Microsoft · Schema
Microsoft Graph User
Represents a Microsoft Entra user account. Inherits from directoryObject. Contains properties for identity, contact information, organizational role, and account settings managed through Microsoft Graph API.
Fortune 100
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the user (GUID). Inherited from directoryObject. |
| displayName | string | Name displayed in the address book, usually the combination of first name, middle initial, and last name |
| givenName | stringnull | The given name (first name) of the user |
| surname | stringnull | The user's last name (family name) |
| stringnull | The SMTP address for the user | |
| userPrincipalName | string | The user principal name (UPN) in internet-style login format based on RFC 822 |
| mailNickname | stringnull | The mail alias for the user |
| jobTitle | stringnull | The user's job title |
| department | stringnull | The name of the department in which the user works |
| officeLocation | stringnull | The office location in the user's place of business |
| companyName | stringnull | The company name associated with the user |
| businessPhones | array | Telephone numbers for the user |
| mobilePhone | stringnull | The primary cellular telephone number for the user |
| faxNumber | stringnull | The fax number of the user |
| streetAddress | stringnull | The street address of the user's place of business |
| city | stringnull | The city where the user is located |
| state | stringnull | The state or province in the user's address |
| postalCode | stringnull | The postal code for the user's postal address |
| country | stringnull | The country or region where the user is located |
| usageLocation | stringnull | A two-letter country code (ISO 3166) required for users assigned licenses |
| preferredLanguage | stringnull | The preferred language for the user in ISO 639-1 format (e.g., en-US) |
| accountEnabled | booleannull | True if the account is enabled; otherwise, false |
| employeeId | stringnull | The employee identifier assigned to the user by the organization |
| employeeType | stringnull | Captures enterprise worker type (e.g., Employee, Contractor, Consultant, Vendor) |
| employeeHireDate | stringnull | The date and time when the user was hired or will start work |
| employeeOrgData | object | |
| ageGroup | stringnull | Sets the age group of the user |
| consentProvidedForMinor | stringnull | Whether consent was obtained for minors |
| legalAgeGroupClassification | stringnull | Legal age group classification used by enterprise applications |
| createdDateTime | stringnull | The date and time the user was created in ISO 8601 format and UTC |
| deletedDateTime | stringnull | The date and time the user was deleted |
| lastPasswordChangeDateTime | stringnull | The time when the user last changed their password |
| identities | array | Represents the identities that can be used to sign in to this user account |
| imAddresses | array | The instant message VoIP SIP addresses for the user |
| proxyAddresses | array | Email addresses that direct to the same mailbox |
| assignedLicenses | array | The licenses assigned to the user, including inherited group-based licenses |
| assignedPlans | array | The plans assigned to the user |
| onPremisesSyncEnabled | booleannull | True if the object is synced from an on-premises directory |
| onPremisesDistinguishedName | stringnull | Contains the on-premises Active Directory distinguished name |
| onPremisesDomainName | stringnull | Contains the on-premises domain FQDN |
| onPremisesLastSyncDateTime | stringnull | Last time the object was synced with the on-premises directory |
| onPremisesSamAccountName | stringnull | Contains the on-premises SAM account name |
| onPremisesSecurityIdentifier | stringnull | Contains the on-premises security identifier (SID) |
| passwordPolicies | stringnull | Specifies password policies for the user |
| passwordProfile | object | |
| mySite | stringnull | The URL for the user's personal site |
| aboutMe | stringnull | A freeform text entry field for the user to describe themselves |
| interests | array | A list for the user to describe their interests |
| birthday | stringnull | The birthday of the user in ISO 8601 format and UTC |
| externalUserState | stringnull | For a guest invited to the tenant, this represents the invitation status |
| creationType | stringnull | Indicates how the user account was created |
| isResourceAccount | booleannull | Reserved for future use |
JSON Schema
{
"$schema": "https://json-schema.org/draft/2020-12/schema",
"$id": "https://learn.microsoft.com/en-us/graph/schemas/microsoft/user.json",
"title": "Microsoft Graph User",
"description": "Represents a Microsoft Entra user account. Inherits from directoryObject. Contains properties for identity, contact information, organizational role, and account settings managed through Microsoft Graph API.",
"type": "object",
"required": ["displayName", "userPrincipalName"],
"properties": {
"id": {
"type": "string",
"description": "Unique identifier for the user (GUID). Inherited from directoryObject.",
"readOnly": true
},
"displayName": {
"type": "string",
"description": "Name displayed in the address book, usually the combination of first name, middle initial, and last name",
"maxLength": 256
},
"givenName": {
"type": ["string", "null"],
"description": "The given name (first name) of the user",
"maxLength": 64
},
"surname": {
"type": ["string", "null"],
"description": "The user's last name (family name)",
"maxLength": 64
},
"mail": {
"type": ["string", "null"],
"format": "email",
"description": "The SMTP address for the user"
},
"userPrincipalName": {
"type": "string",
"description": "The user principal name (UPN) in internet-style login format based on RFC 822"
},
"mailNickname": {
"type": ["string", "null"],
"description": "The mail alias for the user",
"maxLength": 64
},
"jobTitle": {
"type": ["string", "null"],
"description": "The user's job title",
"maxLength": 128
},
"department": {
"type": ["string", "null"],
"description": "The name of the department in which the user works",
"maxLength": 64
},
"officeLocation": {
"type": ["string", "null"],
"description": "The office location in the user's place of business"
},
"companyName": {
"type": ["string", "null"],
"description": "The company name associated with the user",
"maxLength": 64
},
"businessPhones": {
"type": "array",
"items": {
"type": "string"
},
"description": "Telephone numbers for the user"
},
"mobilePhone": {
"type": ["string", "null"],
"description": "The primary cellular telephone number for the user",
"maxLength": 64
},
"faxNumber": {
"type": ["string", "null"],
"description": "The fax number of the user"
},
"streetAddress": {
"type": ["string", "null"],
"description": "The street address of the user's place of business",
"maxLength": 1024
},
"city": {
"type": ["string", "null"],
"description": "The city where the user is located",
"maxLength": 128
},
"state": {
"type": ["string", "null"],
"description": "The state or province in the user's address",
"maxLength": 128
},
"postalCode": {
"type": ["string", "null"],
"description": "The postal code for the user's postal address",
"maxLength": 40
},
"country": {
"type": ["string", "null"],
"description": "The country or region where the user is located",
"maxLength": 128
},
"usageLocation": {
"type": ["string", "null"],
"description": "A two-letter country code (ISO 3166) required for users assigned licenses",
"minLength": 2,
"maxLength": 2
},
"preferredLanguage": {
"type": ["string", "null"],
"description": "The preferred language for the user in ISO 639-1 format (e.g., en-US)"
},
"accountEnabled": {
"type": ["boolean", "null"],
"description": "True if the account is enabled; otherwise, false"
},
"employeeId": {
"type": ["string", "null"],
"description": "The employee identifier assigned to the user by the organization",
"maxLength": 16
},
"employeeType": {
"type": ["string", "null"],
"description": "Captures enterprise worker type (e.g., Employee, Contractor, Consultant, Vendor)"
},
"employeeHireDate": {
"type": ["string", "null"],
"format": "date-time",
"description": "The date and time when the user was hired or will start work"
},
"employeeOrgData": {
"$ref": "#/$defs/EmployeeOrgData"
},
"ageGroup": {
"type": ["string", "null"],
"enum": [null, "Minor", "NotAdult", "Adult"],
"description": "Sets the age group of the user"
},
"consentProvidedForMinor": {
"type": ["string", "null"],
"enum": [null, "Granted", "Denied", "NotRequired"],
"description": "Whether consent was obtained for minors"
},
"legalAgeGroupClassification": {
"type": ["string", "null"],
"enum": [null, "Undefined", "MinorWithOutParentalConsent", "MinorWithParentalConsent", "MinorNoParentalConsentRequired", "NotAdult", "Adult"],
"description": "Legal age group classification used by enterprise applications",
"readOnly": true
},
"createdDateTime": {
"type": ["string", "null"],
"format": "date-time",
"description": "The date and time the user was created in ISO 8601 format and UTC",
"readOnly": true
},
"deletedDateTime": {
"type": ["string", "null"],
"format": "date-time",
"description": "The date and time the user was deleted",
"readOnly": true
},
"lastPasswordChangeDateTime": {
"type": ["string", "null"],
"format": "date-time",
"description": "The time when the user last changed their password",
"readOnly": true
},
"identities": {
"type": "array",
"items": {
"$ref": "#/$defs/ObjectIdentity"
},
"description": "Represents the identities that can be used to sign in to this user account"
},
"imAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "The instant message VoIP SIP addresses for the user",
"readOnly": true
},
"proxyAddresses": {
"type": "array",
"items": {
"type": "string"
},
"description": "Email addresses that direct to the same mailbox",
"readOnly": true
},
"assignedLicenses": {
"type": "array",
"items": {
"$ref": "#/$defs/AssignedLicense"
},
"description": "The licenses assigned to the user, including inherited group-based licenses"
},
"assignedPlans": {
"type": "array",
"items": {
"$ref": "#/$defs/AssignedPlan"
},
"description": "The plans assigned to the user",
"readOnly": true
},
"onPremisesSyncEnabled": {
"type": ["boolean", "null"],
"description": "True if the object is synced from an on-premises directory",
"readOnly": true
},
"onPremisesDistinguishedName": {
"type": ["string", "null"],
"description": "Contains the on-premises Active Directory distinguished name",
"readOnly": true
},
"onPremisesDomainName": {
"type": ["string", "null"],
"description": "Contains the on-premises domain FQDN",
"readOnly": true
},
"onPremisesLastSyncDateTime": {
"type": ["string", "null"],
"format": "date-time",
"description": "Last time the object was synced with the on-premises directory",
"readOnly": true
},
"onPremisesSamAccountName": {
"type": ["string", "null"],
"description": "Contains the on-premises SAM account name",
"readOnly": true
},
"onPremisesSecurityIdentifier": {
"type": ["string", "null"],
"description": "Contains the on-premises security identifier (SID)",
"readOnly": true
},
"passwordPolicies": {
"type": ["string", "null"],
"description": "Specifies password policies for the user"
},
"passwordProfile": {
"$ref": "#/$defs/PasswordProfile"
},
"mySite": {
"type": ["string", "null"],
"description": "The URL for the user's personal site"
},
"aboutMe": {
"type": ["string", "null"],
"description": "A freeform text entry field for the user to describe themselves"
},
"interests": {
"type": "array",
"items": {
"type": "string"
},
"description": "A list for the user to describe their interests"
},
"birthday": {
"type": ["string", "null"],
"format": "date-time",
"description": "The birthday of the user in ISO 8601 format and UTC"
},
"externalUserState": {
"type": ["string", "null"],
"enum": [null, "PendingAcceptance", "Accepted"],
"description": "For a guest invited to the tenant, this represents the invitation status"
},
"creationType": {
"type": ["string", "null"],
"description": "Indicates how the user account was created",
"readOnly": true
},
"isResourceAccount": {
"type": ["boolean", "null"],
"description": "Reserved for future use"
}
},
"$defs": {
"EmployeeOrgData": {
"type": ["object", "null"],
"description": "Represents organization data associated with a user",
"properties": {
"division": {
"type": ["string", "null"],
"description": "The name of the division in which the user works"
},
"costCenter": {
"type": ["string", "null"],
"description": "The cost center associated with the user"
}
}
},
"ObjectIdentity": {
"type": "object",
"description": "Represents an identity used to sign in to a user account",
"properties": {
"signInType": {
"type": "string",
"description": "Specifies the user sign-in type (e.g., emailAddress, userName, federated)"
},
"issuer": {
"type": "string",
"description": "Specifies the issuer of the identity"
},
"issuerAssignedId": {
"type": "string",
"description": "Specifies the unique identifier assigned to the user by the issuer"
}
}
},
"AssignedLicense": {
"type": "object",
"description": "Represents a license assigned to a user",
"properties": {
"skuId": {
"type": "string",
"description": "The unique identifier for the SKU"
},
"disabledPlans": {
"type": "array",
"items": {
"type": "string"
},
"description": "A collection of the unique identifiers for disabled plans"
}
}
},
"AssignedPlan": {
"type": "object",
"description": "Represents a plan assigned to a user",
"properties": {
"assignedDateTime": {
"type": "string",
"format": "date-time",
"description": "The date and time at which the plan was assigned"
},
"capabilityStatus": {
"type": "string",
"enum": ["Enabled", "Warning", "Suspended", "Deleted", "LockedOut"],
"description": "Condition of the capability assignment"
},
"service": {
"type": "string",
"description": "The name of the service"
},
"servicePlanId": {
"type": "string",
"description": "A GUID that identifies the service plan"
}
}
},
"PasswordProfile": {
"type": ["object", "null"],
"description": "Contains the password profile associated with a user",
"properties": {
"forceChangePasswordNextSignIn": {
"type": "boolean",
"description": "If true, at next sign-in the user must change their password"
},
"forceChangePasswordNextSignInWithMfa": {
"type": "boolean",
"description": "If true, at next sign-in the user must perform MFA before changing their password"
},
"password": {
"type": ["string", "null"],
"description": "The password for the user. Required when creating a user."
}
}
}
}
}