1.9.0 Release

.azure-pipelines/generation-templates/generate-service-modules.yml

@@ -32,7 +32,7 @@ parameters:
 jobs:
   - job: GenerateServiceModules
     displayName: Service module generation
-    timeoutInMinutes: 360
+    timeoutInMinutes: 600
     condition: and(succeeded(), ne(stageDependencies.DownloadOpenAPIDocs.GetLatestDocs.outputs['OpenAPIDocDiff.ModulesWithChanges'], ''))
     variables:
       Branch: ${{ parameters.Branch }}

.github/CODEOWNERS

@@ -1 +1 @@
-* @peombwa @ddyett @georgend @shemogumbe
+* @peombwa @ddyett @georgend @shemogumbe @timayabi2020

CONTRIBUTING.md

@@ -5,18 +5,24 @@ When contributing to this repository, please first open an an issue describing t
 There are a few different recommended paths to get contributions into the released version of this SDK.
 
 ## Filing Issues
+
 The best way to get started with a contribution is to start a dialog with us. Sometimes features will be under development or out of scope for this SDK and it's best to check before starting work on contribution, especially for large work items.
 
 ## Adding Scenario-Based Cmdlets
-- Clone the repo - https://github.com/microsoftgraph/msgraph-sdk-powershell.git.
-- Identify the module(s) that you want add the custom cmdlets to. E.g. [Groups.DirectoryObject](https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/src/Beta/Groups.DirectoryObject/Groups.DirectoryObject).
-- Navigate to the module’s custom folder. E.g. [Groups.DirectoryObject/custom](https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/src/Beta/Groups.DirectoryObject/Groups.DirectoryObject/custom). In here, you will find a readme.md that has basic instructions on how to add custom cmdlets. A full guide can be found [here](https://github.com/Azure/autorest/blob/master/docs/powershell/customization.md#creating-a-new-cmdlet).
-- In the custom directory, add your custom cmdlet naming the file as `{Verb}Mg{Subject}_{Variant}.(cs|ps)`. This file will contain the implementation of your custom cmdlet. You can refer to [NewMgGroupMember_Create.cs](https://github.com/microsoftgraph/msgraph-sdk-powershell/blob/dev/src/Beta/Groups.DirectoryObject/Groups.DirectoryObject/custom/NewMgGroupMember_Create.cs) as an example.
-- Once done, bump up the module version number in the module’s root [readme.md](https://github.com/microsoftgraph/msgraph-sdk-powershell/blob/dev/src/Beta/Groups.DirectoryObject/Groups.DirectoryObject/readme.md#versioning) then run `.\msgraph-sdk-powershell\tools\GenerateModules.ps1 -BetaGraphVersion -RepositoryApiKey *** -Pack -Build` to create, build and export the cmdlets to `..\exports` folder.
+
+- Clone the repo - <https://github.com/microsoftgraph/msgraph-sdk-powershell.git>.
+- Identify the module(s) that you want add the custom cmdlets to. E.g. [Groups](https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/src/Groups/Groups).
+- Navigate to the module’s custom folder. E.g. [Groups/custom](https://github.com/microsoftgraph/msgraph-sdk-powershell/tree/dev/src/Groups/Groups/custom). In here, you will find a readme.md that has basic instructions on how to add custom cmdlets. A full guide can be found [here](https://github.com/Azure/autorest/blob/master/docs/powershell/customization.md#creating-a-new-cmdlet).
+- In the custom directory, add your custom cmdlet naming the file as `{Verb}Mg{Subject}_{Variant}.(cs|ps)`. This file will contain the implementation of your custom cmdlet. You can refer to [NewMgGroupMember_Create.cs](https://github.com/microsoftgraph/msgraph-sdk-powershell/blob/dev/src/Groups/Groups/custom/NewMgGroupMember_Create.cs) as an example.
+- Once done, bump up the module version number in the module’s root [readme.md](https://github.com/microsoftgraph/msgraph-sdk-powershell/blob/dev/src/Groups/Groups/readme.md#versioning) then run `.\msgraph-sdk-powershell\tools\GenerateModules.ps1 -Build` to create, build and export the cmdlets to `..\exports` folder.
 
 ## Modifying Existing Cmdlets
+
 When it comes to modifying existing cmdlets, we recommend you use [AutoREST directive](https://github.com/Azure/autorest.powershell/blob/master/docs/directives.md#cmdlet-hiding-exportation-suppression).
+
 - Identify cmdlets you want to modify, and the modules they reside in.
 - In the module’s `readme.md`, add your directive in the AutoREST configuration sections to modify the lower-level cmdlets.
 
-
+## SDK generation
+
+See our [SDK generation steps wiki](https://github.com/microsoftgraph/msgraph-sdk-powershell/wiki/Generation-Process) for more information.

README.md

@@ -1,7 +1,9 @@
 # Microsoft Graph PowerShell SDK
+
 The Microsoft Graph PowerShell SDK is a collection of PowerShell modules that contain commands for calling Microsoft Graph service.
 
-# Modules
+## Modules
+
 The table below contains our Microsoft Graph rollup module. This module installs all the service modules as its dependencies.
 Description       | Module Name       | PowerShell Gallery Link
 ----------------- | ----------------- | ------------------------
@@ -10,97 +12,130 @@ Microsoft Graph   | `Microsoft.Graph` | [![Mg]][MgGallery]
 For a list of modules found in this repository, see the [Microsoft Graph PowerShell modules](https://github.com/microsoftgraph/msgraph-sdk-powershell/wiki/MS-Graph-PowerShell-Modules) document.
 
 ## Installation
+
 ### PowerShell Gallery
 
 All the modules are published on [PowerShell Gallery](https://www.powershellgallery.com/packages/Microsoft.Graph). Installing is as simple as:
 
-```ps
+``` powershell
 Install-Module Microsoft.Graph
 ```
 
 If you are upgrading from our preview modules, run `Install-Module` with AllowClobber and Force parameters to avoid command name conflicts:
-```ps
+
+``` powershell
  Install-Module Microsoft.Graph -AllowClobber -Force
 ```
+
 There is a set of samples in the `samples` folder to help in getting started with the library. If you have an older version of these modules installed, there are extra uninstall instructions in the [InstallModule](./samples/0-InstallModule.ps1) script.
 
 ## Usage
 
 1. Authentication
-
-    The SDK supports two types of authentication: delegated access, and app-only access.
-    - Delegated access via Device Code Flow.
 
-        ```ps
+    The SDK supports two types of authentication: delegated access and app-only access.
+    - Delegated access.
+
+        ``` powershell
+        # Using interactive authentication.
         Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All"
         ```
 
+        or
+
+        ``` powershell
+        # Using device code flow.
+        Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -UseDeviceAuthentication
+        ```
+
+        or
+
+        ``` powershell
+        # Using your own access token.
+        Connect-MgGraph -Scopes "User.Read.All", "Group.ReadWrite.All" -AccessToken $AccessToken
+        ```
+
     - App-only access via Client Credential with a certificate.
 
-        The certificate will be loaded from `Cert:\CurrentUser\My\` store. Ensure the certificate is present in the store before calling `Connect-MgGraph`.
-
-        You can pass either `-CertificateThumbprint` or `-CertificateName` to `Connect-MgGraph`.
+        The certificate will be loaded from `Cert:\CurrentUser\My\` store when `-CertificateThumbprint` or `-CertificateName` is specified. Ensure the certificate is present in the store before calling `Connect-MgGraph`.
 
-        ```ps
+        ``` powershell
         # Using -CertificateThumbprint
         Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateThumbprint "YOUR_CERT_THUMBPRINT"
         ```
 
         or
 
-        ```ps
+        ``` powershell
         # Using -CertificateName
         Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -CertificateName "YOUR_CERT_SUBJECT"
         ```
 
+        or
+
+        ``` powershell
+        # Using -Certificate
+        $Cert = Get-ChildItem Cert:\LocalMachine\My\$CertThumbprint
+        Connect-MgGraph -ClientId "YOUR_APP_ID" -TenantId "YOUR_TENANT_ID" -Certificate $Cert
+        ```
+
 2. List users in your tenant.
 
-    ```ps
+    ``` powershell
     Get-MgUser -Top 10 -Property Id, DisplayName, BusinessPhones | Format-Table Id, DisplayName, BusinessPhones
     ```
 
 3. Filter a user in your tenant.
 
-    ```ps
+    ``` powershell
     $user = Get-MgUser -Filter "displayName eq 'Megan Bowen'"
     ```
 
 4. Create a new app registration.
 
-    ```ps
+    ``` powershell
     New-MgApplication -DisplayName "ScriptedGraphPSApp" `
                       -SignInAudience "AzureADMyOrg" `
                       -Web @{ RedirectUris = "https://localhost"}
     ```
 
 5. Sign out of the current logged-in context i.e. app only or delegated access.
 
-    ```ps
+    ``` powershell
     Disconnect-MgGraph
     ```
+
 ## API Version
+
 By default, the SDK uses the Microsoft Graph REST API v1.0. You can change this by using the `Select-MgProfile` command. This reloads all modules and only loads commands that call beta endpoint.
 
-```ps
+``` powershell
 Select-MgProfile -Name "beta"
 ```
 
 ## Troubleshooting Permission Related Errors
 
 When working with various operations in the Graph, you may encounter an error such as "Insufficient privileges to complete the operation." For example, this particular error can occur when using the `New-MgApplication` command if the appropriate permissions are not granted.
 
-If permission related errors occur and the user you authenticated with in the popup has the appropriate permissions to perform the operation try these steps.
+If permission-related errors occur and the user you authenticated within the popup has the appropriate permissions to perform the operation try these steps.
 
 - You can try running `Disconnect-MgGraph`, then `Connect-MgGraph`.  Then, run the code that encountered the permission issues to see if it works.
 - You can try running `Connect-MgGraph -ForceRefresh`.  This will trigger a refresh of the access token in your cache. MSAL will only refresh the access token in your cache if it has expired (usually an hour), or if you explicitly refresh it via `-ForceRefresh`. Then, run the code that encountered the permission issues to see if it works.
 
 ## Known Issues
-- If you attempt to run `Connect-Graph` from the PowerShell ISE (integrated scripting environment) the command fails with an error "Device code terminal timed-out after {X} seconds".  This is a known issue and it is recommended to use a PowerShell host other than the ISE. 
+
+- Using `-Property {PropertyName}` parameter will not select the property as the output of the command. All commands return CLR objects, and customers should pipe the command outputs to `Format-Table` or `Select-Object` to return individual properties.
+
+- Customers upgrading from previous versions of the SDK may encounter auth prompts on every command call. If this happens, one can use the following steps to reset their token cache:
+  - Use `Disconnect-MgGraph` to sign out of the current session.
+  - Run `Remove-Item "$env:USERPROFILE\.graph" -Recurse -Force` to delete your token cache.
+  - Run `Connect-MgGraph` to reconstruct a clean token cache.
 
 ## Issues
-If you find any bugs when using the Microsoft Graph PowerShell modules, please file an issue in our GitHub issues page.
 
-This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
+If you find any bugs when using the Microsoft Graph PowerShell modules, please file an issue on our GitHub issues page.
+
+This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
 
 ## License
 

config/ModuleMetadata.json

@@ -22,5 +22,5 @@
   ],
   "releaseNotes": "See https://aka.ms/GraphPowerShell-Release.",
   "assemblyOriginatorKeyFile": "35MSSharedLib1024.snk",
-  "version": "1.8.0"
+  "version": "1.9.0"
 }

config/ModulesMapping.jsonc

@@ -30,7 +30,7 @@
   "SchemaExtensions": "^schemaExtensions\\.",
   "Search": "^search\\.|^external\\.",
   "Security": "^security\\.",
-  "Sites": "^sites.site$|^sites.itemAnalytics$|^sites.columnDefinition$|^sites.contentType$|^sites.drive$|^sites.list$|^sites.sitePage$|^sites.permission$|^users.site$|^groups.site$|^sites.Functions$|^sites.Actions$",
+  "Sites": "^sites.site$|^sites.itemAnalytics$|^sites.columnDefinition$|^sites.contentType$|^sites.drive$|^sites.list$|^sites.sitePage$|^sites.permission$|^sites.store$|^users.site$|^groups.site$|^sites.Functions$|^sites.Actions$",
   "Teams": "^teams\\.|^chats\\.|^users.chat$|^appCatalogs.teamsApp$|^users.userTeamwork$|^teamwork\\.|^users.team$|^groups.team$",
   "Users": "^users.user$|^users.directoryObject$|^users.licenseDetails$|^users.notification$|^users.outlookUser$|^users.profilePhoto$|^users.userSettings$|^users.extension$|^users.oAuth2PermissionGrant$|^users.todo$",
   "Users.Actions": "^users.Actions$",

openApiDocs/beta/Applications.yml

@@ -12905,6 +12905,8 @@ paths:
                 - appRoleAssignmentRequired desc
                 - appRoles
                 - appRoles desc
+                - customSecurityAttributes
+                - customSecurityAttributes desc
                 - description
                 - description desc
                 - disabledByMicrosoftStatus
@@ -12979,6 +12981,7 @@ paths:
                 - appOwnerOrganizationId
                 - appRoleAssignmentRequired
                 - appRoles
+                - customSecurityAttributes
                 - description
                 - disabledByMicrosoftStatus
                 - displayName
@@ -13144,6 +13147,7 @@ paths:
                 - appOwnerOrganizationId
                 - appRoleAssignmentRequired
                 - appRoles
+                - customSecurityAttributes
                 - description
                 - disabledByMicrosoftStatus
                 - displayName
@@ -19811,7 +19815,7 @@ components:
             createdDateTime:
               pattern: '^[0-9]{4,}-(0[1-9]|1[012])-(0[1-9]|[12][0-9]|3[01])T([01][0-9]|2[0-3]):[0-5][0-9]:[0-5][0-9]([.][0-9]{1,12})?(Z|[+-][0-9][0-9]:[0-9][0-9])$'
               type: string
-              description: 'The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.  Supports $filter (eq, ne, NOT, ge, le, in) and $orderBy.'
+              description: 'The date and time the application was registered. The DateTimeOffset type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Read-only.  Supports $filter (eq, ne, NOT, ge, le, in, and eq on null values) and $orderBy.'
               format: date-time
               nullable: true
             defaultRedirectUri:
@@ -19828,7 +19832,7 @@ components:
               nullable: true
             displayName:
               type: string
-              description: 'The display name for the application. Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy.'
+              description: 'The display name for the application. Supports $filter (eq, ne, NOT, ge, le, in, startsWith, and eq on null values), $search, and $orderBy.'
               nullable: true
             groupMembershipClaims:
               type: string
@@ -19838,7 +19842,7 @@ components:
               type: array
               items:
                 type: string
-              description: 'The URIs that identify the application within its Azure AD tenant, or within a verified custom domain if the application is multi-tenant. For more information see Application Objects and Service Principal Objects. The any operator is required for filter expressions on multi-valued properties. Not nullable. Supports $filter (eq, ne, ge, le, startsWith).'
+              description: 'Also known as App ID URI, this value is set when an application is used as a resource app. The identifierUris acts as the prefix for the scopes you''ll reference in your API''s code, and it must be globally unique. You can use the default value provided, which is in the form api://<application-client-id>, or specify a more readable URI like https://contoso.com/api. For more information on valid identifierUris patterns and best practices, see Azure AD application registration security best practices. Not nullable. Supports $filter (eq, ne, ge, le, startsWith).'
             info:
               $ref: '#/components/schemas/microsoft.graph.informationalUrl'
             isDeviceOnlyAuthSupported:
@@ -20745,6 +20749,8 @@ components:
               items:
                 $ref: '#/components/schemas/microsoft.graph.appRole'
               description: The roles exposed by the application which this service principal represents. For more information see the appRoles property definition on the application entity. Not nullable.
+            customSecurityAttributes:
+              $ref: '#/components/schemas/microsoft.graph.customSecurityAttributeValue'
             description:
               type: string
               description: 'Free text field to provide an internal end-user facing description of the service principal. End-user portals such MyApps will display the application description in this field. The maximum allowed size is 1024 characters. Supports $filter (eq, ne, NOT, ge, le, startsWith) and $search.'
@@ -20755,7 +20761,7 @@ components:
               nullable: true
             displayName:
               type: string
-              description: 'The display name for the service principal. Supports $filter (eq, ne, NOT, ge, le, in, startsWith), $search, and $orderBy.'
+              description: 'The display name for the service principal. Supports $filter (eq, ne, NOT, ge, le, in, startsWith, and eq on null values), $search, and $orderBy.'
               nullable: true
             errorUrl:
               type: string
@@ -21904,6 +21910,11 @@ components:
           type: string
       additionalProperties:
         type: object
+    microsoft.graph.customSecurityAttributeValue:
+      title: customSecurityAttributeValue
+      type: object
+      additionalProperties:
+        type: object
     microsoft.graph.permissionScope:
       title: permissionScope
       type: object