Merge branch 'main' into notes-api-beta-docs

Author: MSFT-Andrea

.github/policies/resourceManagement.yml

@@ -127,6 +127,9 @@ configuration:
             When the updates in this PR are ready for external customers to use, please replace the **do not merge** label with **ready to merge**.
 
 
+            If this PR includes schema-related changes, verify that the updates are visible in the metadata endpoint before merging: [https://graph.microsoft.com/beta/$metadata](https://graph.microsoft.com/beta/$metadata) for `beta` changes, or [https://graph.microsoft.com/v1.0/$metadata](https://graph.microsoft.com/v1.0/$metadata) for `v1.0` changes.
+
+
             Check the content review workflow [here](https://eng.ms/cid/27dee76c-3a60-4e65-8fdf-08ea849b3498/fid/3a993b6c9d547e46f59d8d7851f191c38bbbea6ead01253dc62fcdd8101a1ff9).
       - removeLabel:
           label: content review in progress

api-reference/beta/api/agentidentity-post.md

@@ -38,7 +38,7 @@ POST /servicePrincipals/microsoft.graph.agentIdentity
 | Content-Type | application/json. Required. |
 
 ## Request body
-In the request body, supply a JSON representation of a [agentIdentity](../resources/agentidentity.md) object. The request body must contain  **displayName**, **agentIdentityBlueprintAppId**, and a valid **sponsor** reference.
+In the request body, supply a JSON representation of a [agentIdentity](../resources/agentidentity.md) object. The request body must contain  **displayName**, **agentIdentityBlueprintId**, and a valid **sponsor** reference.
 
 ## Response
 
@@ -82,9 +82,9 @@ Content-type: application/json
     "@odata.type": "#microsoft.graph.agentIdentity",
     "id": "59e617e5-e447-4adc-8b88-00af644d7c92",
     "createdByAppId": "f98c895e-6ce2-4f5b-a31b-da7e48f25daa",
-    "displayName": "My Agent Identit",
+    "displayName": "My Agent Identity",
     "servicePrincipalType": "ServiceIdentity",
     "tags": [],
     "agentIdentityBlueprintId": "65415bb1-9267-4313-bbf5-ae259732ee12"
 }
-```
+```

api-reference/beta/api/approvedclientapp-get.md

@@ -0,0 +1,88 @@
+---
+title: "Get approvedClientApp"
+description: "Read the properties and relationships of a approvedClientApp object for the remoteDesktopSecurityConfiguration object on the servicePrincipal."
+author: "mjsantani"
+ms.localizationpriority: medium
+ms.subservice: "entra-applications"
+doc_type: apiPageType
+ms.date: 01/02/2026
+---
+
+# Get approvedClientApp
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Read the properties and relationships of a [approvedClientApp](../resources/approvedclientapp.md) object for the [remoteDesktopSecurityConfiguration](../resources/remotedesktopsecurityconfiguration.md) object on a servicePrincipal.
+
+[!INCLUDE [national-cloud-support](../../includes/all-clouds.md)]
+
+## Permissions
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "approvedclientapp_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/approvedclientapp-get-permissions.md)]
+
+[!INCLUDE [rbac-remote-desktop-security-config-apis](../includes/rbac-for-apis/rbac-remote-desktop-security-config-apis.md)]
+
+## HTTP request
+
+You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /servicePrincipals/{id}/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+GET /servicePrincipals(appId='{appId}')/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and a [approvedClientApp](../resources/approvedclientapp.md) object in the response body.
+
+## Examples
+
+### Request
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_approvedclientapp"
+}
+-->
+``` http
+GET https://graph.microsoft.com/beta/servicePrincipals/00af5dfb-85da-4b41-a677-0c6b86dd34f8/remoteDesktopSecurityConfiguration/approvedClientApps/cd57c330-a543-4249-9486-c1c257341de6
+```
+
+### Response
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.approvedClientApp"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "id": "cd57c330-a543-4249-9486-c1c257341de6",
+  "displayName": "Client App 1"
+}
+```

api-reference/beta/api/approvedclientapp-update.md

@@ -0,0 +1,104 @@
+---
+title: "Update approvedClientApp"
+description: "Update the properties of an approvedClientApp object for the remoteDesktopSecurityConfiguration object."
+author: "mjsantani"
+ms.date: 11/11/2025
+ms.localizationpriority: medium
+ms.subservice: "entra-applications"
+doc_type: apiPageType
+---
+
+# Update approvedClientApp
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Update the properties of an [approvedClientApp](../resources/approvedclientapp.md) object for a [remotedesktopsecurityconfiguration](../resources/remotedesktopsecurityconfiguration.md).
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "approvedclientapp_update" } -->
+[!INCLUDE [permissions-table](../includes/permissions/approvedclientapp-update-permissions.md)]
+
+[!INCLUDE [rbac-remote-desktop-security-config-apis](../includes/rbac-for-apis/rbac-remote-desktop-security-config-apis.md)]
+
+## HTTP request
+
+You can address the service principal using either its **id** or **appId**. **id** and **appId** are referred to as the **Object ID** and **Application (Client) ID**, respectively, in app registrations in the Microsoft Entra admin center.
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+PATCH /servicePrincipals/{id}/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+PATCH /servicePrincipals(appId='{appId}')/remoteDesktopSecurityConfiguration/approvedClientApps/{approvedClientAppId}
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+|Content-Type|application/json. Required.|
+
+## Request body
+
+[!INCLUDE [table-intro](../../includes/update-property-table-intro.md)]
+
+
+|Property|Type|Description|
+|:---|:---|:---|
+|displayName|String|Display name of the Client Application. Optional.|
+
+
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an updated [approvedClientApp](../resources/approvedclientapp.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "update_approvedclientapp"
+}
+-->
+``` http
+PATCH https://graph.microsoft.com/v1.0/servicePrincipals/00af5dfb-85da-4b41-a677-0c6b86dd34f8/remoteDesktopSecurityConfiguration/approvedClientApps/95bd8f3d-e166-c072-4e28-af935a6d237f
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "displayName": "Client App 1"
+}
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.approvedClientApp"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.type": "#microsoft.graph.approvedClientApp",
+  "id": "95bd8f3d-e166-c072-4e28-af935a6d237f",
+  "displayName": "Client App 1"
+}
+```
+

api-reference/beta/api/azureadpremiumlicenseinsight-get.md

@@ -0,0 +1,130 @@
+---
+title: "Get azureADPremiumLicenseInsight"
+description: "Get the premium license utilization insight for the tenant."
+author: "sanchariroy"
+ms.date: 03/13/2026
+ms.localizationpriority: medium
+ms.subservice: "entra-monitoring-health"
+doc_type: apiPageType
+---
+
+# Get azureADPremiumLicenseInsight
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Get the premium license utilization insight for the tenant. This API returns data about how many premium licenses are entitled and how the associated P1 and P2 features are being used. The calling tenant must have at least one Microsoft Entra ID P1 or P2 license. Tenants without a premium license receive a `403 Forbidden` response with the `missingLicense` error code.
+
+[!INCLUDE [national-cloud-support](../../includes/global-only.md)]
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- { "blockType": "permissions", "name": "azureadpremiumlicenseinsight_get" } -->
+[!INCLUDE [permissions-table](../includes/permissions/azureadpremiumlicenseinsight-get-permissions.md)]
+
+> [!IMPORTANT]
+> In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported [Microsoft Entra role](/entra/identity/role-based-access-control/permissions-reference?toc=%2Fgraph%2Ftoc.json) or a custom role with a supported role permission. The following least privileged roles are supported for this operation.
+> - Application Administrator
+> - Cloud Application Administrator
+> - Global Reader
+> - Reports Reader
+> - Security Administrator
+> - Security Operator
+> - Security Reader
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+GET /reports/azureADPremiumLicenseInsight
+```
+
+## Optional query parameters
+
+This method supports the `$select` OData query parameter to help customize the response. For general information, see [OData query parameters](/graph/query-parameters).
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this method returns a `200 OK` response code and an [azureADPremiumLicenseInsight](../resources/azureadpremiumlicenseinsight.md) object in the response body.
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "get_azureadpremiumlicenseinsight"
+}
+-->
+```msgraph-interactive
+GET https://graph.microsoft.com/beta/reports/azureADPremiumLicenseInsight
+```
+
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.azureADPremiumLicenseInsight"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "id": "00000000-0000-0000-0000-000000000000",
+  "entitledP1LicenseCount": 100,
+  "entitledP2LicenseCount": 50,
+  "entitledTotalLicenseCount": 150,
+  "p1FeatureUtilizations": {
+    "conditionalAccess": {
+      "userCount": 85
+    },
+    "conditionalAccessGuestUsers": {
+      "userCount": 12
+    }
+  },
+  "p2FeatureUtilizations": {
+    "riskBasedConditionalAccess": {
+      "userCount": 30
+    },
+    "riskBasedConditionalAccessGuestUsers": {
+      "userCount": 5
+    }
+  },
+  "privateAccessFeatureUtilizations": {
+    "privateAccess": {
+      "userCount": 20
+    }
+  },
+  "internetAccessFeatureUtilizations": {
+    "internetAccess": {
+      "userCount": 45
+    },
+    "internetAccessM365": {
+      "userCount": 38
+    }
+  }
+}
+```

api-reference/beta/api/driveitem-get-content-format.md

@@ -49,7 +49,7 @@ The following values are valid for the **format** parameter:
 | Value | Description                        | Supported source extensions
 |:------|:-----------------------------------|---------------------------------
 | glb   | Converts the item into GLB format  | cool, fbx, obj, ply, stl, 3mf
-| html  | Converts the item into HTML format | eml, md, msg
+| html  | Converts the item into HTML format | loop, fluid, wbtx, whiteboard
 | jpg   | Converts the item into JPG format  | 3g2, 3gp, 3gp2, 3gpp, 3mf, ai, arw, asf, avi, bas, bash, bat, bmp, c, cbl, cmd, cool, cpp, cr2, crw, cs, css, csv, cur, dcm, dcm30, dic, dicm, dicom, dng, doc, docx, dwg, eml, epi, eps, epsf, epsi, epub, erf, fbx, fppx, gif, glb, h, hcp, heic, heif, htm, html, ico, icon, java, jfif, jpeg, jpg, js, json, key, log, m2ts, m4a, m4v, markdown, md, mef, mov, movie, mp3, mp4, mp4v, mrw, msg, mts, nef, nrw, numbers, obj, odp, odt, ogg, orf, pages, pano, pdf, pef, php, pict, pl, ply, png, pot, potm, potx, pps, ppsx, ppsxm, ppt, pptm, pptx, ps, ps1, psb, psd, py, raw, rb, rtf, rw1, rw2, sh, sketch, sql, sr2, stl, tif, tiff, ts, txt, vb, webm, wma, wmv, xaml, xbm, xcf, xd, xml, xpm, yaml, yml
 | pdf   | Converts the item into PDF format  | doc, docx, dot, dotx, dotm, dsn, dwg, eml, epub, fluidframework, form, htm, html, loop, loot, markdown, md, msg, note, odp, ods, odt, page, pps, ppsx, ppt, pptx, pulse, rtf, task, tif, tiff, wbtx, whiteboard, xls, xlsm, xlsx
 

api-reference/beta/api/filestorage-list-deletedcontainers.md

@@ -115,7 +115,7 @@ Content-Type: application/json
       "@odata.type": "#microsoft.graph.fileStorageContainer",
       "id": "b!ISJs1WRro0y0EWgkUYcktDa0mE8zSlFEqFzqRn70Zwp1CEtDEBZgQICPkRbil_5Z",
       "displayName": "My File Storage Container",
-      "createdDateTime": "2021-11-24T15:41:52.347Z",
+      "createdDateTime": "2021-11-24T15:41:52.347Z"
     }
   ]
 }

api-reference/beta/api/filestoragecontainer-restore.md

@@ -114,7 +114,7 @@ Content-Type: application/json
   "id": "b!ISJs1WRro0y0EWgkUYcktDa0mE8zSlFEqFzqRn70Zwp1CEtDEBZgQICPkRbil_5Z",
   "displayName": "My Application Storage Container",
   "containerTypeId": "91710488-5756-407f-9046-fbe5f0b4de73",
-  "createdDateTime": "2021-11-24T15:41:52.347Z",
+  "createdDateTime": "2021-11-24T15:41:52.347Z"
 }
 ```