User.ReadWrite.All
Export JSON
Export CSV
Copy URL
Print
ApplicationDelegated
Read/Write
All Resources
Allows the app to read and update user profiles without a signed in user.
Permission data: April 6, 2026 at 4:06 AM UTC
Delegated Access
App-Only Access
Permission Details
Application Permission
Read and write all users' full profiles
Allows the app to read and update user profiles without a signed in user.
Permission ID:
741f803b-c850-494e-b5df-cde7c675a1ca
Delegated Permission
Admin consent required
Read and write all users' full profiles
Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on behalf of the signed-in user.
User sees: Allows the app to read and write the full set of profile properties, reports, and managers of other users in your organization, on your behalf.
Permission ID:
204e0828-b5ca-4ad8-b9f3-f32a958e7cc4
Properties
Microsoft Graph v1.0
exact-category-docs
Properties is shown from stable Microsoft Graph v1.0 metadata.
| Property | Type | Description |
|---|---|---|
aboutMe |
StringNullable |
A freeform text entry field for the user to describe themselves. Returned only on $select. |
accountEnabled |
BooleanNullable |
true if the account is enabled; otherwise, false. This property is required when a user is created. , , Returned only on $select. Supports $filter (eq, ne, not, and in). |
ageGroup |
ageGroupNullable |
Sets the age group of the user. Allowed values: null, Minor, NotAdult, and Adult. For more information, see legal age group property definitions. , , Returned only on $select. Supports $filter (eq, ne, not, and in). |
assignedLicenses |
assignedLicense collection |
The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate between directly assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). |
assignedPlans |
assignedPlan collection |
The plans that are assigned to the user. Read-only. Not nullable. , , Returned only on $select. Supports $filter (eq and not). |
birthday |
DateTimeOffset |
The birthday of the user. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC. For example, midnight UTC on Jan 1, 2014, is 2014-01-01T00:00:00Z. , , Returned only on $select. |
businessPhones |
String collection |
The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory. , , Returned by default. Supports $filter (eq, not, ge, le, startsWith). |
city |
StringNullable |
The city where the user is located. Maximum length is 128 characters. , , Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
companyName |
StringNullable |
The name of the company that the user is associated with. This property can be useful for describing the company that a guest comes from. The maximum length is 64 characters., , Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
consentProvidedForMinor |
consentProvidedForMinorNullable |
Sets whether consent was obtained for minors. Allowed values: null, Granted, Denied, and NotRequired. For more information, see legal age group property definitions. , , Returned only on $select. Supports $filter (eq, ne, not, and in). |
country |
StringNullable |
The country or region where the user is located; for example, US or UK. Maximum length is 128 characters. , , Returned only on $select. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
createdDateTime |
DateTimeOffsetNullable |
The date and time the user was created, in ISO 8601 format and UTC. The value can't be modified and is automatically populated when the entity is created. Nullable. For on-premises users, the value represents when they were first created in Microsoft Entra ID. Property is null for some users created before June 2018 and on-premises users that were synced to Microsoft Entra ID before June 2018. Read-only. , , Returned only on $select. Supports $filter (eq, ne, not , ge, le, in). |
creationType |
StringNullable |
Indicates whether the user account was created through one of the following methods: , <ul<liAs a regular school or work account (null). <liAs an external account (Invitation). <liAs a local account for an Azure Active Directory B2C tenant (LocalAccount). <liThrough self-service sign-up by an internal user using email verification (EmailVerified). <liThrough self-service sign-up by a guest signing up through a link that is part of a user flow (SelfServiceSignUp).</ul , Read-only., Returned only on $select. Supports $filter (eq, ne, not, in). |
customSecurityAttributes |
customSecurityAttributeValue |
An open complex type that holds the value of a custom security attribute that is assigned to a directory object. Nullable. , , Returned only on $select. Supports $filter (eq, ne, not, startsWith). The filter value is case-sensitive. , <liTo read this property, the calling app must be assigned the CustomSecAttributeAssignment.Read.All permission. To write this property, the calling app must be assigned the CustomSecAttributeAssignment.ReadWrite.All permissions. <liTo read or write this property in delegated scenarios, the admin must be assigned the Attribute Assignment Administrator role. |
deletedDateTime |
DateTimeOffsetNullable |
The date and time the user was deleted. , , Returned only on $select. Supports $filter (eq, ne, not, ge, le, in). |
Showing 15 of 136 properties.
JSON Representation
Microsoft Graph v1.0
exact-category-docs
JSON representation is shown from stable Microsoft Graph v1.0 metadata.
JSON representation
{
"aboutMe": "String",
"accountEnabled": true,
"ageGroup": "String",
"assignedLicenses": [
{
"@odata.type": "microsoft.graph.assignedLicense"
}
],
"assignedPlans": [
{
"@odata.type": "microsoft.graph.assignedPlan"
}
],
"birthday": "String (timestamp)",
"businessPhones": [
"String"
],
"city": "String",
"companyName": "String",
"consentProvidedForMinor": "String",
"country": "String",
"createdDateTime": "String (timestamp)",
"creationType": "String",
"customSecurityAttributes": {
"@odata.type": "microsoft.graph.customSecurityAttributeValue"
},
"department": "String",
"displayName": "String",
"employeeHireDate": "2020-01-01T00:00:00Z",
"employeeId": "String",
"employeeOrgData": {
"@odata.type": "microsoft.graph.employeeOrgData"
},
"employeeType": "String",
"faxNumber": "String",
"givenName": "String",
"hireDate": "String (timestamp)",
"id": "String (identifier)",
"identities": [
{
"@odata.type": "microsoft.graph.objectIdentity"
}
],
"imAddresses": [
"String"
],
"interests": [
"String"
],
"isManagementRestricted": "Boolean",
"isResourceAccount": false,
"jobTitle": "String",
"legalAgeGroupClassification": "String",
"licenseAssignmentStates": [
{
"@odata.type": "microsoft.graph.licenseAssignmentState"
}
],
"lastPasswordChangeDateTime": "String (timestamp)",
"mail": "String",
"mailboxSettings": {
"@odata.type": "microsoft.graph.mailboxSettings"
},
"mailNickname": "String",
"mobilePhone": "String",
"mySite": "String",
"officeLocation": "String",
"onPremisesDistinguishedName": "String",
"onPremisesDomainName": "String",
"onPremisesExtensionAttributes": {
"@odata.type": "microsoft.graph.onPremisesExtensionAttributes"
},
"onPremisesImmutableId": "String",
"onPremisesLastSyncDateTime": "String (timestamp)",
"onPremisesProvisioningErrors": [
{
"@odata.type": "microsoft.graph.onPremisesProvisioningError"
}
],
"onPremisesSamAccountName": "String",
"onPremisesSecurityIdentifier": "String",
"onPremisesSyncEnabled": true,
"onPremisesUserPrincipalName": "String",
"otherMails": [
"String"
],
"passwordPolicies": "String",
"passwordProfile": {
"@odata.type": "microsoft.graph.passwordProfile"
},
"pastProjects": [
"String"
],
"postalCode": "String",
"preferredDataLocation": "String",
"preferredLanguage": "String",
"preferredName": "String",
"provisionedPlans": [
{
"@odata.type": "microsoft.graph.provisionedPlan"
}
],
"proxyAddresses": [
"String"
],
"responsibilities": [
"String"
],
"schools": [
"String"
],
"securityIdentifier": "String",
"serviceProvisioningErrors": [
{
"@odata.type": "microsoft.graph.serviceProvisioningXmlError"
}
],
"showInAddressList": true,
"signInActivity": {
"@odata.type": "microsoft.graph.signInActivity"
},
"signInSessionsValidFromDateTime": "String (timestamp)",
"skills": [
"String"
],
"state": "String",
"streetAddress": "String",
"surname": "String",
"usageLocation": "String",
"userPrincipalName": "String",
"userType": "String",
"calendar": {
"@odata.type": "microsoft.graph.calendar"
},
"calendarGroups": [
{
"@odata.type": "microsoft.graph.calendarGroup"
}
],
"calendarView": [
{
"@odata.type": "microsoft.graph.event"
}
],
"calendars": [
{
"@odata.type": "microsoft.graph.calendar"
}
],
"contacts": [
{
"@odata.type": "microsoft.graph.contact"
}
],
"contactFolders": [
{
"@odata.type": "microsoft.graph.contactFolder"
}
],
"createdObjects": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
],
"directReports": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
],
"drive": {
"@odata.type": "microsoft.graph.drive"
},
"drives": [
{
"@odata.type": "microsoft.graph.drive"
}
],
"events": [
{
"@odata.type": "microsoft.graph.event"
}
],
"inferenceClassification": {
"@odata.type": "microsoft.graph.inferenceClassification"
},
"mailFolders": [
{
"@odata.type": "microsoft.graph.mailFolder"
}
],
"manager": {
"@odata.type": "microsoft.graph.directoryObject"
},
"memberOf": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
],
"messages": [
{
"@odata.type": "microsoft.graph.message"
}
],
"outlook": {
"@odata.type": "microsoft.graph.outlookUser"
},
"ownedDevices": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
],
"ownedObjects": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
],
"photo": {
"@odata.type": "microsoft.graph.profilePhoto"
},
"photos": [
{
"@odata.type": "microsoft.graph.profilePhoto"
}
],
"registeredDevices": [
{
"@odata.type": "microsoft.graph.directoryObject"
}
]
}Relationships
Microsoft Graph v1.0
exact-category-docs
Relationships is shown from stable Microsoft Graph v1.0 metadata.
| Relationship | Type | Description |
|---|---|---|
activities |
userActivity collection |
The user's activities across devices. Read-only. Nullable. |
adhocCalls |
adhocCall collection |
Ad hoc calls associated with the user. Read-only. Nullable. |
agreementAcceptances |
agreementAcceptance collection |
The user's terms of use acceptance statuses. Read-only. Nullable. |
appRoleAssignments |
appRoleAssignment collection |
Represents the app roles a user is granted for an application. Supports $expand. |
authentication |
authentication |
The authentication methods that are supported for the user. |
calendar |
calendar |
The user's primary calendar. Read-only. |
calendarGroups |
calendarGroup collection |
The user's calendar groups. Read-only. Nullable. |
calendars |
calendar collection |
The user's calendars. Read-only. Nullable. |
calendarView |
event collection |
The calendar view for the calendar. Read-only. Nullable. |
cloudPCs |
cloudPC collection |
The user's Cloud PCs. Read-only. Nullable. |
contactFolders |
contactFolder collection |
The user's contacts folders. Read-only. Nullable. |
contacts |
contact collection |
The user's contacts. Read-only. Nullable. |
createdObjects |
directoryObject collection |
Directory objects that the user created. Read-only. Nullable. |
dataSecurityAndGovernance |
userDataSecurityAndGovernance |
The data security and governance settings for the user. Read-only. Nullable. |
directReports |
directoryObject collection |
The users and contacts that report to the user. (The users and contacts that have their manager property set to this user.) Read-only. Nullable. Supports $expand. |
drive |
drive |
The user's OneDrive. Read-only. |
drives |
drive collection |
A collection of drives available for this user. Read-only. |
events |
event collection |
The user's events. Default is to show Events under the Default Calendar. Read-only. Nullable. |
extensions |
extension collection |
The collection of open extensions defined for the user. Read-only. Supports $expand. Nullable. |
inferenceClassification |
inferenceClassification |
Relevance classification of the user's messages based on explicit designations that override inferred relevance or importance. |
insights |
itemInsights |
Represents relationships between a user and items such as OneDrive for work or school documents, calculated using advanced analytics and machine learning techniques. Read-only. Nullable. |
licenseDetails |
licenseDetails collection |
A collection of this user's license details. Read-only. |
mailFolders |
mailFolder collection |
The user's mail folders. Read-only. Nullable. |
manager |
directoryObject |
The user or contact that is this user's manager. Read-only. Supports $expand. |
memberOf |
directoryObject collection |
The groups and directory roles that the user is a member of. Read-only. Nullable. Supports $expand. |
messages |
message collection |
The messages in a mailbox or folder. Read-only. Nullable. |
onenote |
onenote |
Read-only. |
onlineMeetings |
onlineMeeting collection |
Information about a meeting, including the URL used to join a meeting, the attendees list, and the description. |
outlook |
outlookUser |
Read-only. |
ownedDevices |
directoryObject collection |
Devices the user owns. Read-only. Nullable. Supports $expand and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
ownedObjects |
directoryObject collection |
Directory objects the user owns. Read-only. Nullable. Supports $expand, $select nested in $expand, and $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). |
people |
person collection |
People that are relevant to the user. Read-only. Nullable. |
permissionGrants |
resourceSpecificPermissionGrant collection |
List all resource-specific permission grants of a user. |
photo |
profilePhoto |
The user's profile photo. Read-only. |
photos |
profilePhoto collection |
The collection of the user's profile photos in different sizes. Read-only. |
planner |
plannerUser |
Entry-point to the Planner resource that might exist for a user. Read-only. |
registeredDevices |
directoryObject collection |
Devices that are registered for the user. Read-only. Nullable. Supports $expand and returns up to 100 objects. |
solutions |
userSolutionRoot |
The identifier that relates the user to the working time schedule triggers. Read-Only. Nullable |
sponsors |
directoryObject collection |
The users and groups responsible for this guest's privileges in the tenant and keeping the guest's information and access updated. (HTTP Methods: GET, POST, DELETE.). Supports $expand. |
teamwork |
userTeamwork |
A container for Microsoft Teams features available for the user. Read-only. Nullable. |
todo |
todo |
Represents the To Do services available to a user. |
transitiveMemberOf |
directoryObject collection |
The groups, including nested groups, and directory roles that a user is a member of. Nullable. |
assignedLicenses |
assignedLicense collection |
The licenses that are assigned to the user, including inherited (group-based) licenses. This property doesn't differentiate between directly assigned and inherited licenses. Use the licenseAssignmentStates property to identify the directly assigned and inherited licenses. Not nullable. Returned only on $select. Supports $filter (eq, not, /$count eq 0, /$count ne 0). |
assignedPlans |
assignedPlan collection |
The plans that are assigned to the user. Read-only. Not nullable. Returned only on $select. Supports $filter (eq and not). |
businessPhones |
string collection |
The telephone numbers for the user. NOTE: Although it's a string collection, only one number can be set for this property. Read-only for users synced from the on-premises directory. Returned by default. Supports $filter (eq, not, ge, le, startsWith). |
chats |
chat collection |
Related chats data exposed by this resource. |
deviceManagementTroubleshootingEvents |
deviceManagementTroubleshootingEvent collection |
The list of troubleshooting events for this user. |
Graph Methods
Delegated access
App-only access
Exact Microsoft Learn match
Microsoft Graph v1.0 endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn match
Microsoft Graph beta endpoints are mapped directly from refreshed Microsoft Learn permissions tables.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell v1.0 commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Exact Microsoft Learn PowerShell match
Microsoft Graph PowerShell beta commands are mapped directly from refreshed Microsoft Learn PowerShell snippets.
Code Examples
C# / .NET SDK
Add sponsor
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Models;
var requestBody = new ReferenceCreate
{
OdataId = "https://graph.microsoft.com/v1.0/users/{user-id}",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.Users["{user-id}"].Sponsors.Ref.PostAsync(requestBody);
JavaScript
Add sponsor
const options = {
authProvider,
};
const client = Client.init(options);
const directoryObject = {
'@odata.id': 'https://graph.microsoft.com/v1.0/users/{user-id}'
};
await client.api('/users/d8ab5060-f636-4cff-ae97-d4687f5c83f3/sponsors/$ref')
.post(directoryObject);
PowerShell
Assign manager
Import-Module Microsoft.Graph.Users
$params = @{
"@odata.id" = "https://graph.microsoft.com/v1.0/users/6ea91a8d-e32e-41a1-b7bd-d2d185eed0e0"
}
Set-MgUserManagerByRef -UserId $userId -BodyParameter $params
Python
Add sponsor
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.models.reference_create import ReferenceCreate
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = ReferenceCreate(
odata_id = "https://graph.microsoft.com/v1.0/users/{user-id}",
)
await graph_client.users.by_user_id('user-id').sponsors.ref.post(request_body)App Registration
1
Navigate to Azure Portal
Go to App registrations in Microsoft Entra admin center
2
Add API Permission
Select your app → API permissions → Add a permission → Microsoft Graph
3
Select Permission Type
Choose Application permissions or delegated permissions and search for User.ReadWrite.All
4
Grant Admin Consent
Application permissions always require admin consent.