Repo sync for protected branch

.github/workflows/changelog-links.yml

@@ -0,0 +1,25 @@
+name: Changelog link validation
+
+on:
+  pull_request:
+    branches: [ main, live ]
+
+permissions:
+  pull-requests: write
+  contents: read
+
+jobs:
+  check_pull_request:
+    name: Check files for broken links
+    runs-on: ubuntu-latest
+    steps:
+    - uses: actions/checkout@v6
+      with:
+        sparse-checkout: |
+          changelog
+    - name: Validate files
+      id: validate
+      with:
+        repoToken: ${{ secrets.GITHUB_TOKEN }}
+        changeLogDirectory: changelog
+      uses: microsoftgraph/changelog-link-check@v1.0.9

api-reference/beta/api/accesspackage-getapplicablepolicyrequirements.md

@@ -43,14 +43,14 @@ None.
 |Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
 
 ## Request body
-Don't supply a request body for this method if you wish to retrieve a list of access package requirements as in example 1. If you want to get policy requirements for user scope as in example 2, you must supply a request body.
+Don't supply a request body for this method.
 
 ## Response
 If successful, this method returns a `200 OK` response code and an [accessPackageAssignmentRequestRequirements](../resources/accesspackageassignmentrequestrequirements.md) collection in the response body, one object for each policy for which the user is an **allowedRequestor**. If there's a policy with no requirements, the **accessPackageAssignmentRequestRequirements** has `false` and `null` values. If there are no policies where the user is an **allowedRequestor**, an empty collection is returned instead.
 
 ## Examples
 
-### Example 1: Retrieve a list of access package requirements to create an access package
+### Example 1: Retrieve a list of access package requirements
 
 #### Request
 
@@ -141,123 +141,7 @@ Content-Type: application/json
 }
 ```
 
-### Example 2: Get policy requirements for a given user scope
-
-#### Request
-
-The following example shows a request.
-
-# [HTTP](#tab/http)
-<!-- {
-  "blockType": "request",
-  "sampleKeys": ["b15419bb-5ffc-ea11-b207-c8d9d21f4e9a"],
-  "name": "get_req_for_given_user"
-}-->
-
-```http
-POST https://graph.microsoft.com/beta/identityGovernance/entitlementManagement/accessPackages/b15419bb-5ffc-ea11-b207-c8d9d21f4e9a/getApplicablePolicyRequirements
-
-{
-        "subject": {
-            "objectId": "5acd375c-8acb-45de-a958-fa0dd89259ad"
-        }
-    }
-```
-
-# [C#](#tab/csharp)
-[!INCLUDE [sample-code](../includes/snippets/csharp/get-req-for-given-user-csharp-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Go](#tab/go)
-[!INCLUDE [sample-code](../includes/snippets/go/get-req-for-given-user-go-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Java](#tab/java)
-[!INCLUDE [sample-code](../includes/snippets/java/get-req-for-given-user-java-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [JavaScript](#tab/javascript)
-[!INCLUDE [sample-code](../includes/snippets/javascript/get-req-for-given-user-javascript-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PHP](#tab/php)
-[!INCLUDE [sample-code](../includes/snippets/php/get-req-for-given-user-php-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [PowerShell](#tab/powershell)
-[!INCLUDE [sample-code](../includes/snippets/powershell/get-req-for-given-user-powershell-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
-# [Python](#tab/python)
-[!INCLUDE [sample-code](../includes/snippets/python/get-req-for-given-user-python-snippets.md)]
-[!INCLUDE [sdk-documentation](../includes/snippets/snippets-sdk-documentation-link.md)]
-
----
-
-#### Response
-
-The following example shows the response.
-
-<!-- {
-  "blockType": "response",
-  "truncated": true,
-  "@odata.type": "Collection(microsoft.graph.accessPackageAssignmentRequestRequirements)"
-}
--->
-
-```http
-HTTP/1.1 200 OK
-Content-Type: application/json
-
-{
-    "value": [
-        {
-            "policyId": "d6322c23-04d6-eb11-b22b-c8d9d21f4e9a",
-            "policyDisplayName": "Initial Policy",
-            "policyDescription": "Initial Policy",
-            "isApprovalRequired": false,
-            "isApprovalRequiredForExtension": false,
-            "isRequestorJustificationRequired": false,
-            "questions": [
-                {
-                    "@odata.type": "#microsoft.graph.textInputQuestion",
-                    "id": "5a7f2a8f-b802-4438-bec6-09599bc43e13",
-                    "isRequired": false,
-                    "isAnswerEditable": true,
-                    "sequence": 0,
-                    "isSingleLineQuestion": true,
-                    "text": {
-                        "defaultText": "Enter your mail",
-                        "localizedTexts": []
-                    }
-                }
-            ],
-            "existingAnswers": [
-                {
-                    "@odata.type": "#microsoft.graph.answerString",
-                    "displayValue": "admin@contoso.com",
-                    "value": "admin@contoso.com",
-                    "answeredQuestion": {
-                        "@odata.type": "#microsoft.graph.textInputQuestion",
-                        "id": "5a7f2a8f-b802-4438-bec6-09599bc43e13",
-                        "isRequired": false,
-                        "isAnswerEditable": true,
-                        "sequence": 0,
-                        "isSingleLineQuestion": true,
-                        "text": {
-                            "defaultText": "Enter your mail",
-                            "localizedTexts": []
-                        }
-                    }
-                }
-            ],
-            "schedule": []
-        }
-    ]
-}
-```
-
-### Example 3: Get policy requirements for verifiable credential status requirements
+### Example 2: Get policy requirements for verifiable credential status requirements
 
 #### Request
 

api-reference/beta/api/accesspackage-post-accesspackageresourcerolescopes.md

@@ -449,10 +449,10 @@ Content-type: application/json
         "description": "/resourceGroups/rg",
         "displayName": "/resourceGroups/rg",
         "isRootScope": false,
-                "originSystem": "AzureResources",
-                "originId": "/subscriptions/828b526f-c769-4b19-9797-734b4843b978/resourceGroups/rg"
-            }
-        }
+        "originSystem": "AzureResources",
+        "originId": "/subscriptions/828b526f-c769-4b19-9797-734b4843b978/resourceGroups/rg"
+    }
+}
 ```
 
 # [C#](#tab/csharp)

api-reference/beta/api/accesspackageassignmentrequest-cancel.md

@@ -23,7 +23,7 @@ Choose the permission or permissions marked as least privileged for this API. Us
 <!-- { "blockType": "permissions", "name": "accesspackageassignmentrequest_cancel" } -->
 [!INCLUDE [permissions-table](../includes/permissions/accesspackageassignmentrequest-cancel-permissions.md)]
 
-[!INCLUDE [rbac-entitlement-access-package-assignment-manager-write](../includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write.md)]
+[!INCLUDE [rbac-entitlement-access-package-assignment-manager-write-including-subject-access](../includes/rbac-for-apis/rbac-entitlement-management-access-package-assignment-manager-apis-write-including-subject-access.md)]
 
 ## HTTP request
 

api-reference/beta/api/crosstenantmigrationjob-migrate.md

@@ -0,0 +1,119 @@
+---
+title: "crossTenantMigrationJob: migrate"
+description: "Migrate a crossTenantMigrationJob asynchronously."
+author: "danguilliams"
+ms.date: 05/05/2026
+ms.localizationpriority: medium
+ms.subservice: "t2t-migration"
+doc_type: apiPageType
+---
+
+# crossTenantMigrationJob: migrate
+
+Namespace: microsoft.graph
+
+[!INCLUDE [beta-disclaimer](../../includes/beta-disclaimer.md)]
+
+Migrate a [cross-tenant migration job](../resources/crosstenantmigrationjob.md) asynchronously. The job must pass validation before migration can start. After a job is created by using the [Create crossTenantMigrationJob](../api/migrationsroot-post-crosstenantmigrationjobs.md) method and validated by using the [validate](../api/crosstenantmigrationjob-validate.md) action, call this action to start the migration of user data from the source tenant to the target tenant for the specified workloads. Validation results expire after seven days; if expired, revalidate the job before you call the **migrate** API.
+
+This action is asynchronous. After you call the **migrate** API, poll the [Get crossTenantMigrationJob](../api/crosstenantmigrationjob-get.md) endpoint to check for a terminal status of `completed`, `completedWithErrors`, or `failed`.
+
+## Permissions
+
+Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions [only if your app requires it](/graph/permissions-overview#best-practices-for-using-microsoft-graph-permissions). For details about delegated and application permissions, see [Permission types](/graph/permissions-overview#permission-types). To learn more about these permissions, see the [permissions reference](/graph/permissions-reference).
+
+<!-- {
+  "blockType": "permissions",
+  "name": "crosstenantmigrationjob-migrate-permissions"
+}
+-->
+[!INCLUDE [permissions-table](../includes/permissions/crosstenantmigrationjob-migrate-permissions.md)]
+
+[!INCLUDE [access-requirements](../includes/rbac-for-apis/rbac-crosstenantmigration-apis.md)]
+
+## HTTP request
+
+<!-- {
+  "blockType": "ignored"
+}
+-->
+``` http
+POST /solutions/migrations/crossTenantMigrationJobs/{crossTenantMigrationJobId}/migrate
+```
+
+## Request headers
+
+|Name|Description|
+|:---|:---|
+|Authorization|Bearer {token}. Required. Learn more about [authentication and authorization](/graph/auth/auth-concepts).|
+
+## Request body
+
+Don't supply a request body for this method.
+
+## Response
+
+If successful, this action returns a `200 OK` response code and a [crossTenantMigrationJob](../resources/crosstenantmigrationjob.md) in the response body.
+
+This method can also return the following error codes in the response body.
+
+| Status code | Description |
+|:---|:---|
+| `404 Not Found` | The specified **crossTenantMigrationJob** wasn't found. |
+| `409 Conflict` | The job isn't in a valid status for migration. The job must be in `validatePassed`, `failed`, or `completedWithErrors` status. |
+| `409 Conflict` | The validation results expired (more than seven days ago). Revalidate the job before you call the **migrate** API. |
+
+## Examples
+
+### Request
+
+The following example shows a request.
+<!-- {
+  "blockType": "request",
+  "name": "crosstenantmigrationjobthis.migrate"
+}
+-->
+``` http
+POST https://graph.microsoft.com/beta/solutions/migrations/crossTenantMigrationJobs/add14989-2b21-4001-81bd-a18b0bac1dea/migrate
+```
+
+### Response
+
+The following example shows the response.
+>**Note:** The response object shown here might be shortened for readability.
+<!-- {
+  "blockType": "response",
+  "truncated": true,
+  "@odata.type": "microsoft.graph.crossTenantMigrationJob"
+}
+-->
+``` http
+HTTP/1.1 200 OK
+Content-Type: application/json
+
+{
+  "@odata.context": "https://graph.microsoft.com/beta/$metadata#microsoft.graph.crossTenantMigrationJob",
+  "id": "add14989-2b21-4001-81bd-a18b0bac1dea",
+  "displayName": "Contoso_migration_job",
+  "status": "processing",
+  "jobType": "migrate",
+  "message": "Migration job has been submitted successfully",
+  "completeAfterDateTime": "2026-05-22T17:14:52Z",
+  "sourceTenantId": "12345678-1234-1234-1234-123456789012",
+  "targetTenantId": "87654321-4321-4321-4321-210987654321",
+  "resourceType": "users",
+  "resources": [],
+  "workloads": [
+    "Teams",
+    "Exchange",
+    "ODSP"
+  ],
+  "createdBy": "admin@fabrikam.onmicrosoft.com",
+  "createdDateTime": "2026-05-04T20:55:10.5427196Z",
+  "lastUpdatedDateTime": "2026-05-04T20:55:10Z",
+  "exchangeSettings": {
+    "targetDeliveryDomain": "fabrikam.com",
+    "sourceEndpoint": "EXOHandler"
+  }
+}
+```