated": true
}
-->
``` http
HTTP/1.1 204 No Content
```


90 changes: 90 additions & 0 deletions api-reference/v1.0/api/agentuser-delete.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,90 @@
---
title: "Delete agentUser"
description: "Delete an agentUser object."
author: "yyuank"
ms.reviewer: "iamut"
ms.date: 4/27/2026
ms.localizationpriority: medium
ms.subservice: "entra-agent-id"
doc_type: apiPageType
---

# Delete agentUser

Namespace: microsoft.graph

Delete an [agentUser](../resources/agentuser.md) object.

## Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).

<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
|Permission type | Least privileged permission | Higher privileged permissions |
|:--------------------|:---------------------------|:-----------------------------|
|Delegated (work or school account) | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.DeleteRestore.All, User.ReadWrite.All |
|Delegated (personal Microsoft account) | Not supported. | Not supported.|
|Application | AgentIdUser.ReadWrite.IdentityParentedBy | AgentIdUser.ReadWrite.All, User.DeleteRestore.All, User.ReadWrite.All |

> [!IMPORTANT]
> The calling user must be assigned at least one of the following [Microsoft Entra roles](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json):
> - User Administrator
> - Privileged Authentication Administrator
> - Agent ID Administrator
>
> To delete users with privileged administrator roles in delegated scenarios, the app must be assigned the *Directory.AccessAsUser.All* delegated permission, and the calling user must have a higher privileged administrator role as indicated in [Who can perform sensitive actions](../resources/users.md#who-can-perform-sensitive-actions).
>
> In app-only scenarios, the *User.ReadWrite.All* application permission isn't enough privilege to delete users with privileged administrative roles. The agent must be assigned a higher privileged administrator role as indicated in [Who can perform sensitive actions](../resources/users.md#who-can-perform-sensitive-actions).

## HTTP request

<!-- {
"blockType": "ignored"
}
-->
``` http
DELETE /users/microsoft.graph.agentUser/{userId}
```
Note: An agent user can be deleted through the standard users' endpoint as well: DELETE /users/userId. No special odata type needs to be specified in the request.

## Request headers

|Name|Description|
|:---|:---|
|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|

## Request body

Don't supply a request body for this method.

## Response

If successful, this method returns a `204 No Content` response code.

## Examples

### Request

The following example shows a request.
<!-- {
"blockType": "request",
"name": "delete_agentuser"
}
-->
``` http
DELETE https://graph.microsoft.com/v1.0/users/microsoft.graph.agentUser/ba9a3254-9f18-4209-aeb3-9e42a35b5be4
```

### Response

The following example shows the response.
<!-- {
"blockType": "response",
"truncated": true
}
-->
``` http
HTTP/1.1 204 No Content
```


Loading
Loading