Microsoft Entra · Schema
Microsoft Entra User
Schema for a Microsoft Entra ID (formerly Azure AD) user resource as represented in the Microsoft Graph API. Contains identity, contact, organizational, and authentication profile properties.
Access ManagementAuthenticationAzure ADEntraIdentityIdentity GovernanceMicrosoftNetwork SecuritySecurityZero Trust
Properties
| Name | Type | Description |
|---|---|---|
| id | string | Unique identifier for the user (GUID). Assigned automatically by Microsoft Entra ID. |
| displayName | string | The name displayed in the address book for the user. Maximum length is 256 characters. |
| givenName | stringnull | The given name (first name) of the user. Maximum length is 64 characters. |
| surname | stringnull | The surname (family name or last name) of the user. Maximum length is 64 characters. |
| userPrincipalName | string | The user principal name (UPN) in the format alias@domain. The domain portion must be a verified domain in the tenant. |
| stringnull | The SMTP address of the user (e.g., [email protected]). Changes to this property also update the proxyAddresses collection. | |
| mailNickname | string | The mail alias for the user. Must be specified when creating a new user. Maximum length is 64 characters. |
| accountEnabled | boolean | true if the account is enabled; otherwise, false. Must be specified when creating a new user. |
| passwordProfile | object | |
| jobTitle | stringnull | The user's job title. Maximum length is 128 characters. |
| department | stringnull | The name of the department in which the user works. Maximum length is 64 characters. |
| officeLocation | stringnull | The office location in the user's place of business. |
| companyName | stringnull | The company name associated with the user. Maximum length is 64 characters. |
| mobilePhone | stringnull | The primary cellular telephone number for the user. Maximum length is 64 characters. |
| businessPhones | array | The telephone numbers for the user. Only one number can be set. Read-only for users synced from on-premises. |
| streetAddress | stringnull | The street address of the user's place of business. Maximum length is 1024 characters. |
| city | stringnull | The city in which the user is located. Maximum length is 128 characters. |
| state | stringnull | The state or province in the user's address. Maximum length is 128 characters. |
| postalCode | stringnull | The postal code for the user's postal address. Maximum length is 40 characters. |
| country | stringnull | The country or region in which the user is located. Use ISO 3166 two-letter country code (e.g., US, GB). |
| usageLocation | stringnull | A two-letter country code (ISO 3166). Required for users assigned licenses due to legal requirements. |
| preferredLanguage | stringnull | The preferred language for the user in ISO 639-1 code format (e.g., en-US). |
| userType | string | A string value that classifies the user type. Member users are internal to the tenant, Guest users are invited from outside. |
| employeeId | stringnull | The employee identifier assigned to the user by the organization. Maximum length is 16 characters. |
| employeeType | stringnull | Captures the enterprise worker type (e.g., Employee, Contractor, Consultant, Vendor). |
| employeeHireDate | stringnull | The date and time when the user was hired or will start work in a future hire. |
| onPremisesSyncEnabled | booleannull | true if synced from an on-premises directory; false if originally cloud-created; null if never synced. |
| onPremisesSamAccountName | stringnull | The on-premises SAM account name synchronized from the on-premises directory. |
| onPremisesDistinguishedName | stringnull | The on-premises distinguished name (DN) synchronized from Active Directory. |
| onPremisesDomainName | stringnull | The on-premises domain name synchronized from Active Directory. |
| onPremisesImmutableId | stringnull | Used to associate an on-premises Active Directory user account to their Entra user object. Must be specified if using a federated domain for the UPN. |
| onPremisesLastSyncDateTime | stringnull | The last time the object was synced with the on-premises directory. |
| proxyAddresses | array | List of proxy addresses (e.g., SMTP:[email protected], smtp:[email protected]). |
| assignedLicenses | array | The licenses assigned to the user including disabled service plans. |
| assignedPlans | array | The plans assigned to the user. |
| identities | array | Identities associated with the user account including social identities for B2B/B2C scenarios. |
| createdDateTime | string | The date and time the user was created. |
| lastSignInDateTime | stringnull | The last interactive sign-in date and time for the user. |
| deletedDateTime | stringnull | The date and time the user was deleted. Only present for deleted users in the deletedItems container. |