[Public Preview] Lifecycle Workflows Preview Mode (#28313)

* [Public Preview] Lifecycle Workflows Preview Mode

* Fix whats-new links

* Fix spacing

* Updates

* Updates

* Updates

* Discrepancy fix

* Updates

* Search added back

* Deprecation tags removed

* previewfailedtask resource file added

* Updates

* Updates

* Updates

* Upodates to odata type

* Update api-reference/beta/resources/identitygovernance-workflow.md

Co-authored-by: Eunice Waweru <73849846+msewaweru@users.noreply.github.com>

* Updates

* Removed deprecation note

* update

* Apply suggestions from code review

Co-authored-by: Danipocket <88507770+Danipocket@users.noreply.github.com>

* Apply suggestion from @FaithOmbongi

* Apply suggestion from @FaithOmbongi

---------

Co-authored-by: Eunice Waweru <73849846+msewaweru@users.noreply.github.com>
Co-authored-by: Danipocket <88507770+Danipocket@users.noreply.github.com>
Co-authored-by: Faith Moraa Ombongi <ombongi.moraa.fe@gmail.com>

Author: 4 people

api-reference/beta/api/identitygovernance-workflow-get.md

@@ -231,3 +231,70 @@ Content-Type: application/json
     }
 }
 ```
+
+### Example 3: Retrieve a workflow with the previewScope relationship expanded
+
+#### Request
+
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "lifecycleworkflows_get_workflow_expand_previewscope"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows/14879e66-9ea9-48d0-804d-8fea672d0341?$expand=previewScope
+```
+
+#### Response
+
+The following example shows the response.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.identityGovernance.workflow"
+}
+-->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/lifecycleWorkflows/workflows/$entity",
+  "id": "14879e66-9ea9-48d0-804d-8fea672d0341",
+  "category": "joiner",
+  "displayName": "Onboard pre-hire employee",
+  "description": "Configure pre-hire tasks for onboarding employees before their start date",
+  "isEnabled": true,
+  "isSchedulingEnabled": true,
+  "version": 1,
+  "createdDateTime": "2024-01-15T10:30:00Z",
+  "lastModifiedDateTime": "2024-01-15T10:30:00Z",
+  "deletedDateTime": null,
+  "nextScheduleRunDateTime": "2024-01-16T08:00:00Z",
+  "executionConditions": {
+    "@odata.type": "#microsoft.graph.identityGovernance.triggerAndScopeBasedConditions",
+    "scope": {
+      "@odata.type": "#microsoft.graph.identityGovernance.ruleBasedSubjectSet",
+      "rule": "(employeeHireDate ne null)"
+    },
+    "trigger": {
+      "@odata.type": "#microsoft.graph.identityGovernance.timeBasedAttributeTrigger",
+      "timeBasedAttribute": "employeeHireDate",
+      "offsetInDays": -7
+    }
+  },
+  "previewScope": [
+    {
+      "@odata.type": "#microsoft.graph.user",
+      "id": "b59552b8-fa7b-4f68-8496-0a529aace8c0"
+    },
+    {
+      "@odata.type": "#microsoft.graph.user",
+      "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+    }
+  ]
+}
+```

api-reference/beta/api/identitygovernance-workflow-previewtaskfailures.md

@@ -0,0 +1,135 @@
+---
+title: "workflow: previewTaskFailures"
+description: "Validate the tasks configured in a workflow to check for configuration errors."
+author: "AlexFilipin"
+ms.localizationpriority: medium
+ms.subservice: "entra-id-governance"
+doc_type: apiPageType
+ms.date: 02/25/2026
+---
+
+# workflow: previewTaskFailures
+
+Namespace: microsoft.graph.identityGovernance
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Validate the tasks configured in a [workflow](../resources/identitygovernance-workflow.md) to check for configuration errors. This action identifies any tasks that would fail during execution, allowing you to fix issues before running the workflow. Returns an empty collection if no task failures are detected.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "identitygovernance_workflow_previewtaskfailures" } -->
+
+[!INCLUDE [permissions-table](../includes/permissions/identitygovernance-workflow-previewtaskfailures-permissions.md)]
+
+[!INCLUDE [rbac-lifecycle-workflows-apis-read](../includes/rbac-for-apis/rbac-lifecycle-workflows-apis-read.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+```http
+POST /identityGovernance/lifecycleWorkflows/workflows/{workflow-id}/previewTaskFailures
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and a collection of [previewFailedTasks](../resources/identitygovernance-previewfailedtask.md) objects in the response body. If no task failures are detected, an empty collection is returned.
+
+## Examples
+
+### Example 1: Workflow with task failures
+
+The following example shows a request that validates a workflow and returns task failures.
+
+#### Request
+
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "lifecycleworkflows_workflow_previewtaskfailures_failures"
+}
+-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows/14879e66-9ea9-48d0-804d-8fea672d0341/previewTaskFailures
+```
+
+#### Response
+
+The following example shows the response.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "Collection(microsoft.graph.identityGovernance.previewFailedTask)"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.identityGovernance.previewFailedTask)",
+  "value": [
+    {
+      "name": "Generate Temporary Access Pass",
+      "definitionId": "1b555e50-7f65-41d5-b514-5894a026d10d",
+      "failureReason": "The logged-in user does not have sufficient privileges to generate a TAP. Required role: Authentication Policy Administrator",
+      "taskId": "8bb25690-6104-4e29-943e-1f67b8e662f5"
+    }
+  ]
+}
+```
+
+### Example 2: Workflow with no task failures
+
+The following example shows a request that validates a workflow with no configuration issues.
+
+#### Request
+
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "lifecycleworkflows_workflow_previewtaskfailures_nofailures"
+}
+-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows/a1b2c3d4-e5f6-7890-abcd-ef1234567890/previewTaskFailures
+```
+
+#### Response
+
+The following example shows the response.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "Collection(microsoft.graph.identityGovernance.previewFailedTask)"
+} -->
+```http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#Collection(microsoft.graph.identityGovernance.previewFailedTask)",
+  "value": []
+}
+```

api-reference/beta/api/identitygovernance-workflow-previewworkflow.md

@@ -0,0 +1,101 @@
+---
+title: "workflow: previewWorkflow"
+description: "Run a workflow in preview mode for selected directory objects without affecting production users."
+author: "AlexFilipin"
+ms.localizationpriority: medium
+ms.subservice: "entra-id-governance"
+doc_type: apiPageType
+ms.date: 02/25/2026
+---
+
+# workflow: previewWorkflow
+
+Namespace: microsoft.graph.identityGovernance
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Run a [workflow](../resources/identitygovernance-workflow.md) in preview mode for selected directory objects without affecting production users. This action triggers workflow processing in preview mode, and results can be retrieved using the [List userProcessingResults](identitygovernance-workflow-list-userprocessingresults.md) operation with `$filter=workflowExecutionType eq 'previewMode'`.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "identitygovernance_workflow_previewworkflow" } -->
+
+[!INCLUDE [permissions-table](../includes/permissions/identitygovernance-workflow-previewworkflow-permissions.md)]
+
+[!INCLUDE [rbac-lifecycle-workflows-apis-write](../includes/rbac-for-apis/rbac-lifecycle-workflows-apis-write.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+```http
+POST /identityGovernance/lifecycleWorkflows/workflows/{workflow-id}/previewWorkflow
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+In the request body, supply a JSON representation of the parameters.
+
+The following table shows the parameters that are required with this action.
+
+|Parameter|Type|Description|
+|:---|:---|:---|
+|subjects|[directoryObject](../resources/directoryobject.md) collection|A collection of directory objects (typically users) to include in the preview run. Maximum of 10 subjects per request. Required.|
+
+## Response
+
+If successful, this action returns a `204 No Content` response code.
+
+To retrieve the results of the preview run, use the [List userProcessingResults](identitygovernance-workflow-list-userprocessingresults.md) operation with `$filter=workflowExecutionType eq 'previewMode'`. Results may not be immediately available; timing depends on workflow complexity. Results may include users from previous preview runs for the same workflow.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+
+<!-- {
+  "blockType": "request",
+  "name": "lifecycleworkflows_workflow_previewworkflow"
+}
+-->
+```http
+POST https://graph.microsoft.com/beta/identityGovernance/lifecycleWorkflows/workflows/14879e66-9ea9-48d0-804d-8fea672d0341/previewWorkflow
+Content-Type: application/json
+
+{
+  "subjects": [
+    {
+      "@odata.type": "#microsoft.graph.user",
+      "id": "b59552b8-fa7b-4f68-8496-0a529aace8c0"
+    },
+    {
+      "@odata.type": "#microsoft.graph.user",
+      "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
+    }
+  ]
+}
+```
+
+### Response
+
+The following example shows the response.
+
+<!-- {
+  "blockType": "response",
+  "truncated": true
+} -->
+```http
+HTTP/1.1 204 No Content
+```

api-reference/beta/includes/permissions/identitygovernance-workflow-previewtaskfailures-permissions.md

@@ -0,0 +1,11 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|LifecycleWorkflows-Workflow.ReadWrite.All|LifecycleWorkflows.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|LifecycleWorkflows-Workflow.ReadWrite.All|LifecycleWorkflows.ReadWrite.All|

api-reference/beta/includes/permissions/identitygovernance-workflow-previewworkflow-permissions.md

@@ -0,0 +1,11 @@
+---
+description: "Automatically generated file. DO NOT MODIFY"
+ms.topic: include
+ms.localizationpriority: medium
+---
+
+|Permission type|Least privileged permissions|Higher privileged permissions|
+|:---|:---|:---|
+|Delegated (work or school account)|LifecycleWorkflows-Workflow.ReadWrite.All|LifecycleWorkflows.ReadWrite.All|
+|Delegated (personal Microsoft account)|Not supported.|Not supported.|
+|Application|LifecycleWorkflows-Workflow.ReadWrite.All|LifecycleWorkflows.ReadWrite.All|

api-reference/beta/resources/identitygovernance-previewfailedtask.md

@@ -0,0 +1,48 @@
+---
+title: "previewFailedTask resource type"
+description: "Represents a task that failed during a preview operation."
+author: "KristinaSmith"
+ms.localizationpriority: medium
+ms.subservice: "entra-id-governance"
+doc_type: resourcePageType
+ms.date: 02/26/2026
+---
+
+# previewFailedTask resource type
+
+Namespace: microsoft.graph.identityGovernance
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Represents a [task](../resources/identitygovernance-task.md) that failed during a preview operation of a [workflow](../resources/identitygovernance-workflow.md).
+
+## Properties
+
+|Property|Type|Description|
+|:---|:---|:---|
+|definitionId|String|The identifier of the task definition of the task that failed during the preview operation of a workflow.|
+|failureReason|String|The reason why the task failed in the preview operation of a workflow.|
+|name|String|The name of the task that failed within the preview operation of a workflow.|
+|taskId|String|The identifier of the task that failed during the preview operation of a workflow.|
+
+## Relationships
+
+None.
+
+## JSON representation
+
+The following JSON representation shows the resource type.
+<!-- {
+  "blockType": "resource",
+  "@odata.type": "microsoft.graph.identityGovernance.previewFailedTask"
+}
+-->
+``` json
+{
+  "@odata.type": "#microsoft.graph.identityGovernance.previewFailedTask",
+  "definitionId": "String",
+  "failureReason": "String",
+  "name": "String",
+  "taskId": "String"
+}
+```