Merge branch 'main' into tl-width-height-format-api

Author: MSFT-Andrea

.github/copilot-instructions.md

@@ -127,6 +127,9 @@ configuration:
             When the updates in this PR are ready for external customers to use, please replace the **do not merge** label with **ready to merge**.
 
 
+            If this PR includes schema-related changes, verify that the updates are visible in the metadata endpoint before merging: [https://graph.microsoft.com/beta/$metadata](https://graph.microsoft.com/beta/$metadata) for `beta` changes, or [https://graph.microsoft.com/v1.0/$metadata](https://graph.microsoft.com/v1.0/$metadata) for `v1.0` changes.
+
+
             Check the content review workflow [here](https://eng.ms/cid/27dee76c-3a60-4e65-8fdf-08ea849b3498/fid/3a993b6c9d547e46f59d8d7851f191c38bbbea6ead01253dc62fcdd8101a1ff9).
       - removeLabel:
           label: content review in progress

.github/policies/resourceManagement.yml

@@ -126,7 +126,8 @@ Create a dedicated topic for the enumeration. This option is rarely applicable.
 
 1. **Create enum topic:**
    - Title: "{enum-type} enum type"
-   - Single sentence describing the enum's purpose
+   - doc_type: "enumPageType"
+   - Single sentence describing the enum's purpose, linking to consuming resource(s)
    - **For flagged enums:** Append "This flagged enumeration allows multiple members to be selected simultaneously." to the introductory text.
    - **For evolvable enums:** Mention it's an evolvable enumeration
 

.github/prompts/author-api-docs/enumerations.md

@@ -0,0 +1,42 @@
+# Agent Quick Guide
+
+Top-level entrypoint for agents working in this repository.
+
+## Authority
+
+If this file and `.github/copilot-instructions.md` ever differ, follow:
+
+1. `.github/copilot-instructions.md`
+2. The prompt and template files it routes you to
+
+This file is intentionally thin to avoid split-brain guidance.
+
+## Read first
+
+Before doing docs work in this repo:
+
+1. Read `.github/copilot-instructions.md`
+2. Determine whether the task is **authoring/updating** or **review**
+3. Load the prompt file that `.github/copilot-instructions.md` tells you to read first
+
+## Repo map
+
+- `api-reference/*/api/` — API operation topics
+- `api-reference/*/resources/` — resource and enum topics
+- `changelog/` — API change records
+- `concepts/whats-new-overview.md` — monthly release highlights
+- `concepts/` — conceptual topics such as tutorials, conceptual overviews, guides
+- `api-reference/*/toc/toc.mapping.json` — API reference TOC mapping
+- `api-reference/*/includes/rbac-for-apis/` — RBAC include files
+- `temp-docstubs/` — temporary authoring inputs
+
+## Workflow
+
+1. Start with `.github/copilot-instructions.md`
+2. Load the correct scenario guidance
+3. Make scoped changes only
+4. Run the validation expected by the loaded workflow
+
+## Rule of thumb
+
+Do not duplicate detailed rules in this file. Keep detailed authoring, review, changelog, What's New, TOC, enum, and RBAC guidance in the files referenced by `.github/copilot-instructions.md`.

AGENTS.md

@@ -71,10 +71,30 @@ The following example shows a request.
 DELETE https://graph.microsoft.com/beta/users/{usersId}/sponsors/{id}/$ref
 ```
 
+# [C#](#tab/csharp)
+[!INCLUDE [sample-code](../includes/snippets/csharp/delete-sponsors-from-agentuser-csharp-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Go](#tab/go)
+[!INCLUDE [sample-code](../includes/snippets/go/delete-sponsors-from-agentuser-go-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Java](#tab/java)
+[!INCLUDE [sample-code](../includes/snippets/java/delete-sponsors-from-agentuser-java-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
 # [JavaScript](#tab/javascript)
 [!INCLUDE [sample-code](../includes/snippets/javascript/delete-sponsors-from-agentuser-javascript-snippets.md)]
 [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
 
+# [PHP](#tab/php)
+[!INCLUDE [sample-code](../includes/snippets/php/delete-sponsors-from-agentuser-php-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Python](#tab/python)
+[!INCLUDE [sample-code](../includes/snippets/python/delete-sponsors-from-agentuser-python-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
 ---
 
 ### Response

api-reference/beta/api/agentuser-delete-sponsors.md

@@ -77,10 +77,30 @@ Content-Type: application/json
 }
 ```
 
+# [C#](#tab/csharp)
+[!INCLUDE [sample-code](../includes/snippets/csharp/create-sponsor-agentuser-csharp-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Go](#tab/go)
+[!INCLUDE [sample-code](../includes/snippets/go/create-sponsor-agentuser-go-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Java](#tab/java)
+[!INCLUDE [sample-code](../includes/snippets/java/create-sponsor-agentuser-java-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
 # [JavaScript](#tab/javascript)
 [!INCLUDE [sample-code](../includes/snippets/javascript/create-sponsor-agentuser-javascript-snippets.md)]
 [!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
 
+# [PHP](#tab/php)
+[!INCLUDE [sample-code](../includes/snippets/php/create-sponsor-agentuser-php-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
+# [Python](#tab/python)
+[!INCLUDE [sample-code](../includes/snippets/python/create-sponsor-agentuser-python-snippets.md)]
+[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
+
 ---
 
 ### Response

api-reference/beta/api/agentuser-post-sponsors.md

@@ -0,0 +1,88 @@
+---
+title: "Get approvedClientApp"
+description: "Read the properties and relationships of a approvedClientApp object for the remoteDesktopSecurityConfiguration object on the servicePrincipal."
+author: "mjsantani"
+ms.localizationpriority: medium
+ms.subservice: "entra-applications"
+doc_type: apiPageType
+ms.date: 01/02/2026
+---
+
+# Get approvedClientApp
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relationships of a [approvedClientApp](../resources/approvedclientapp.md) object for the [remoteDesktopSecurityConfiguration](../resources/remotedesktopsecurityconfiguration.md) object on a servicePrincipal.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "approvedclientapp_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/approvedclientapp-get-permissions.md)]
+
+[!INCLUDE [rbac-remote-desktop-security-config-apis](../includes/rbac-for-apis/rbac-remote-desktop-security-config-apis.md)]
+
+## HTTP request
+
+You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /servicePrincipals/{id}/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+GET /servicePrincipals(appId='{appId}')/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [approvedClientApp](../resources/approvedclientapp.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_approvedclientapp"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/servicePrincipals/00af5dfb-85da-4b41-a677-0c6b86dd34f8/remoteDesktopSecurityConfiguration/approvedClientApps/cd57c330-a543-4249-9486-c1c257341de6
+```
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.approvedClientApp"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "id": "cd57c330-a543-4249-9486-c1c257341de6",
+  "displayName": "Client App 1"
+}
+```

api-reference/beta/api/approvedclientapp-get.md

@@ -0,0 +1,104 @@
+---
+title: "Update approvedClientApp"
+description: "Update the properties of an approvedClientApp object for the remoteDesktopSecurityConfiguration object."
+author: "mjsantani"
+ms.date: 11/11/2025
+ms.localizationpriority: medium
+ms.subservice: "entra-applications"
+doc_type: apiPageType
+---
+
+# Update approvedClientApp
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Update the properties of an [approvedClientApp](../resources/approvedclientapp.md) object for a [remotedesktopsecurityconfiguration](../resources/remotedesktopsecurityconfiguration.md).
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "approvedclientapp_update" } -->
+[!INCLUDE [permissions-table](../includes/permissions/approvedclientapp-update-permissions.md)]
+
+[!INCLUDE [rbac-remote-desktop-security-config-apis](../includes/rbac-for-apis/rbac-remote-desktop-security-config-apis.md)]
+
+## HTTP request
+
+You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+PATCH /servicePrincipals/{id}/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+PATCH /servicePrincipals(appId='{appId}')/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+[!INCLUDE [table-intro](../../includes/update-property-table-intro.md)]
+
+
+|Property|Type|Description|
+|:---|:---|:---|
+|displayName|String|Display name of the Client Application. Optional.|
+
+
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [approvedClientApp](../resources/approvedclientapp.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "update_approvedclientapp"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/v1.0/servicePrincipals/00af5dfb-85da-4b41-a677-0c6b86dd34f8/remoteDesktopSecurityConfiguration/approvedClientApps/95bd8f3d-e166-c072-4e28-af935a6d237f
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "displayName": "Client App 1"
+}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.approvedClientApp"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "id": "95bd8f3d-e166-c072-4e28-af935a6d237f",
+  "displayName": "Client App 1"
+}
+```
+

api-reference/beta/api/approvedclientapp-update.md

@@ -16,7 +16,7 @@ Namespace: microsoft.graph
 
 Get a list of the [externalAuthenticationMethod](../resources/externalauthenticationmethod.md) objects and their properties.
 
-[!INCLUDE [national-cloud-support](../../includes/global-only.md)]
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
 
 ## Permissions
 

api-reference/beta/api/authentication-list-externalauthenticationmethods.md

@@ -16,7 +16,7 @@ Namespace: microsoft.graph
 
 Create a new [externalAuthenticationMethod](../resources/externalauthenticationmethod.md) object. This API doesn't support self-service operations.
 
-[!INCLUDE [national-cloud-support](../../includes/global-only.md)]
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
 
 ## Permissions