Retrieve the properties and relationships of user object.
This operation returns by default only a subset of the more commonly used properties for each user. These default properties are noted in the Properties section. To get properties that are not returned by default, do a GET operation for the user and specify the properties in a $select OData query option. Because the user resource supports extensions, you can also use the GET operation to get custom properties and extension data in a user instance.
Customers through Microsoft Entra ID for customers can also use this API operation to retrieve their details.
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Calling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions aren't supported when using the /me endpoint.
The User.Read permission allows the app to read the profile, and discover relationships such as the group membership, reports, and manager of the signed-in user only.
Permissions for specific scenarios
To read the employeeLeaveDateTime property:
In delegated scenarios, the signed-in user needs at least one of the following Microsoft Entra roles: Lifecycle Workflows Administrator (least privilege), Global Reader; the app must be granted the User-LifeCycleInfo.Read.All delegated permission.
In app-only scenarios with Microsoft Graph permissions, the app must be granted the User-LifeCycleInfo.Read.All permission.
To read the customSecurityAttributes property:
In delegated scenarios, the signed-in user must be assigned the Attribute Assignment Administrator role and the app granted the CustomSecAttributeAssignment.Read.All permission.
In app-only scenarios with Microsoft Graph permissions, the app must be granted the CustomSecAttributeAssignment.Read.All permission.
User-Mail.ReadWrite.All is the least privileged permission to read and write the otherMails property; also allows to read some identifier-related properties on the user object.
User-PasswordProfile.ReadWrite.All is the least privileged permission to read and write password reset-related properties; also allows to read some identifier-related properties on the user object.
User-Phone.ReadWrite.All is the least privileged permission to read and write the businessPhones and mobilePhone properties; also allows to read some identifier-related properties on the user object.
User.EnableDisableAccount.All + User.Read.All is the least privileged combination of permissions to read and write the accountEnabled property.
HTTP request
For a specific user:
GET /me
GET /users/{id | userPrincipalName}
Tip
When the userPrincipalName begins with a $ character, the GET request URL syntax /users/$x@y.com fails with a 400 Bad Request error code. The request fails because the URL violates the OData URL convention, which expects only system query options to be prefixed with a $ character. Remove the slash (/) after /users and enclose the userPrincipalName in parentheses and single quotes, as follows: /users('$x@y.com'). For example, /users('$AdeleVance@contoso.com').
To query a B2B user using the userPrincipalName, encode the hash (#) character. That is, replace the # symbol with %23. For example, /users/AdeleVance_adatum.com%23EXT%23@contoso.com.
For the signed-in user:
GET /me
Optional query parameters
This method supports the $selectOData query parameter to retrieve specific user properties, including those not returned by default.
By default, only a limited set of properties are returned (businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName).
To return an alternative property set, you must specify the desired set of user properties using the OData $select query parameter. For example, to return displayName, givenName, and postalCode, add the following expression to your query $select=displayName,givenName,postalCode.
Extension properties also support query parameters as follows:
If successful, this method returns a 200 OK response code and user object in the response body. It returns the default properties unless you use $select to specify specific properties. This method returns 202 Accepted when the request has been processed successfully but the server requires more time to complete related background operations.
If a user with the ID doesn't exist, this method returns a 404 Not Found error code.
Examples
Example 1: Standard users request
Request
By default, only a limited set of properties are returned ( businessPhones, displayName, givenName, id, jobTitle, mail, mobilePhone, officeLocation, preferredLanguage, surname, userPrincipalName ). This example illustrates the default request and response.
GET https://graph.microsoft.com/v1.0/users/87d349ed-44d7-43e1-9a83-5f2406dee5bd
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
users, err := graphClient.Users().ByUserId("user-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User result = graphClient.users().byUserId("{user-id}").get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.users.by_user_id('user-id').get()
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Me.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
me, err := graphClient.Me().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User result = graphClient.me().get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.me.get()
Example 3: Use $select to retrieve specific properties of a user
To retrieve specific properties, use the OData $select query parameter. For example, to return displayName, givenName, postalCode, and identities, add the following query expression to your query $select=displayName,givenName,postalCode,identities
GET https://graph.microsoft.com/v1.0/users/87d349ed-44d7-43e1-9a83-5f2406dee5bd?$select=displayName,givenName,postalCode,identities
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = new string []{ "displayName","givenName","postalCode","identities" };
});
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphusers "github.com/microsoftgraph/msgraph-sdk-go/users"
//other-imports
)
requestParameters := &graphusers.UserItemRequestBuilderGetQueryParameters{
Select: [] string {"displayName","givenName","postalCode","identities"},
}
configuration := &graphusers.UserItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
users, err := graphClient.Users().ByUserId("user-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User result = graphClient.users().byUserId("{user-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.select = new String []{"displayName", "givenName", "postalCode", "identities"};
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.users.item.user_item_request_builder import UserItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UserItemRequestBuilder.UserItemRequestBuilderGetQueryParameters(
select = ["displayName","givenName","postalCode","identities"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.users.by_user_id('user-id').get(request_configuration = request_configuration)
GET https://graph.microsoft.com/v1.0/users/4562bcc8-c436-4f95-b7c0-4f8ce89dca5e?$select=ext55gb1l09_msLearnCourses
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = new string []{ "ext55gb1l09_msLearnCourses" };
});
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphusers "github.com/microsoftgraph/msgraph-sdk-go/users"
//other-imports
)
requestParameters := &graphusers.UserItemRequestBuilderGetQueryParameters{
Select: [] string {"ext55gb1l09_msLearnCourses"},
}
configuration := &graphusers.UserItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
users, err := graphClient.Users().ByUserId("user-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User result = graphClient.users().byUserId("{user-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.select = new String []{"ext55gb1l09_msLearnCourses"};
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.users.item.user_item_request_builder import UserItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UserItemRequestBuilder.UserItemRequestBuilderGetQueryParameters(
select = ["ext55gb1l09_msLearnCourses"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.users.by_user_id('user-id').get(request_configuration = request_configuration)
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#users(ext55gb1l09_msLearnCourses)/$entity",
"ext55gb1l09_msLearnCourses": {
"@odata.type": "#microsoft.graph.ComplexExtensionValue",
"courseType": "Developer",
"courseName": "Introduction to Microsoft Graph",
"courseId": 1
}
}
Example 5: Get the custom security attribute assignments for a user
The following example shows how to get the custom security attribute assignments for a user.
Attribute #1
Attribute set: Engineering
Attribute: Project
Attribute data type: Collection of Strings
Attribute value: ["Baker","Cascade"]
Attribute #2
Attribute set: Engineering
Attribute: CostCenter
Attribute data type: Collection of Integers
Attribute value: [1001]
Attribute #3
Attribute set: Engineering
Attribute: Certification
Attribute data type: Boolean
Attribute value: true
Attribute #4
Attribute set: Marketing
Attribute: EmployeeId
Attribute data type: String
Attribute value: "QN26904"
To get custom security attribute assignments, the calling principal must be assigned the Attribute Assignment Reader or Attribute Assignment Administrator role and must be granted the CustomSecAttributeAssignment.Read.All or CustomSecAttributeAssignment.ReadWrite.All permission.
GET https://graph.microsoft.com/v1.0/users/{id}?$select=customSecurityAttributes
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.Users["{user-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Select = new string []{ "customSecurityAttributes" };
});
// Code snippets are only available for the latest major version. Current major version is $v1.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-sdk-go"
graphusers "github.com/microsoftgraph/msgraph-sdk-go/users"
//other-imports
)
requestParameters := &graphusers.UserItemRequestBuilderGetQueryParameters{
Select: [] string {"customSecurityAttributes"},
}
configuration := &graphusers.UserItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=go
users, err := graphClient.Users().ByUserId("user-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
User result = graphClient.users().byUserId("{user-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.select = new String []{"customSecurityAttributes"};
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph import GraphServiceClient
from msgraph.generated.users.item.user_item_request_builder import UserItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://zcusa.951200.xyz/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UserItemRequestBuilder.UserItemRequestBuilderGetQueryParameters(
select = ["customSecurityAttributes"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.users.by_user_id('user-id').get(request_configuration = request_configuration)
If there are no custom security attributes assigned to the user or if the calling principal doesn't have access, the following block shows the response: