Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Note
Permissions for personal Microsoft accounts cannot be used to deploy Microsoft Graph resources declared in Bicep files.
Read existing resources only
Choose the least privileged permission from the following table to read a Microsoft.Graph/users resource using the existing keyword.
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | User.Read | User.ReadWrite, User.ReadBasic.All, User.Read.All, User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | User.Read | User.ReadWrite |
| Application | User.Read.All | User.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All |
Resource format
To create a Microsoft.Graph/users resource, add the following Bicep to your template.
resource symbolicname 'Microsoft.Graph/users@beta' existing = {
userPrincipalName: 'string'
}
Property values
users
| Name | Description | Value |
|---|---|---|
| apiVersion | The resource api version | 'beta' (ReadOnly) |
| businessPhones | The telephone numbers for the user. Only one number can be set for this property. Read-only for users synced from on-premises directory. | string[] (ReadOnly) |
| deletedDateTime | Date and time when this object was deleted. Always null when the object hasn't been deleted. | string (ReadOnly) |
| displayName | The name displayed in the address book for the user. This value is usually the combination of the user's first name, middle initial, and last name. This property is required when a user is created, and it cannot be cleared during updates. Maximum length is 256 characters. | string (ReadOnly) |
| givenName | The given name (first name) of the user. Maximum length is 64 characters. | string (ReadOnly) |
| id | The unique identifier for an entity. Read-only. | string (ReadOnly) |
| jobTitle | The user's job title. Maximum length is 128 characters. | string (ReadOnly) |
| The SMTP address for the user, for example, admin@contoso.com. Changes to this property also update the user's proxyAddresses collection to include the value as an SMTP address. This property can't contain accent characters. NOTE: We don't recommend updating this property for Azure AD B2C user profiles. Use the otherMails property instead. | string (ReadOnly) | |
| mobilePhone | The primary cellular telephone number for the user. Read-only for users synced from the on-premises directory. | string (ReadOnly) |
| officeLocation | The office location in the user's place of business. Maximum length is 128 characters. | string (ReadOnly) |
| preferredLanguage | The preferred language for the user. The preferred language format is based on RFC 4646. The name combines an ISO 639 two-letter lowercase culture code associated with the language and an ISO 3166 two-letter uppercase subculture code associated with the country or region. Example: 'en-US', or 'es-ES'. | string (ReadOnly) |
| surname | The user's surname (family name or last name). Maximum length is 64 characters. | string (ReadOnly) |
| type | The resource type | 'Microsoft.Graph/users' (ReadOnly) |
| userPrincipalName | The user principal name (UPN) of the user. The UPN is an Internet-style sign-in name for the user based on the Internet standard RFC 822. By convention, this should map to the user's email name. The general format is alias@domain, where the domain must be present in the tenant's verified domain collection. This property is required when a user is created. The verified domains for the tenant can be accessed from the verifiedDomains property of organization.NOTE: This property can't contain accent characters. Only the following characters are allowed A - Z, a - z, 0 - 9, '. - _ ! # ^ ~. For the complete list of allowed characters, see username policies. | string (Required) |