diff --git a/deployment-apps/msadgraph/CONTRIBUTING.md b/deployment-apps/msadgraph/CONTRIBUTING.md
new file mode 100644
index 0000000..b3cc507
--- /dev/null
+++ b/deployment-apps/msadgraph/CONTRIBUTING.md
@@ -0,0 +1,2 @@
+# Contributing
+For more information about contributing to Splunk SOAR Apps please take a look at our app [Contribution Guide](https://github.com/splunk-soar-connectors/.github/blob/main/.github/CONTRIBUTING.md)!
diff --git a/deployment-apps/msadgraph/LICENSE b/deployment-apps/msadgraph/LICENSE
new file mode 100644
index 0000000..573247f
--- /dev/null
+++ b/deployment-apps/msadgraph/LICENSE
@@ -0,0 +1,201 @@
+                                 Apache License
+                           Version 2.0, January 2004
+                        http://www.apache.org/licenses/
+
+   TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
+
+   1. Definitions.
+
+      "License" shall mean the terms and conditions for use, reproduction,
+      and distribution as defined by Sections 1 through 9 of this document.
+
+      "Licensor" shall mean the copyright owner or entity authorized by
+      the copyright owner that is granting the License.
+
+      "Legal Entity" shall mean the union of the acting entity and all
+      other entities that control, are controlled by, or are under common
+      control with that entity. For the purposes of this definition,
+      "control" means (i) the power, direct or indirect, to cause the
+      direction or management of such entity, whether by contract or
+      otherwise, or (ii) ownership of fifty percent (50%) or more of the
+      outstanding shares, or (iii) beneficial ownership of such entity.
+
+      "You" (or "Your") shall mean an individual or Legal Entity
+      exercising permissions granted by this License.
+
+      "Source" form shall mean the preferred form for making modifications,
+      including but not limited to software source code, documentation
+      source, and configuration files.
+
+      "Object" form shall mean any form resulting from mechanical
+      transformation or translation of a Source form, including but
+      not limited to compiled object code, generated documentation,
+      and conversions to other media types.
+
+      "Work" shall mean the work of authorship, whether in Source or
+      Object form, made available under the License, as indicated by a
+      copyright notice that is included in or attached to the work
+      (an example is provided in the Appendix below).
+
+      "Derivative Works" shall mean any work, whether in Source or Object
+      form, that is based on (or derived from) the Work and for which the
+      editorial revisions, annotations, elaborations, or other modifications
+      represent, as a whole, an original work of authorship. For the purposes
+      of this License, Derivative Works shall not include works that remain
+      separable from, or merely link (or bind by name) to the interfaces of,
+      the Work and Derivative Works thereof.
+
+      "Contribution" shall mean any work of authorship, including
+      the original version of the Work and any modifications or additions
+      to that Work or Derivative Works thereof, that is intentionally
+      submitted to Licensor for inclusion in the Work by the copyright owner
+      or by an individual or Legal Entity authorized to submit on behalf of
+      the copyright owner. For the purposes of this definition, "submitted"
+      means any form of electronic, verbal, or written communication sent
+      to the Licensor or its representatives, including but not limited to
+      communication on electronic mailing lists, source code control systems,
+      and issue tracking systems that are managed by, or on behalf of, the
+      Licensor for the purpose of discussing and improving the Work, but
+      excluding communication that is conspicuously marked or otherwise
+      designated in writing by the copyright owner as "Not a Contribution."
+
+      "Contributor" shall mean Licensor and any individual or Legal Entity
+      on behalf of whom a Contribution has been received by Licensor and
+      subsequently incorporated within the Work.
+
+   2. Grant of Copyright License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      copyright license to reproduce, prepare Derivative Works of,
+      publicly display, publicly perform, sublicense, and distribute the
+      Work and such Derivative Works in Source or Object form.
+
+   3. Grant of Patent License. Subject to the terms and conditions of
+      this License, each Contributor hereby grants to You a perpetual,
+      worldwide, non-exclusive, no-charge, royalty-free, irrevocable
+      (except as stated in this section) patent license to make, have made,
+      use, offer to sell, sell, import, and otherwise transfer the Work,
+      where such license applies only to those patent claims licensable
+      by such Contributor that are necessarily infringed by their
+      Contribution(s) alone or by combination of their Contribution(s)
+      with the Work to which such Contribution(s) was submitted. If You
+      institute patent litigation against any entity (including a
+      cross-claim or counterclaim in a lawsuit) alleging that the Work
+      or a Contribution incorporated within the Work constitutes direct
+      or contributory patent infringement, then any patent licenses
+      granted to You under this License for that Work shall terminate
+      as of the date such litigation is filed.
+
+   4. Redistribution. You may reproduce and distribute copies of the
+      Work or Derivative Works thereof in any medium, with or without
+      modifications, and in Source or Object form, provided that You
+      meet the following conditions:
+
+      (a) You must give any other recipients of the Work or
+          Derivative Works a copy of this License; and
+
+      (b) You must cause any modified files to carry prominent notices
+          stating that You changed the files; and
+
+      (c) You must retain, in the Source form of any Derivative Works
+          that You distribute, all copyright, patent, trademark, and
+          attribution notices from the Source form of the Work,
+          excluding those notices that do not pertain to any part of
+          the Derivative Works; and
+
+      (d) If the Work includes a "NOTICE" text file as part of its
+          distribution, then any Derivative Works that You distribute must
+          include a readable copy of the attribution notices contained
+          within such NOTICE file, excluding those notices that do not
+          pertain to any part of the Derivative Works, in at least one
+          of the following places: within a NOTICE text file distributed
+          as part of the Derivative Works; within the Source form or
+          documentation, if provided along with the Derivative Works; or,
+          within a display generated by the Derivative Works, if and
+          wherever such third-party notices normally appear. The contents
+          of the NOTICE file are for informational purposes only and
+          do not modify the License. You may add Your own attribution
+          notices within Derivative Works that You distribute, alongside
+          or as an addendum to the NOTICE text from the Work, provided
+          that such additional attribution notices cannot be construed
+          as modifying the License.
+
+      You may add Your own copyright statement to Your modifications and
+      may provide additional or different license terms and conditions
+      for use, reproduction, or distribution of Your modifications, or
+      for any such Derivative Works as a whole, provided Your use,
+      reproduction, and distribution of the Work otherwise complies with
+      the conditions stated in this License.
+
+   5. Submission of Contributions. Unless You explicitly state otherwise,
+      any Contribution intentionally submitted for inclusion in the Work
+      by You to the Licensor shall be under the terms and conditions of
+      this License, without any additional terms or conditions.
+      Notwithstanding the above, nothing herein shall supersede or modify
+      the terms of any separate license agreement you may have executed
+      with Licensor regarding such Contributions.
+
+   6. Trademarks. This License does not grant permission to use the trade
+      names, trademarks, service marks, or product names of the Licensor,
+      except as required for reasonable and customary use in describing the
+      origin of the Work and reproducing the content of the NOTICE file.
+
+   7. Disclaimer of Warranty. Unless required by applicable law or
+      agreed to in writing, Licensor provides the Work (and each
+      Contributor provides its Contributions) on an "AS IS" BASIS,
+      WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+      implied, including, without limitation, any warranties or conditions
+      of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
+      PARTICULAR PURPOSE. You are solely responsible for determining the
+      appropriateness of using or redistributing the Work and assume any
+      risks associated with Your exercise of permissions under this License.
+
+   8. Limitation of Liability. In no event and under no legal theory,
+      whether in tort (including negligence), contract, or otherwise,
+      unless required by applicable law (such as deliberate and grossly
+      negligent acts) or agreed to in writing, shall any Contributor be
+      liable to You for damages, including any direct, indirect, special,
+      incidental, or consequential damages of any character arising as a
+      result of this License or out of the use or inability to use the
+      Work (including but not limited to damages for loss of goodwill,
+      work stoppage, computer failure or malfunction, or any and all
+      other commercial damages or losses), even if such Contributor
+      has been advised of the possibility of such damages.
+
+   9. Accepting Warranty or Additional Liability. While redistributing
+      the Work or Derivative Works thereof, You may choose to offer,
+      and charge a fee for, acceptance of support, warranty, indemnity,
+      or other liability obligations and/or rights consistent with this
+      License. However, in accepting such obligations, You may act only
+      on Your own behalf and on Your sole responsibility, not on behalf
+      of any other Contributor, and only if You agree to indemnify,
+      defend, and hold each Contributor harmless for any liability
+      incurred by, or claims asserted against, such Contributor by reason
+      of your accepting any such warranty or additional liability.
+
+   END OF TERMS AND CONDITIONS
+
+   APPENDIX: How to apply the Apache License to your work.
+
+      To apply the Apache License to your work, attach the following
+      boilerplate notice, with the fields enclosed by brackets "[]"
+      replaced with your own identifying information. (Don't include
+      the brackets!)  The text should be enclosed in the appropriate
+      comment syntax for the file format. We also recommend that a
+      file or class name and description of purpose be included on the
+      same "printed page" as the copyright notice for easier
+      identification within third-party archives.
+
+   Copyright (c) 2022-2023 Splunk Inc.
+
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+
+       http://www.apache.org/licenses/LICENSE-2.0
+
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/NOTICE b/deployment-apps/msadgraph/NOTICE
new file mode 100644
index 0000000..c7723d7
--- /dev/null
+++ b/deployment-apps/msadgraph/NOTICE
@@ -0,0 +1,26 @@
+Splunk SOAR MS Graph for Active Directory
+Copyright (c) 2022-2023 Splunk Inc.
+
+Third-party Software Attributions:
+
+Library: Django
+Version: 3.2.13
+License: BSD 3
+0.9.0 thru 1.2              1991-1995   CWI         yes
+1.3 thru 1.5.2  1.2         1995-1999   CNRI        yes
+2011, 2012, 2013, 2014, 2015, 2016, 2017, 2018, 2019, 2020 Python Software Foundation;
+Copyright 1991-1995 Stichting Mathematisch Centrum Amsterdam
+Copyright 2001 Python Software Foundation; All Rights Reserved
+Copyright Django Software Foundation and individual contributors
+
+Library: beautifulsoup4
+Version: 4.9.1
+License: MIT
+Copyright 2004-2017 Leonard Richardson
+Copyright 2004-2019 Leonard Richardson
+Copyright 2018 Isaac Muse
+
+Library: requests
+Version: 2.25.0
+License: Apache 2.0
+Kenneth Reitz
diff --git a/deployment-apps/msadgraph/README.md b/deployment-apps/msadgraph/README.md
new file mode 100644
index 0000000..3aa7d32
--- /dev/null
+++ b/deployment-apps/msadgraph/README.md
@@ -0,0 +1,999 @@
+[comment]: # "Auto-generated SOAR connector documentation"
+# MS Graph for Active Directory
+
+Publisher: Splunk  
+Connector Version: 1.3.0  
+Product Vendor: Microsoft  
+Product Name: MS Graph for Active Directory  
+Product Version Supported (regex): ".\*"  
+Minimum Product Version: 6.0.2  
+
+Connects to Microsoft Active Directory using MS Graph REST API services to support various generic and investigative actions
+
+[comment]: # " File: README.md"
+[comment]: # "  Copyright (c) 2022-2023 Splunk Inc."
+[comment]: # ""
+[comment]: # "Licensed under the Apache License, Version 2.0 (the 'License');"
+[comment]: # "you may not use this file except in compliance with the License."
+[comment]: # "You may obtain a copy of the License at"
+[comment]: # ""
+[comment]: # "    http://www.apache.org/licenses/LICENSE-2.0"
+[comment]: # ""
+[comment]: # "Unless required by applicable law or agreed to in writing, software distributed under"
+[comment]: # "the License is distributed on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,"
+[comment]: # "either express or implied. See the License for the specific language governing permissions"
+[comment]: # "and limitations under the License."
+[comment]: # ""
+## Authentication
+
+### Microsoft Azure Application creation
+
+This app requires creating a Microsoft Azure Application. To do so, navigate to
+<https://portal.azure.com> in a browser and log in with a Microsoft account, then select **Azure
+Active Directory** .
+
+1.  Go to **App Registrations** and click on **+ New registration** .
+2.  Give the app an appropriate name.
+3.  Select a supported account type (configure the application to be multitenant).
+4.  Click on the **Register** .
+    -   Under **Certificates & secrets** , add **New client secret** . Note this key somewhere
+        secure, as it cannot be retrieved after closing the window.
+    -   Under **Redirect URIs** we will be updating the entry of https://phantom.local to reflect
+        the actual redirect URI. We will get this from the SOAR asset we create below in the section
+        titled "Configure the MS Graph for Active Directory SOAR app Asset"
+
+### Delegated Permissions configuration
+
+Use this procedure to provide non-admin permissions to the app. To do so, navigate to
+<https://portal.azure.com> in a browser and log in with a Microsoft account, then navigate to the
+previously created app configuration.
+
+1.  Under **API Permissions** , click on **Add a permission** .
+2.  Go to **Microsoft Graph Permissions** , the following **Delegated Permissions** need to be
+    added:
+    -   User.ReadWrite.All
+    -   Directory.ReadWrite.All
+    -   Directory.AccessAsUser.All
+    -   User.ManageIdentities.All
+    -   Group.ReadWrite.All
+    -   GroupMember.ReadWrite.All
+    -   RoleManagement.ReadWrite.Directory
+    -   offline_access
+3.  Click on the **Add permissions** .
+4.  After making these changes, click on **Grant admin consent** .
+
+### Application Permissions configuration
+
+Use this procedure to provide admin permissions to the app. To do so, navigate to
+<https://portal.azure.com> in a browser and log in with a Microsoft account, then navigate to the
+previously created app configuration.
+
+1.  Under **API Permissions** , click on **Add a permission** .
+2.  Go to **Microsoft Graph Permissions** , the following **Application Permissions** need to be
+    added:
+    -   User.ReadWrite.All
+    -   Directory.ReadWrite.All
+    -   User.ManageIdentities.All
+    -   Group.ReadWrite.All
+    -   GroupMember.ReadWrite.All
+    -   RoleManagement.ReadWrite.Directory
+3.  Click on the **Add permissions** .
+4.  After making these changes, click on **Grant admin consent** .
+
+#### Note: **reset password** action is not supported with Application permissions
+
+## Configure the MS Graph for Active Directory SOAR app Asset
+
+When creating an asset for the **MS Graph for Active Directory** app, place the **Application ID**
+of the app created during the previous step in the **Client ID** field and place the password
+generated during the app creation process in the **Client Secret** field. Then, after filling out
+the **Tenant** field, click **SAVE** .
+
+After saving, a new field will appear in the **Asset Settings** tab. Take the URL found in the
+**POST incoming for MS Graph to this location** field and place it in the **Redirect URIs** field of
+the Azure Application configuration page. To this URL, add **/result** . After doing so the URL
+should look something like:
+
+https://\<phantom_host>/rest/handler/msgraphforactivedirectory_f2a239df-acb2-47d6-861c-726a435cfe76/\<asset_name>/result
+
+  
+Once again, click on Save.
+
+## Enable Application Permissions
+
+If you have received admin consent to use application permissions, make sure to check the **Admin
+Access Required** and **Admin Consent Already Provided** checkboxes on the asset.
+
+## User Permissions
+
+To complete the authorization process, this app needs permission to view assets, which is not
+granted by default. First, under **asset settings** , check which user is listed under **Select a
+user on behalf of which automated actions can be executed** . By default, the user will be
+**automation** , but this user can be changed by clicking **EDIT** at the bottom of the window. To
+give this user permission to view assets, follow these steps:
+
+-   In the main drop-down menu, select **Administration** , then select the **User Management** ,
+    and under that tab, select **Roles** . Finally, click **+ ROLE** .
+-   In the **Add Role** wizard, give the role a name (e.g **Asset Viewer** ), and provide a
+    description. Subsequently, under **Available Users** , add the user assigned to the asset viewed
+    earlier. Then click the **Permissions** tab.
+-   On the permission tab, under **Available Privileges** , give the role the **View Assets**
+    privilege. Then click **SAVE** .
+
+## Method to Run Test Connectivity (for delegated permissions)
+
+After setting up the asset and user, click the **TEST CONNECTIVITY** button. A window should pop up
+and display a URL. Navigate to this URL in a separate browser tab. This new tab will redirect to a
+Microsoft login page. Log in to a Microsoft account with administrator privileges to the Microsoft
+AD environment. After logging in, review the requested permissions listed, then click **Accept** .
+Finally, close that tab. The test connectivity window should show success.
+
+The app should now be ready to use.
+
+## State File Permissions
+
+Please check the permissions for the state file as mentioned below.
+
+#### State Filepath
+
+-   For Root Install Instance:
+    /opt/phantom/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}\_state.json
+-   For Non-Root Install Instance:
+    /\<PHANTOM_HOME_DIRECTORY>/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}\_state.json
+
+#### State File Permissions
+
+-   File Rights: rw-rw-r-- (664) (The SOAR user should have read and write access for the state
+    file)
+-   File Owner: appropriate SOAR user
+
+## Port Details
+
+The app uses HTTP/ HTTPS protocol for communicating with the Microsoft Graph server. Below are the
+default ports used by the Splunk SOAR Connector.
+
+| Service Name | Transport Protocol | Port |
+|--------------|--------------------|------|
+| https        | tcp                | 443  |
+
+
+### Configuration Variables
+The below configuration variables are required for this Connector to operate.  These variables are specified when configuring a MS Graph for Active Directory asset in SOAR.
+
+VARIABLE | REQUIRED | TYPE | DESCRIPTION
+-------- | -------- | ---- | -----------
+**tenant_id** |  required  | string | Tenant (Tenant ID or Tenant Name)
+**client_id** |  required  | string | Application ID
+**client_secret** |  required  | password | Client Secret
+**region** |  optional  | string | Microsoft AD Region
+**admin_access_required** |  optional  | boolean | Admin Access Required
+**admin_access_granted** |  optional  | boolean | Admin Consent Already Provided
+
+### Supported Actions  
+[test connectivity](#action-test-connectivity) - Use supplied credentials to generate a token with MS Graph  
+[list users](#action-list-users) - Get a list of users  
+[reset password](#action-reset-password) - Reset or set a user's password in a Microsoft AD environment  
+[disable tokens](#action-disable-tokens) - Invalidate all active refresh tokens for a user in a Microsoft AD environment  
+[enable user](#action-enable-user) - Enable a user  
+[disable user](#action-disable-user) - Disable a user  
+[list user devices](#action-list-user-devices) - List devices for a specified user  
+[list user attributes](#action-list-user-attributes) - List attributes for all or a specified user  
+[set user attribute](#action-set-user-attribute) - Set an attribute for a user  
+[remove user](#action-remove-user) - Remove a user from a specified group  
+[add user](#action-add-user) - Add a user to a specified group  
+[list groups](#action-list-groups) - List groups in the organization  
+[get group](#action-get-group) - Get information about a group  
+[list group members](#action-list-group-members) - List the members in a group  
+[validate group](#action-validate-group) - Returns true if a user is in a group; otherwise, false  
+[list directory roles](#action-list-directory-roles) - List the directory roles that are activated in the tenant  
+[generate token](#action-generate-token) - Generate a token  
+
+## action: 'test connectivity'
+Use supplied credentials to generate a token with MS Graph
+
+Type: **test**  
+Read only: **True**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+No Output  
+
+## action: 'list users'
+Get a list of users
+
+Type: **investigate**  
+Read only: **True**
+
+For more information on using the filter_string, select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters. By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**filter_string** |  optional  | Filter string to apply to user listing | string | 
+**select_string** |  optional  | Select string to get additional user properties. Separate multiple values with commas | string | 
+**expand_string** |  optional  | Expand string to get a resource or collection referenced by a single relationship | string | 
+**use_advanced_query** |  optional  | Use advanced query capabilities | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.expand_string | string |  |   manager 
+action_result.parameter.filter_string | string |  |   startswith(displayName,'User') 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.use_advanced_query | boolean |  |   True  False 
+action_result.data.\*.accountEnabled | boolean |  |   True  False 
+action_result.data.\*.ageGroup | string |  |  
+action_result.data.\*.assignedLicenses.\*.skuId | string |  |   189a915c-fe4f-4ffa-bde4-85b9628d07a0 
+action_result.data.\*.assignedPlans.\*.assignedTimestamp | string |  |   2017-08-29T02:31:40Z 
+action_result.data.\*.assignedPlans.\*.capabilityStatus | string |  |   Enabled 
+action_result.data.\*.assignedPlans.\*.service | string |  |   OfficeForms 
+action_result.data.\*.assignedPlans.\*.servicePlanId | string |  |   e212cbc7-0961-4c40-9825-01117710dcb1 
+action_result.data.\*.city | string |  |   Palo Alto 
+action_result.data.\*.companyName | string |  |  
+action_result.data.\*.consentProvidedForMinor | string |  |  
+action_result.data.\*.country | string |  |   US 
+action_result.data.\*.createdDateTime | string |  |   2019-05-21T22:27:20Z 
+action_result.data.\*.creationType | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.department | string |  |   Sales 
+action_result.data.\*.dirSyncEnabled | string |  |  
+action_result.data.\*.displayName | string |  |   User 
+action_result.data.\*.employeeId | string |  |  
+action_result.data.\*.facsimileTelephoneNumber | string |  |  
+action_result.data.\*.givenName | string |  |   testuser 
+action_result.data.\*.id | string |  `user id`  |   e4c722ac-3b83-478d-8f52-c388885dc30f 
+action_result.data.\*.immutableId | string |  |  
+action_result.data.\*.isCompromised | string |  |  
+action_result.data.\*.jobTitle | string |  |   Sales Manager 
+action_result.data.\*.lastDirSyncTime | string |  |  
+action_result.data.\*.legalAgeGroupClassification | string |  |  
+action_result.data.\*.mail | string |  `email`  |   user@test.com 
+action_result.data.\*.mailNickname | string |  |   testmail 
+action_result.data.\*.mobile | string |  |   +1 5556378688 
+action_result.data.\*.mobilePhone | string |  |  
+action_result.data.\*.objectType | string |  |   User 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.User 
+action_result.data.\*.officeLocation | string |  |  
+action_result.data.\*.onPremisesDistinguishedName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.otherMails | string |  `email`  |   user.test@outlook.com 
+action_result.data.\*.passwordPolicies | string |  |   None 
+action_result.data.\*.passwordProfile | string |  |  
+action_result.data.\*.passwordProfile.enforceChangePasswordPolicy | boolean |  |   True  False 
+action_result.data.\*.passwordProfile.forceChangePasswordNextLogin | boolean |  |   True  False 
+action_result.data.\*.passwordProfile.password | string |  |  
+action_result.data.\*.physicalDeliveryOfficeName | string |  |  
+action_result.data.\*.postalCode | string |  |   94303 
+action_result.data.\*.preferredLanguage | string |  |   en-US 
+action_result.data.\*.provisionedPlans.\*.capabilityStatus | string |  |   Enabled 
+action_result.data.\*.provisionedPlans.\*.provisioningStatus | string |  |   Success 
+action_result.data.\*.provisionedPlans.\*.service | string |  |   exchange 
+action_result.data.\*.proxyAddresses | string |  |   SMTP:user1@test.com 
+action_result.data.\*.refreshTokensValidFromDateTime | string |  |   2017-09-27T22:54:59Z 
+action_result.data.\*.showInAddressList | string |  |  
+action_result.data.\*.sipProxyAddress | string |  `email`  |   user@test.com 
+action_result.data.\*.state | string |  |   CA 
+action_result.data.\*.streetAddress | string |  |   2479 E. Bayshore Rd. 
+action_result.data.\*.surname | string |  |   Test_surname 
+action_result.data.\*.telephoneNumber | string |  |  
+action_result.data.\*.thumbnailPhoto@odata.mediaEditLink | string |  |   directoryObjects/6132ca31-7a09-434f-a269-abe836d0c01e/test.DirectoryServices.User/thumbnailPhoto 
+action_result.data.\*.usageLocation | string |  |   US 
+action_result.data.\*.userPrincipalName | string |  `user id`  |   user@test.com 
+action_result.data.\*.userState | string |  |  
+action_result.data.\*.userStateChangedOn | string |  |  
+action_result.data.\*.userType | string |  |   Member 
+action_result.summary.num_users | numeric |  |   8 
+action_result.summary.result_found | boolean |  |   True  False 
+action_result.summary.total_results | numeric |  |   7 
+action_result.message | string |  |   Successfully listed users 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'reset password'
+Reset or set a user's password in a Microsoft AD environment
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID to change password - can be user principal name or object ID | string |  `user id` 
+**force_change** |  optional  | Force user to change password on next login | boolean | 
+**temp_password** |  required  | Temporary password for user | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.force_change | boolean |  |   True  False 
+action_result.parameter.temp_password | string |  |   Temp_PA$$w0rd 
+action_result.parameter.user_id | string |  `user id`  |   ee3dc4f2-70f9-446f-a19e-6b4e95ba030d  user@test.com 
+action_result.data | string |  |  
+action_result.summary.status | string |  |   Successfully reset user password 
+action_result.message | string |  |   Status: Successfully reset user password 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'disable tokens'
+Invalidate all active refresh tokens for a user in a Microsoft AD environment
+
+Type: **contain**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID to disable tokens of - can be user principal name or object ID | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.user_id | string |  `user id`  |   ee3dc4f2-70f9-446f-a19e-6b4e95ba030d  user@test.com 
+action_result.data | string |  |  
+action_result.data.\*.@odata.context | string |  |   https://graph.test.com/v1.0/$metadata#Edm.Boolean 
+action_result.data.\*.odata.metadata | string |  `url`  |   https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#Edm.Null 
+action_result.data.\*.odata.null | boolean |  |   True  False 
+action_result.data.\*.value | boolean |  |   True  False 
+action_result.summary.status | string |  |   Successfully disabled tokens 
+action_result.message | string |  |   Successfully invalidated tokens  Status: Successfully disabled tokens 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'enable user'
+Enable a user
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID to enable - can be user principal name or object ID | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data | string |  |  
+action_result.summary.status | string |  |   Successfully enabled user user@test.com 
+action_result.message | string |  |   Status: Successfully enabled user user@test.com 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'disable user'
+Disable a user
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID to disable - can be user principal name or object ID | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data | string |  |  
+action_result.summary.status | string |  |   Successfully disabled user user@test.com 
+action_result.message | string |  |   Status: Successfully disabled user user@test.com 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list user devices'
+List devices for a specified user
+
+Type: **investigate**  
+Read only: **True**
+
+By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string parameter, refer to <a href='https://docs.microsoft.com/en-us/graph/query-parameters#select-parameter' target='_blank'>this</a> documentation.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID - can be user principal name or object ID | string |  `user id` 
+**select_string** |  optional  | Select string to get additional user properties. Separate multiple values with commas | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data.\*.@odata.type | string |  |   #test.graph.device 
+action_result.data.\*.accountEnabled | boolean |  |   True  False 
+action_result.data.\*.alternativeSecurityIds.\*.identityProvider | string |  |  
+action_result.data.\*.alternativeSecurityIds.\*.key | string |  |   WAA1ADAAOQA6ADwAUwBIAEEAMQAtAFQAUAAtAFAAVQBCAEsARQBZAD4AOQA5AEEARQAwADgAOABDAEUANAA1ADgAMABCADcAQgBGAEEARQA2ADEAQQBCADYANAA3ADYANgA5ADUAOAAzAEQANABFAEYARQA5ADYAOAAyAHkAcQBSAEIANwBrAGEAMQA4AEoATAByACsAegB4AE8AYwB6AE8AYgBNAFEANQBZAEgAbgB0AFQAdgBOAG0AbgA5AEQAZQA2AFgAVQBUAGgAcwBFAD0A 
+action_result.data.\*.alternativeSecurityIds.\*.type | numeric |  |   2 
+action_result.data.\*.approximateLastSignInDateTime | string |  |   2019-09-26T03:42:15Z 
+action_result.data.\*.complianceExpirationDateTime | string |  |  
+action_result.data.\*.createdDateTime | string |  |   2019-09-26T03:42:15Z 
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.deviceCategory | string |  |  
+action_result.data.\*.deviceId | string |  |  
+action_result.data.\*.deviceMetadata | string |  |  
+action_result.data.\*.deviceOwnership | string |  |  
+action_result.data.\*.deviceVersion | numeric |  |  
+action_result.data.\*.displayName | string |  |  
+action_result.data.\*.domainName | string |  |  
+action_result.data.\*.enrollmentProfileName | string |  |  
+action_result.data.\*.enrollmentType | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute1 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute10 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute11 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute12 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute13 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute14 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute15 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute2 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute3 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute4 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute5 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute6 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute7 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute8 | string |  |  
+action_result.data.\*.extensionAttributes.extensionAttribute9 | string |  |  
+action_result.data.\*.externalSourceName | string |  |  
+action_result.data.\*.id | string |  |  
+action_result.data.\*.isCompliant | boolean |  |  
+action_result.data.\*.isManaged | boolean |  |  
+action_result.data.\*.isRooted | string |  |  
+action_result.data.\*.managementType | string |  |  
+action_result.data.\*.manufacturer | string |  |  
+action_result.data.\*.mdmAppId | string |  |  
+action_result.data.\*.model | string |  |  
+action_result.data.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.onPremisesSyncEnabled | boolean |  |  
+action_result.data.\*.operatingSystem | string |  |   Windows 
+action_result.data.\*.operatingSystemVersion | string |  |   10.0.18362.0 
+action_result.data.\*.profileType | string |  |   RegisteredDevice 
+action_result.data.\*.registrationDateTime | string |  |   2019-09-26T03:42:15Z 
+action_result.data.\*.sourceType | string |  |  
+action_result.data.\*.trustType | string |  |   Workplace 
+action_result.summary | string |  |  
+action_result.summary.status | string |  |   Successfully retrieved owned devices for user test@user.test.com 
+action_result.message | string |  |   Status: Successfully retrieved owned devices for user test@user.test.com 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list user attributes'
+List attributes for all or a specified user
+
+Type: **investigate**  
+Read only: **True**
+
+By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  optional  | User ID - can be user principal name or object ID | string |  `user id` 
+**select_string** |  optional  | Select string to get additional user properties. Separate multiple values with commas | string | 
+**expand_string** |  optional  | Expand string to get a resource or collection referenced by a single relationship | string | 
+**use_advanced_query** |  optional  | Use advanced query capabilities | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.expand_string | string |  |   manager 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.use_advanced_query | boolean |  |   True  False 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data.\*.@odata.context | string |  |   https://graph.test.com/v1.0/$metadata#users/$entity 
+action_result.data.\*.accountEnabled | boolean |  |   True  False 
+action_result.data.\*.ageGroup | string |  |  
+action_result.data.\*.assignedLicenses.\*.skuId | string |  |   f30db892-07e9-47e9-837c-80727f46fd3d 
+action_result.data.\*.assignedPlans.\*.assignedTimestamp | string |  |   2019-04-26T07:21:18Z 
+action_result.data.\*.assignedPlans.\*.capabilityStatus | string |  |   Enabled 
+action_result.data.\*.assignedPlans.\*.service | string |  |   exchange 
+action_result.data.\*.assignedPlans.\*.servicePlanId | string |  |   33c4f319-9bdd-48d6-9c4d-410b750a4a5a 
+action_result.data.\*.city | string |  |  
+action_result.data.\*.companyName | string |  |  
+action_result.data.\*.consentProvidedForMinor | string |  |  
+action_result.data.\*.country | string |  |  
+action_result.data.\*.createdDateTime | string |  |   2019-05-02T20:27:59Z 
+action_result.data.\*.creationType | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.department | string |  |   Sales 
+action_result.data.\*.dirSyncEnabled | string |  |  
+action_result.data.\*.displayName | string |  |   Test User 
+action_result.data.\*.employeeId | string |  |  
+action_result.data.\*.facsimileTelephoneNumber | string |  |  
+action_result.data.\*.givenName | string |  |  
+action_result.data.\*.id | string |  `user id`  |   7d55d7e6-cf5a-4dd2-a176-57a3c33b7fa9 
+action_result.data.\*.identities.\*.issuer | string |  |   test.com 
+action_result.data.\*.identities.\*.issuerAssignedId | string |  |   test2@user.test.com 
+action_result.data.\*.identities.\*.signInType | string |  |   userPrincipalName 
+action_result.data.\*.immutableId | string |  |  
+action_result.data.\*.isCompromised | string |  |  
+action_result.data.\*.jobTitle | string |  |  
+action_result.data.\*.lastDirSyncTime | string |  |  
+action_result.data.\*.legalAgeGroupClassification | string |  |  
+action_result.data.\*.mail | string |  `email`  |  
+action_result.data.\*.mailNickname | string |  |   test 
+action_result.data.\*.mobile | string |  |  
+action_result.data.\*.mobilePhone | string |  |  
+action_result.data.\*.objectId | string |  |   59f51194-1998-4932-a8ac-468e59374edc 
+action_result.data.\*.objectType | string |  |   User 
+action_result.data.\*.odata.metadata | string |  |   https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.User 
+action_result.data.\*.officeLocation | string |  |  
+action_result.data.\*.onPremisesDistinguishedName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.otherMails | string |  `email`  |   user@test.com 
+action_result.data.\*.passwordPolicies | string |  |  
+action_result.data.\*.passwordProfile | string |  |  
+action_result.data.\*.passwordProfile.enforceChangePasswordPolicy | boolean |  |   True  False 
+action_result.data.\*.passwordProfile.forceChangePasswordNextLogin | boolean |  |   True  False 
+action_result.data.\*.passwordProfile.password | string |  |  
+action_result.data.\*.physicalDeliveryOfficeName | string |  |  
+action_result.data.\*.postalCode | string |  |  
+action_result.data.\*.preferredLanguage | string |  |  
+action_result.data.\*.provisionedPlans.\*.capabilityStatus | string |  |   Enabled 
+action_result.data.\*.provisionedPlans.\*.provisioningStatus | string |  |   Success 
+action_result.data.\*.provisionedPlans.\*.service | string |  |   exchange 
+action_result.data.\*.proxyAddresses | string |  |   SMTP:test_shared_mailbox@test.com 
+action_result.data.\*.refreshTokensValidFromDateTime | string |  |   2019-05-16T19:54:18Z 
+action_result.data.\*.showInAddressList | string |  |  
+action_result.data.\*.sipProxyAddress | string |  `email`  |  
+action_result.data.\*.state | string |  |  
+action_result.data.\*.streetAddress | string |  |  
+action_result.data.\*.surname | string |  |  
+action_result.data.\*.telephoneNumber | string |  |  
+action_result.data.\*.thumbnailPhoto@odata.mediaEditLink | string |  |   directoryObjects/59f12345-1998-4932-a8ac-468e59374edc/test.DirectoryServices.User/thumbnailPhoto 
+action_result.data.\*.usageLocation | string |  |   US 
+action_result.data.\*.userPrincipalName | string |  `user id`  |   user@test.com 
+action_result.data.\*.userState | string |  |  
+action_result.data.\*.userStateChangedOn | string |  |  
+action_result.data.\*.userType | string |  |   Member 
+action_result.summary.status | string |  |   Successfully retrieved user attributes  Successfully retrieved attributes for user user@test.com 
+action_result.message | string |  |   Status: Successfully retrieved user attributes  Status: Successfully retrieved attributes for user user@test.com, User enabled: False 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'set user attribute'
+Set an attribute for a user
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**user_id** |  required  | User ID - can be user principal name or object ID | string |  `user id` 
+**attribute** |  required  | Attribute to set | string | 
+**attribute_value** |  required  | Value of attribute to set | string | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.attribute | string |  |   department 
+action_result.parameter.attribute_value | string |  |   Sales 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data | string |  |  
+action_result.data.\*.classification | string |  |  
+action_result.data.\*.createdDateTime | string |  |   2021-03-25T18:40:53Z 
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.description | string |  |   This is for testing purpose 
+action_result.data.\*.dirSyncEnabled | string |  |  
+action_result.data.\*.displayName | string |  |   Test-site 
+action_result.data.\*.expirationDateTime | string |  |  
+action_result.data.\*.id | string |  `user id`  |   2a201c95-101b-42d9-a7af-9a2fdf8193f1 
+action_result.data.\*.isAssignableToRole | string |  |  
+action_result.data.\*.lastDirSyncTime | string |  |  
+action_result.data.\*.mail | string |  `email`  |   Test-site@test.com 
+action_result.data.\*.mailEnabled | boolean |  |   True  False 
+action_result.data.\*.mailNickname | string |  |   Test-site 
+action_result.data.\*.membershipRule | string |  |  
+action_result.data.\*.membershipRuleProcessingState | string |  |  
+action_result.data.\*.objectType | string |  |   Group 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.Group 
+action_result.data.\*.onPremisesDomainName | string |  `domain`  |  
+action_result.data.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.onPremisesNetBiosName | string |  |  
+action_result.data.\*.onPremisesSamAccountName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.onPremisesSyncEnabled | string |  |  
+action_result.data.\*.preferredDataLocation | string |  |  
+action_result.data.\*.preferredLanguage | string |  |  
+action_result.data.\*.proxyAddresses | string |  |   SMTP:test-h@test.com 
+action_result.data.\*.renewedDateTime | string |  |   2021-03-25T18:40:53Z 
+action_result.data.\*.securityEnabled | boolean |  |   True  False 
+action_result.data.\*.securityIdentifier | string |  |   S-1-12-1-294681889-1319597617-672379543-28952017 
+action_result.data.\*.theme | string |  |  
+action_result.data.\*.visibility | string |  |   Private 
+action_result.summary.status | string |  |   Successfully enabled user user@test.com 
+action_result.message | string |  |   Status: Successfully enabled user user@test.com 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'remove user'
+Remove a user from a specified group
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**group_object_id** |  required  | Object ID of group | string |  `group object id` 
+**user_id** |  required  | User ID to remove from group | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.group_object_id | string |  `group object id`  |   ddb876b3-603a-437b-9814-2d46a2219a1e 
+action_result.parameter.user_id | string |  `user id`  |   17be76d0-35ed-4881-ab62-d2eb73c2ebe3 
+action_result.data | string |  |  
+action_result.summary.status | string |  |   Successfully removed user from group  User not in group 
+action_result.message | string |  |   Status: Successfully removed user from group  Status: User not in group 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'add user'
+Add a user to a specified group
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**group_object_id** |  required  | Object ID of group | string |  `group object id` 
+**user_id** |  required  | User ID to add to group | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.group_object_id | string |  `group object id`  |   ddb876b3-603a-437b-9814-2d46a2219a1e 
+action_result.parameter.user_id | string |  `user id`  |   17be76d0-35ed-4881-ab62-d2eb73c2ebe3 
+action_result.data | string |  |  
+action_result.summary.status | string |  |   Successfully added user to group  User already in group 
+action_result.message | string |  |   Status: Successfully added user to group  Status: User already in group 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list groups'
+List groups in the organization
+
+Type: **investigate**  
+Read only: **True**
+
+By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**filter_string** |  optional  | Filter string to apply to group listing | string | 
+**select_string** |  optional  | Select string to get additional group properties. Separate multiple values with commas | string | 
+**expand_string** |  optional  | Expand string to get a resource or collection referenced by a single relationship | string | 
+**use_advanced_query** |  optional  | Use advanced query capabilities | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.expand_string | string |  |   members 
+action_result.parameter.filter_string | string |  |   createdDateTime ge '2014-01-01T00:00:00Z' 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.use_advanced_query | boolean |  |   True  False 
+action_result.data.\*.classification | string |  |  
+action_result.data.\*.createdDateTime | string |  |   2021-03-25T18:40:53Z 
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.description | string |  |   This is for testing purpose 
+action_result.data.\*.dirSyncEnabled | string |  |  
+action_result.data.\*.displayName | string |  |   Test-site 
+action_result.data.\*.expirationDateTime | string |  |  
+action_result.data.\*.id | string |  `group object id`  |   2a201c95-101b-42d9-a7af-9a2fdf8193f1 
+action_result.data.\*.isAssignableToRole | string |  |  
+action_result.data.\*.lastDirSyncTime | string |  |  
+action_result.data.\*.mail | string |  `email`  |   Test-site@test.com 
+action_result.data.\*.mailEnabled | boolean |  |   True  False 
+action_result.data.\*.mailNickname | string |  |   Test-site 
+action_result.data.\*.membershipRule | string |  |  
+action_result.data.\*.membershipRuleProcessingState | string |  |  
+action_result.data.\*.objectType | string |  |   Group 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.Group 
+action_result.data.\*.onPremisesDomainName | string |  `domain`  |  
+action_result.data.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.onPremisesNetBiosName | string |  |  
+action_result.data.\*.onPremisesSamAccountName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.onPremisesSyncEnabled | string |  |  
+action_result.data.\*.preferredDataLocation | string |  |  
+action_result.data.\*.preferredLanguage | string |  |  
+action_result.data.\*.proxyAddresses | string |  |   SMTP:test-h@test.com 
+action_result.data.\*.renewedDateTime | string |  |   2021-03-25T18:40:53Z 
+action_result.data.\*.securityEnabled | boolean |  |   True  False 
+action_result.data.\*.securityIdentifier | string |  |   S-1-12-1-294681889-1319597617-672379543-28952017 
+action_result.data.\*.theme | string |  |  
+action_result.data.\*.visibility | string |  |   Private 
+action_result.summary.num_groups | numeric |  |   7 
+action_result.message | string |  |   Num groups: 7 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'get group'
+Get information about a group
+
+Type: **investigate**  
+Read only: **True**
+
+By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**object_id** |  required  | Object ID of group | string |  `group object id` 
+**select_string** |  optional  | Select string to get additional group properties. Separate multiple values with commas | string | 
+**expand_string** |  optional  | Expand string to get a resource or collection referenced by a single relationship | string | 
+**use_advanced_query** |  optional  | Use advanced query capabilities | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.expand_string | string |  |   members 
+action_result.parameter.object_id | string |  `group object id`  |   ddb876b3-603a-437b-9814-2d46a2219a1e 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.use_advanced_query | boolean |  |   True  False 
+action_result.data.\*.@odata.context | string |  |   https://graph.test.com/v1.0/$metadata#groups(id,displayName)/$entity 
+action_result.data.\*.classification | string |  |  
+action_result.data.\*.createdDateTime | string |  |   2020-08-05T11:59:49Z 
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.description | string |  |   This is the office 365 group 
+action_result.data.\*.dirSyncEnabled | string |  |  
+action_result.data.\*.displayName | string |  |   o365group 
+action_result.data.\*.expirationDateTime | string |  |  
+action_result.data.\*.id | string |  `group object id`  |   ddb876b3-603a-437b-9814-2d46a2219a1e 
+action_result.data.\*.isAssignableToRole | string |  |  
+action_result.data.\*.lastDirSyncTime | string |  |  
+action_result.data.\*.mail | string |  `email`  |   bc7f9cabe@test.com 
+action_result.data.\*.mailEnabled | boolean |  |   True  False 
+action_result.data.\*.mailNickname | string |  |   bc7f9cabe 
+action_result.data.\*.membershipRule | string |  |  
+action_result.data.\*.membershipRuleProcessingState | string |  |  
+action_result.data.\*.objectType | string |  |   Group 
+action_result.data.\*.odata.metadata | string |  |   https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.Group 
+action_result.data.\*.onPremisesDomainName | string |  `domain`  |  
+action_result.data.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.onPremisesNetBiosName | string |  |  
+action_result.data.\*.onPremisesSamAccountName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.onPremisesSyncEnabled | string |  |  
+action_result.data.\*.preferredDataLocation | string |  |  
+action_result.data.\*.preferredLanguage | string |  |  
+action_result.data.\*.proxyAddresses | string |  |   SMTP:bc7f9cabe@test.com 
+action_result.data.\*.renewedDateTime | string |  |   2020-08-05T11:59:49Z 
+action_result.data.\*.securityEnabled | boolean |  |   True  False 
+action_result.data.\*.securityIdentifier | string |  |   S-1-12-1-909260723-1083662375-1952945031-2402852259 
+action_result.data.\*.theme | string |  |  
+action_result.data.\*.visibility | string |  |  
+action_result.summary.display_name | string |  |   o365group 
+action_result.summary.status | string |  |   Successfully retrieved group 104d4576-1544-48b5-bb7e-9f8f871aa824 
+action_result.message | string |  |   Display name: o365group 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list group members'
+List the members in a group
+
+Type: **investigate**  
+Read only: **True**
+
+By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**group_object_id** |  required  | Object ID of group | string |  `group object id` 
+**select_string** |  optional  | Select string to get additional properties. Separate multiple values with commas | string | 
+**expand_string** |  optional  | Expand string to get a resource or collection referenced by a single relationship | string | 
+**use_advanced_query** |  optional  | Use advanced query capabilities | boolean | 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.expand_string | string |  |   manager 
+action_result.parameter.group_object_id | string |  `group object id`  |   ebcd3130-55a1-4cbf-81b2-86408ff21203 
+action_result.parameter.select_string | string |  |   displayName 
+action_result.parameter.use_advanced_query | boolean |  |   True  False 
+action_result.data.\*.@odata.type | string |  |   #test.graph.user 
+action_result.data.\*.accountEnabled | boolean |  |   True 
+action_result.data.\*.ageGroup | string |  |  
+action_result.data.\*.assignedLicenses.\*.skuId | string |  |   189a915c-fe4f-4ffa-bde4-85b9628d07a0 
+action_result.data.\*.assignedPlans.\*.assignedDateTime | string |  |   2022-11-03T15:12:28Z 
+action_result.data.\*.assignedPlans.\*.capabilityStatus | string |  |   Deleted 
+action_result.data.\*.assignedPlans.\*.service | string |  |   AADPremiumService 
+action_result.data.\*.assignedPlans.\*.servicePlanId | string |  |   eec0eb4f-6444-4f95-aba0-50c24d67f998 
+action_result.data.\*.city | string |  |   Palo Alto 
+action_result.data.\*.companyName | string |  |  
+action_result.data.\*.consentProvidedForMinor | string |  |  
+action_result.data.\*.country | string |  |   US 
+action_result.data.\*.createdDateTime | string |  |   2016-06-09T18:33:27Z 
+action_result.data.\*.creationType | string |  |  
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.department | string |  |  
+action_result.data.\*.displayName | string |  |   Firstname Lastname 
+action_result.data.\*.employeeHireDate | string |  |  
+action_result.data.\*.employeeId | string |  |  
+action_result.data.\*.employeeOrgData | string |  |  
+action_result.data.\*.employeeType | string |  |  
+action_result.data.\*.externalUserState | string |  |  
+action_result.data.\*.externalUserStateChangeDateTime | string |  |  
+action_result.data.\*.faxNumber | string |  |  
+action_result.data.\*.givenName | string |  |  
+action_result.data.\*.id | string |  `user id`  |   17be76d0-35ed-4881-ab62-d2eb73c2ebe3 
+action_result.data.\*.identities.\*.issuer | string |  |   test.com 
+action_result.data.\*.identities.\*.issuerAssignedId | string |  |   test@user.test.com 
+action_result.data.\*.identities.\*.signInType | string |  |   userPrincipalName 
+action_result.data.\*.isResourceAccount | string |  |  
+action_result.data.\*.jobTitle | string |  |  
+action_result.data.\*.legalAgeGroupClassification | string |  |  
+action_result.data.\*.mail | string |  |  
+action_result.data.\*.mailNickname | string |  |   User 
+action_result.data.\*.mobilePhone | string |  |  
+action_result.data.\*.officeLocation | string |  |  
+action_result.data.\*.onPremisesDistinguishedName | string |  |  
+action_result.data.\*.onPremisesDomainName | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute1 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute10 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute11 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute12 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute13 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute14 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute15 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute2 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute3 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute4 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute5 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute6 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute7 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute8 | string |  |  
+action_result.data.\*.onPremisesExtensionAttributes.extensionAttribute9 | string |  |  
+action_result.data.\*.onPremisesImmutableId | string |  |  
+action_result.data.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.onPremisesSamAccountName | string |  |  
+action_result.data.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.onPremisesSyncEnabled | string |  |  
+action_result.data.\*.onPremisesUserPrincipalName | string |  |  
+action_result.data.\*.passwordPolicies | string |  |  
+action_result.data.\*.passwordProfile | string |  |  
+action_result.data.\*.postalCode | string |  |   94303 
+action_result.data.\*.preferredDataLocation | string |  |  
+action_result.data.\*.preferredLanguage | string |  |  
+action_result.data.\*.provisionedPlans.\*.capabilityStatus | string |  |   Enabled 
+action_result.data.\*.provisionedPlans.\*.provisioningStatus | string |  |   Success 
+action_result.data.\*.provisionedPlans.\*.service | string |  |   testCommunicationsOnline 
+action_result.data.\*.refreshTokensValidFromDateTime | string |  |   2022-08-08T13:00:58Z 
+action_result.data.\*.showInAddressList | string |  |  
+action_result.data.\*.signInSessionsValidFromDateTime | string |  |   2022-08-08T13:00:58Z 
+action_result.data.\*.state | string |  |   CA 
+action_result.data.\*.streetAddress | string |  |   2479 E. Bayshore Rd. 
+action_result.data.\*.surname | string |  |  
+action_result.data.\*.usageLocation | string |  |   US 
+action_result.data.\*.userPrincipalName | string |  |   ews_retest@test.com 
+action_result.data.\*.userType | string |  |   Member 
+action_result.summary.num_members | numeric |  `user id`  |   3 
+action_result.summary.num_users | numeric |  |   3 
+action_result.message | string |  |   Num members: 3 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'validate group'
+Returns true if a user is in a group; otherwise, false
+
+Type: **investigate**  
+Read only: **True**
+
+#### Action Parameters
+PARAMETER | REQUIRED | DESCRIPTION | TYPE | CONTAINS
+--------- | -------- | ----------- | ---- | --------
+**group_object_id** |  required  | Object ID of group | string |  `group object id` 
+**user_id** |  required  | User ID to validate | string |  `user id` 
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.parameter.group_object_id | string |  `group object id`  |   ebcd3130-55a1-4cbf-81b2-86408ff21203 
+action_result.parameter.user_id | string |  `user id`  |   user@test.com 
+action_result.data.\*.@odata.context | string |  |   https://graph.test.com/v1.0/$metadata#directoryObjects 
+action_result.data.\*.user_in_group | string |  |  
+action_result.data.\*.value.\*.@odata.type | string |  |   #test.graph.group 
+action_result.data.\*.value.\*.classification | string |  |  
+action_result.data.\*.value.\*.createdDateTime | string |  |   2022-02-25T12:05:22Z 
+action_result.data.\*.value.\*.deletedDateTime | string |  |  
+action_result.data.\*.value.\*.description | string |  |   Test group for MSGraph 
+action_result.data.\*.value.\*.displayName | string |  |   Test group for MSGraph 
+action_result.data.\*.value.\*.expirationDateTime | string |  |  
+action_result.data.\*.value.\*.id | string |  `user id`  |   49233413-24c6-4516-a9e1-4d5f87fe34fd 
+action_result.data.\*.value.\*.isAssignableToRole | string |  |  
+action_result.data.\*.value.\*.mail | string |  |   test@user.test.com 
+action_result.data.\*.value.\*.mailEnabled | boolean |  |   True 
+action_result.data.\*.value.\*.mailNickname | string |  |   TestgroupforMSGraph 
+action_result.data.\*.value.\*.membershipRule | string |  |  
+action_result.data.\*.value.\*.membershipRuleProcessingState | string |  |  
+action_result.data.\*.value.\*.onPremisesDomainName | string |  |  
+action_result.data.\*.value.\*.onPremisesLastSyncDateTime | string |  |  
+action_result.data.\*.value.\*.onPremisesNetBiosName | string |  |  
+action_result.data.\*.value.\*.onPremisesSamAccountName | string |  |  
+action_result.data.\*.value.\*.onPremisesSecurityIdentifier | string |  |  
+action_result.data.\*.value.\*.onPremisesSyncEnabled | string |  |  
+action_result.data.\*.value.\*.preferredDataLocation | string |  |  
+action_result.data.\*.value.\*.preferredLanguage | string |  |  
+action_result.data.\*.value.\*.renewedDateTime | string |  |   2022-02-25T12:05:22Z 
+action_result.data.\*.value.\*.securityEnabled | boolean |  |   True 
+action_result.data.\*.value.\*.securityIdentifier | string |  |   S-1-12-1-1227043859-1159079110-1598939561-4248108679 
+action_result.data.\*.value.\*.theme | string |  |  
+action_result.data.\*.value.\*.visibility | string |  |   Private 
+action_result.summary.message | string |  |   User is member of group 
+action_result.summary.user_in_group | string |  |  
+action_result.message | string |  |   User in group: True 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'list directory roles'
+List the directory roles that are activated in the tenant
+
+Type: **investigate**  
+Read only: **True**
+
+<p>Pagination is not implemented for this action as this endpoint does not support pagination. Here is the <b><a href='https://docs.microsoft.com/en-us/graph/paging' target='_blank'>Documentation</a></b> for the same.</p>
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data.\*.deletedDateTime | string |  |  
+action_result.data.\*.deletionTimestamp | string |  |  
+action_result.data.\*.description | string |  |   Can read basic directory information. For granting access to applications, not intended for users. 
+action_result.data.\*.displayName | string |  |   Directory Readers 
+action_result.data.\*.id | string |  `directory object id`  |   02b238cb-0d15-454b-aae6-0e94993a3207 
+action_result.data.\*.isSystem | boolean |  |   True  False 
+action_result.data.\*.objectType | string |  |   Role 
+action_result.data.\*.odata.type | string |  |   test.DirectoryServices.DirectoryRole 
+action_result.data.\*.roleTemplateId | string |  `role template id`  |   88d8e3e3-8f55-4a1e-953a-9b9898b8876b 
+action_result.summary.num_directory_roles | numeric |  |   9 
+action_result.message | string |  |   Num directory roles: 9 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1   
+
+## action: 'generate token'
+Generate a token
+
+Type: **generic**  
+Read only: **False**
+
+#### Action Parameters
+No parameters are required for this action
+
+#### Action Output
+DATA PATH | TYPE | CONTAINS | EXAMPLE VALUES
+--------- | ---- | -------- | --------------
+action_result.status | string |  |   success  failed 
+action_result.data | string |  |  
+action_result.summary | string |  |  
+action_result.message | string |  |   Token generated 
+summary.total_objects | numeric |  |   1 
+summary.total_objects_successful | numeric |  |   1 
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/__init__.py b/deployment-apps/msadgraph/__init__.py
new file mode 100644
index 0000000..1cad73c
--- /dev/null
+++ b/deployment-apps/msadgraph/__init__.py
@@ -0,0 +1,14 @@
+# File: __init__.py
+#
+# Copyright (c) 2022-2023 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
diff --git a/deployment-apps/msadgraph/logo_msadgraph.svg b/deployment-apps/msadgraph/logo_msadgraph.svg
new file mode 100644
index 0000000..e21db8b
--- /dev/null
+++ b/deployment-apps/msadgraph/logo_msadgraph.svg
@@ -0,0 +1 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 609 130" width="609px" height="130px" enable-background="new 0 0 609 130"><title>Microsoft Logo</title><g><g fill="#737373"><path d="M213.2 74.3l-3.6 10.2h-.3c-.6-2.3-1.7-5.8-3.5-10l-19.3-48.5h-18.9v77.3h12.5v-47.7c0-3 0-6.4-.1-10.6-.1-2.1-.3-3.7-.4-4.9h.3c.6 3 1.3 5.2 1.8 6.6l23.2 56.4h8.8l23-56.9c.5-1.3 1-3.9 1.5-6.1h.3c-.3 5.7-.5 10.8-.6 13.9v49h13.3v-77.2h-18.2l-19.8 48.5zM263.8 47.6h13v55.4h-13zM270.4 24.2c-2.2 0-4 .8-5.5 2.2-1.5 1.4-2.3 3.2-2.3 5.4 0 2.1.8 3.9 2.3 5.3 1.5 1.4 3.3 2.1 5.5 2.1s4.1-.8 5.5-2.1c1.5-1.4 2.3-3.2 2.3-5.3s-.8-3.9-2.3-5.4c-1.3-1.4-3.2-2.2-5.5-2.2M322.9 47.1c-2.4-.5-4.9-.8-7.3-.8-5.9 0-11.3 1.3-15.8 3.9-4.5 2.6-8.1 6.2-10.4 10.7-2.4 4.6-3.6 9.9-3.6 16 0 5.3 1.2 10 3.5 14.3 2.3 4.2 5.5 7.6 9.8 9.9 4.1 2.3 8.9 3.5 14.3 3.5 6.2 0 11.5-1.3 15.7-3.7l.1-.1v-12l-.5.4c-1.9 1.4-4.1 2.6-6.3 3.3-2.3.8-4.4 1.2-6.2 1.2-5.2 0-9.3-1.5-12.2-4.8-3-3.2-4.5-7.6-4.5-13.1 0-5.7 1.5-10.2 4.6-13.5 3.1-3.3 7.2-5 12.2-5 4.2 0 8.5 1.4 12.4 4.2l.5.4v-12.7l-.1-.1c-1.7-.7-3.6-1.5-6.2-2M365.8 46.7c-3.2 0-6.2 1-8.8 3.1-2.2 1.8-3.7 4.4-5 7.5h-.1v-9.7h-13v55.4h13v-28.3c0-4.8 1-8.8 3.2-11.7 2.2-3 5-4.5 8.4-4.5 1.2 0 2.4.3 3.9.5 1.4.4 2.4.8 3.1 1.3l.5.4v-13l-.3-.1c-.9-.6-2.7-.9-4.9-.9M401.2 46.4c-9.1 0-16.4 2.7-21.5 8-5.2 5.3-7.7 12.6-7.7 21.8 0 8.6 2.6 15.6 7.6 20.7 5 5 11.8 7.6 20.3 7.6 8.9 0 16-2.7 21.1-8.1 5.2-5.4 7.7-12.6 7.7-21.5 0-8.8-2.4-15.8-7.3-20.9-4.7-5.1-11.6-7.6-20.2-7.6m10.4 42.6c-2.4 3.1-6.2 4.6-10.9 4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3 0-5.9 1.4-10.4 4-13.6 2.7-3.2 6.4-4.8 11.1-4.8 4.6 0 8.2 1.5 10.8 4.6 2.6 3.1 4 7.6 4 13.5-.2 6-1.3 10.7-3.8 13.8M457.7 70.6c-4.1-1.7-6.7-3-7.9-4.1-1-1-1.5-2.4-1.5-4.2 0-1.5.6-3 2.1-4s3.2-1.5 5.7-1.5c2.2 0 4.5.4 6.7 1s4.2 1.5 5.8 2.7l.5.4v-12.2l-.3-.1c-1.5-.6-3.5-1.2-5.9-1.7-2.4-.4-4.6-.6-6.4-.6-6.2 0-11.3 1.5-15.3 4.8-4 3.1-5.9 7.3-5.9 12.2 0 2.6.4 4.9 1.3 6.8.9 1.9 2.2 3.7 4 5.2 1.8 1.4 4.4 3 8 4.5 3 1.3 5.3 2.3 6.7 3.1 1.4.8 2.3 1.7 3 2.4.5.8.8 1.8.8 3.1 0 3.7-2.8 5.5-8.5 5.5-2.2 0-4.5-.4-7.2-1.3s-5.2-2.2-7.3-3.7l-.5-.4v12.7l.3.1c1.9.9 4.2 1.5 7 2.2 2.8.5 5.3.9 7.5.9 6.7 0 12.2-1.5 16.1-4.8 4-3.2 6.1-7.3 6.1-12.6 0-3.7-1-7-3.2-9.5-2.9-2.4-6.5-4.9-11.7-6.9M506.9 46.4c-9.1 0-16.4 2.7-21.5 8s-7.7 12.6-7.7 21.8c0 8.6 2.6 15.6 7.6 20.7 5 5 11.8 7.6 20.3 7.6 8.9 0 16-2.7 21.1-8.1 5.2-5.4 7.7-12.6 7.7-21.5 0-8.8-2.4-15.8-7.3-20.9-4.7-5.1-11.6-7.6-20.2-7.6m10.3 42.6c-2.4 3.1-6.2 4.6-10.9 4.6-4.8 0-8.5-1.5-11.2-4.8-2.7-3.1-4-7.6-4-13.3 0-5.9 1.4-10.4 4-13.6 2.7-3.2 6.4-4.8 11.1-4.8 4.5 0 8.2 1.5 10.8 4.6 2.6 3.1 4 7.6 4 13.5 0 6-1.3 10.7-3.8 13.8"/><path d="M603.9 58.3v-10.7h-13.1v-16.4l-.4.1-12.4 3.7-.3.1v12.5h-19.6v-7c0-3.2.8-5.7 2.2-7.3s3.5-2.4 6.1-2.4c1.8 0 3.7.4 5.8 1.3l.5.3v-11.3l-.3-.1c-1.8-.6-4.2-1-7.3-1-3.9 0-7.3.9-10.4 2.4-3.1 1.7-5.4 4-7.1 7.1-1.7 3-2.6 6.4-2.6 10.3v7.7h-9.1v10.6h9.1v44.8h13.1v-44.7h19.6v28.5c0 11.7 5.5 17.6 16.5 17.6 1.8 0 3.7-.3 5.5-.6 1.9-.4 3.3-.9 4.1-1.3l.1-.1v-10.7l-.5.4c-.8.5-1.5.9-2.7 1.2-1 .3-1.9.4-2.6.4-2.6 0-4.4-.6-5.7-2.1-1.2-1.4-1.8-3.7-1.8-7.1v-26.2h13.3z"/></g><path fill="#F25022" d="M0 0h61.3v61.3h-61.3z"/><path fill="#7FBA00" d="M67.7 0h61.3v61.3h-61.3z"/><path fill="#00A4EF" d="M0 67.7h61.3v61.3h-61.3z"/><path fill="#FFB900" d="M67.7 67.7h61.3v61.3h-61.3z"/></g></svg>
diff --git a/deployment-apps/msadgraph/logo_msadgraph_dark.svg b/deployment-apps/msadgraph/logo_msadgraph_dark.svg
new file mode 100644
index 0000000..9c2c2db
--- /dev/null
+++ b/deployment-apps/msadgraph/logo_msadgraph_dark.svg
@@ -0,0 +1 @@
+<svg id="Layer_1" data-name="Layer 1" xmlns="http://www.w3.org/2000/svg" viewBox="0 0 609 130" width="609px" height="130px"><defs><style>.cls-1{fill:#fff;}</style></defs><title>Artboard 1</title><path class="cls-1" d="M213.2,74.3l-3.6,10.2h-.3a72.42,72.42,0,0,0-3.5-10L186.5,26H167.6v77.3h12.5V55.6c0-3,0-6.4-.1-10.6-.1-2.1-.3-3.7-.4-4.9h.3a46.71,46.71,0,0,0,1.8,6.6l23.2,56.4h8.8l23-56.9a60.58,60.58,0,0,0,1.5-6.1h.3c-.3,5.7-.5,10.8-.6,13.9v49h13.3V25.8H233Zm50.6-26.7h13V103h-13Zm6.6-23.4a7.79,7.79,0,0,0-5.5,2.2,7.37,7.37,0,0,0,0,10.7,7.71,7.71,0,0,0,5.5,2.1,8,8,0,0,0,5.5-2.1,7,7,0,0,0,2.3-5.3,7.41,7.41,0,0,0-2.3-5.4,7.29,7.29,0,0,0-5.5-2.2m52.5,22.9a36.26,36.26,0,0,0-7.3-.8,31.37,31.37,0,0,0-15.8,3.9,26.12,26.12,0,0,0-10.4,10.7,34,34,0,0,0-3.6,16,29.68,29.68,0,0,0,3.5,14.3,24,24,0,0,0,9.8,9.9,28.85,28.85,0,0,0,14.3,3.5,31.43,31.43,0,0,0,15.7-3.7l.1-.1v-12l-.5.4a22.35,22.35,0,0,1-6.3,3.3,19.27,19.27,0,0,1-6.2,1.2c-5.2,0-9.3-1.5-12.2-4.8s-4.5-7.6-4.5-13.1c0-5.7,1.5-10.2,4.6-13.5a16.05,16.05,0,0,1,12.2-5,21.28,21.28,0,0,1,12.4,4.2l.5.4V49.2l-.1-.1a30.15,30.15,0,0,0-6.2-2m42.9-.4a13.72,13.72,0,0,0-8.8,3.1c-2.2,1.8-3.7,4.4-5,7.5h-.1V47.6h-13V103h13V74.7c0-4.8,1-8.8,3.2-11.7a10,10,0,0,1,8.4-4.5,32.07,32.07,0,0,1,3.9.5,10.26,10.26,0,0,1,3.1,1.3l.5.4v-13l-.3-.1a9.88,9.88,0,0,0-4.9-.9m35.4-.3c-9.1,0-16.4,2.7-21.5,8S372,67,372,76.2c0,8.6,2.6,15.6,7.6,20.7s11.8,7.6,20.3,7.6c8.9,0,16-2.7,21.1-8.1s7.7-12.6,7.7-21.5-2.4-15.8-7.3-20.9c-4.7-5.1-11.6-7.6-20.2-7.6M411.6,89c-2.4,3.1-6.2,4.6-10.9,4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3,0-5.9,1.4-10.4,4-13.6s6.4-4.8,11.1-4.8,8.2,1.5,10.8,4.6,4,7.6,4,13.5c-.2,6-1.3,10.7-3.8,13.8m46.1-18.4c-4.1-1.7-6.7-3-7.9-4.1a5.68,5.68,0,0,1-1.5-4.2,4.65,4.65,0,0,1,2.1-4,9.63,9.63,0,0,1,5.7-1.5,25.89,25.89,0,0,1,6.7,1,17.24,17.24,0,0,1,5.8,2.7l.5.4V48.7l-.3-.1a36.08,36.08,0,0,0-5.9-1.7,40.09,40.09,0,0,0-6.4-.6c-6.2,0-11.3,1.5-15.3,4.8a14.78,14.78,0,0,0-5.9,12.2,15.88,15.88,0,0,0,1.3,6.8,15.16,15.16,0,0,0,4,5.2,34.85,34.85,0,0,0,8,4.5c3,1.3,5.3,2.3,6.7,3.1a13.57,13.57,0,0,1,3,2.4,5.69,5.69,0,0,1,.8,3.1c0,3.7-2.8,5.5-8.5,5.5a22.44,22.44,0,0,1-7.2-1.3,27.82,27.82,0,0,1-7.3-3.7l-.5-.4v12.7l.3.1a38.79,38.79,0,0,0,7,2.2,44.65,44.65,0,0,0,7.5.9c6.7,0,12.2-1.5,16.1-4.8A15.31,15.31,0,0,0,472.6,87a14,14,0,0,0-3.2-9.5,40.55,40.55,0,0,0-11.7-6.9m49.2-24.2c-9.1,0-16.4,2.7-21.5,8s-7.7,12.6-7.7,21.8c0,8.6,2.6,15.6,7.6,20.7s11.8,7.6,20.3,7.6c8.9,0,16-2.7,21.1-8.1s7.7-12.6,7.7-21.5S532,59.1,527.1,54c-4.7-5.1-11.6-7.6-20.2-7.6M517.2,89c-2.4,3.1-6.2,4.6-10.9,4.6s-8.5-1.5-11.2-4.8c-2.7-3.1-4-7.6-4-13.3,0-5.9,1.4-10.4,4-13.6s6.4-4.8,11.1-4.8c4.5,0,8.2,1.5,10.8,4.6s4,7.6,4,13.5-1.3,10.7-3.8,13.8"/><path class="cls-1" d="M603.9,58.3V47.6H590.8V31.2l-.4.1L578,35l-.3.1V47.6H558.1v-7c0-3.2.8-5.7,2.2-7.3a7.76,7.76,0,0,1,6.1-2.4,14.59,14.59,0,0,1,5.8,1.3l.5.3V21.2l-.3-.1a25,25,0,0,0-17.7,1.4,17.34,17.34,0,0,0-7.1,7.1A20.46,20.46,0,0,0,545,39.9v7.7h-9.1V58.2H545V103h13.1V58.3h19.6V86.8c0,11.7,5.5,17.6,16.5,17.6a34.27,34.27,0,0,0,5.5-.6,18,18,0,0,0,4.1-1.3l.1-.1V91.7l-.5.4a8.45,8.45,0,0,1-2.7,1.2,9.15,9.15,0,0,1-2.6.4c-2.6,0-4.4-.6-5.7-2.1s-1.8-3.7-1.8-7.1V58.3h13.3Z"/><path class="cls-1" d="M0,0H61.3V61.3H0Z"/><path class="cls-1" d="M67.7,0H129V61.3H67.7Z"/><path class="cls-1" d="M0,67.7H61.3V129H0Z"/><path class="cls-1" d="M67.7,67.7H129V129H67.7Z"/></svg>
diff --git a/deployment-apps/msadgraph/msadgraph.json b/deployment-apps/msadgraph/msadgraph.json
new file mode 100644
index 0000000..3358b7c
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph.json
@@ -0,0 +1,3871 @@
+{
+    "appid": "f2a239df-acb2-47d6-861c-726a435cfe76",
+    "name": "MS Graph for Active Directory",
+    "description": "Connects to Microsoft Active Directory using MS Graph REST API services to support various generic and investigative actions",
+    "type": "identity management",
+    "product_vendor": "Microsoft",
+    "logo": "logo_msadgraph.svg",
+    "logo_dark": "logo_msadgraph_dark.svg",
+    "product_name": "MS Graph for Active Directory",
+    "product_version_regex": ".*",
+    "publisher": "Splunk",
+    "contributors": [
+        {
+            "name": "Mathieu A. Cormier"
+        }
+    ],
+    "license": "Copyright (c) 2022-2023 Splunk Inc.",
+    "app_version": "1.3.0",
+    "python_version": "3",
+    "utctime_updated": "2022-04-18T12:59:04.000000Z",
+    "package_name": "phantom_msadgraph",
+    "main_module": "msadgraph_connector.py",
+    "min_phantom_version": "6.0.2",
+    "fips_compliant": true,
+    "latest_tested_versions": [
+        "Cloud 2023-7-18, API Version: 1.0"
+    ],
+    "app_wizard_version": "1.0.0",
+    "rest_handler": "msadgraph_connector._handle_rest_request",
+    "configuration": {
+        "tenant_id": {
+            "description": "Tenant (Tenant ID or Tenant Name)",
+            "data_type": "string",
+            "required": true,
+            "order": 0
+        },
+        "client_id": {
+            "description": "Application ID",
+            "data_type": "string",
+            "required": true,
+            "order": 2
+        },
+        "client_secret": {
+            "description": "Client Secret",
+            "data_type": "password",
+            "required": true,
+            "order": 3
+        },
+        "region": {
+            "data_type": "string",
+            "description": "Microsoft AD Region",
+            "default": "Global",
+            "order": 1,
+            "value_list": [
+                "Global",
+                "US Gov L4",
+                "US Gov L5 (DOD)",
+                "Germany",
+                "China (21Vianet)"
+            ]
+        },
+        "admin_access_required": {
+            "description": "Admin Access Required",
+            "data_type": "boolean",
+            "default": false,
+            "order": 4
+        },
+        "admin_access_granted": {
+            "description": "Admin Consent Already Provided",
+            "data_type": "boolean",
+            "default": false,
+            "order": 5
+        }
+    },
+    "actions": [
+        {
+            "action": "test connectivity",
+            "description": "Use supplied credentials to generate a token with MS Graph",
+            "type": "test",
+            "identifier": "test_connectivity",
+            "read_only": true,
+            "parameters": {},
+            "output": [],
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list users",
+            "description": "Get a list of users",
+            "verbose": "For more information on using the filter_string, select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters. By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter.",
+            "type": "investigate",
+            "identifier": "list_users",
+            "read_only": true,
+            "parameters": {
+                "filter_string": {
+                    "description": "Filter string to apply to user listing",
+                    "data_type": "string",
+                    "order": 0
+                },
+                "select_string": {
+                    "description": "Select string to get additional user properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                },
+                "expand_string": {
+                    "description": "Expand string to get a resource or collection referenced by a single relationship",
+                    "data_type": "string",
+                    "order": 2
+                },
+                "use_advanced_query": {
+                    "description": "Use advanced query capabilities",
+                    "data_type": "boolean",
+                    "default": false,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.expand_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "manager"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.filter_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "startswith(displayName,'User')"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.use_advanced_query",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.accountEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.ageGroup",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.assignedLicenses.*.skuId",
+                    "data_type": "string",
+                    "example_values": [
+                        "189a915c-fe4f-4ffa-bde4-85b9628d07a0"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.assignedTimestamp",
+                    "data_type": "string",
+                    "example_values": [
+                        "2017-08-29T02:31:40Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Enabled"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "OfficeForms"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.servicePlanId",
+                    "data_type": "string",
+                    "example_values": [
+                        "e212cbc7-0961-4c40-9825-01117710dcb1"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.city",
+                    "data_type": "string",
+                    "example_values": [
+                        "Palo Alto"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.companyName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.consentProvidedForMinor",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.country",
+                    "data_type": "string",
+                    "example_values": [
+                        "US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-05-21T22:27:20Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.creationType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.department",
+                    "data_type": "string",
+                    "example_values": [
+                        "Sales"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.dirSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "column_name": "Display Name",
+                    "column_order": 0,
+                    "example_values": [
+                        "User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.employeeId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.facsimileTelephoneNumber",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.givenName",
+                    "data_type": "string",
+                    "example_values": [
+                        "testuser"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "column_name": "Object ID",
+                    "column_order": 1,
+                    "example_values": [
+                        "e4c722ac-3b83-478d-8f52-c388885dc30f"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.immutableId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.isCompromised",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.jobTitle",
+                    "data_type": "string",
+                    "example_values": [
+                        "Sales Manager"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.lastDirSyncTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.legalAgeGroupClassification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "testmail"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mobile",
+                    "data_type": "string",
+                    "example_values": [
+                        "+1 5556378688"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mobilePhone",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.officeLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDistinguishedName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.otherMails",
+                    "data_type": "string",
+                    "example_values": [
+                        "user.test@outlook.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordPolicies",
+                    "data_type": "string",
+                    "example_values": [
+                        "None"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.enforceChangePasswordPolicy",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.forceChangePasswordNextLogin",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.password",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.physicalDeliveryOfficeName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.postalCode",
+                    "data_type": "string",
+                    "example_values": [
+                        "94303"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string",
+                    "example_values": [
+                        "en-US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Enabled"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.provisioningStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Success"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "exchange"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.proxyAddresses",
+                    "data_type": "string",
+                    "example_values": [
+                        "SMTP:user1@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.refreshTokensValidFromDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2017-09-27T22:54:59Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.showInAddressList",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.sipProxyAddress",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.state",
+                    "data_type": "string",
+                    "example_values": [
+                        "CA"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.streetAddress",
+                    "data_type": "string",
+                    "example_values": [
+                        "2479 E. Bayshore Rd."
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.surname",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test_surname"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.telephoneNumber",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.thumbnailPhoto@odata.mediaEditLink",
+                    "data_type": "string",
+                    "example_values": [
+                        "directoryObjects/6132ca31-7a09-434f-a269-abe836d0c01e/test.DirectoryServices.User/thumbnailPhoto"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.usageLocation",
+                    "data_type": "string",
+                    "example_values": [
+                        "US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userPrincipalName",
+                    "data_type": "string",
+                    "column_name": "User Principal Name",
+                    "column_order": 2,
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.userStateChangedOn",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.userType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Member"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.num_users",
+                    "data_type": "numeric",
+                    "example_values": [
+                        8
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.result_found",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.total_results",
+                    "data_type": "numeric",
+                    "example_values": [
+                        7
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully listed users"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "List Users",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "reset password",
+            "description": "Reset or set a user's password in a Microsoft AD environment",
+            "type": "contain",
+            "identifier": "reset_password",
+            "read_only": false,
+            "parameters": {
+                "user_id": {
+                    "description": "User ID to change password - can be user principal name or object ID",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                "force_change": {
+                    "description": "Force user to change password on next login",
+                    "data_type": "boolean",
+                    "default": true,
+                    "order": 1
+                },
+                "temp_password": {
+                    "description": "Temporary password for user",
+                    "data_type": "string",
+                    "required": true,
+                    "order": 2
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.parameter.force_change",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.temp_password",
+                    "data_type": "string",
+                    "example_values": [
+                        "Temp_PA$$w0rd"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ee3dc4f2-70f9-446f-a19e-6b4e95ba030d",
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully reset user password"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully reset user password"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "width": 12,
+                "title": "User Password Reset",
+                "type": "table",
+                "height": 5
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "disable tokens",
+            "description": "Invalidate all active refresh tokens for a user in a Microsoft AD environment",
+            "type": "contain",
+            "identifier": "invalidate_tokens",
+            "read_only": false,
+            "parameters": {
+                "user_id": {
+                    "description": "User ID to disable tokens of - can be user principal name or object ID",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ee3dc4f2-70f9-446f-a19e-6b4e95ba030d",
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.context",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.test.com/v1.0/$metadata#Edm.Boolean"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.metadata",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#Edm.Null"
+                    ],
+                    "contains": [
+                        "url"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.null",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully disabled tokens"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully invalidated tokens",
+                        "Status: Successfully disabled tokens"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "width": 12,
+                "title": "Invalidate Tokens",
+                "type": "table",
+                "height": 5
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "enable user",
+            "description": "Enable a user",
+            "type": "generic",
+            "identifier": "enable_user",
+            "read_only": false,
+            "undo": "disable user",
+            "parameters": {
+                "user_id": {
+                    "description": "User ID to enable - can be user principal name or object ID",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully enabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully enabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "disable user",
+            "description": "Disable a user",
+            "type": "generic",
+            "identifier": "disable_user",
+            "read_only": false,
+            "undo": "enable user",
+            "parameters": {
+                "user_id": {
+                    "description": "User ID to disable - can be user principal name or object ID",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully disabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully disabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list user devices",
+            "description": "List devices for a specified user",
+            "verbose": "By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string parameter, refer to <a href='https://docs.microsoft.com/en-us/graph/query-parameters#select-parameter' target='_blank'>this</a> documentation.",
+            "type": "investigate",
+            "identifier": "list_user_devices",
+            "read_only": true,
+            "parameters": {
+                "user_id": {
+                    "description": "User ID - can be user principal name or object ID",
+                    "data_type": "string",
+                    "primary": true,
+                    "required": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                "select_string": {
+                    "description": "Select string to get additional user properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "#test.graph.device"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.accountEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.alternativeSecurityIds.*.identityProvider",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.alternativeSecurityIds.*.key",
+                    "data_type": "string",
+                    "example_values": [
+                        "WAA1ADAAOQA6ADwAUwBIAEEAMQAtAFQAUAAtAFAAVQBCAEsARQBZAD4AOQA5AEEARQAwADgAOABDAEUANAA1ADgAMABCADcAQgBGAEEARQA2ADEAQQBCADYANAA3ADYANgA5ADUAOAAzAEQANABFAEYARQA5ADYAOAAyAHkAcQBSAEIANwBrAGEAMQA4AEoATAByACsAegB4AE8AYwB6AE8AYgBNAFEANQBZAEgAbgB0AFQAdgBOAG0AbgA5AEQAZQA2AFgAVQBUAGgAcwBFAD0A"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.alternativeSecurityIds.*.type",
+                    "data_type": "numeric",
+                    "example_values": [
+                        2
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.approximateLastSignInDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-09-26T03:42:15Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.complianceExpirationDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-09-26T03:42:15Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deviceCategory",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deviceId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deviceMetadata",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deviceOwnership",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deviceVersion",
+                    "data_type": "numeric"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.domainName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.enrollmentProfileName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.enrollmentType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute1",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute10",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute11",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute12",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute13",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute14",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute15",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute2",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute3",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute4",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute5",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute6",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute7",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute8",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.extensionAttributes.extensionAttribute9",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.externalSourceName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.isCompliant",
+                    "data_type": "boolean"
+                },
+                {
+                    "data_path": "action_result.data.*.isManaged",
+                    "data_type": "boolean"
+                },
+                {
+                    "data_path": "action_result.data.*.isRooted",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.managementType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.manufacturer",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mdmAppId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.model",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSyncEnabled",
+                    "data_type": "boolean"
+                },
+                {
+                    "data_path": "action_result.data.*.operatingSystem",
+                    "data_type": "string",
+                    "example_values": [
+                        "Windows"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.operatingSystemVersion",
+                    "data_type": "string",
+                    "example_values": [
+                        "10.0.18362.0"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.profileType",
+                    "data_type": "string",
+                    "example_values": [
+                        "RegisteredDevice"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.registrationDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-09-26T03:42:15Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.sourceType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.trustType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Workplace"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully retrieved owned devices for user test@user.test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully retrieved owned devices for user test@user.test.com"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "Owned Devices",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list user attributes",
+            "description": "List attributes for all or a specified user",
+            "verbose": "By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.",
+            "type": "investigate",
+            "identifier": "list_user_attributes",
+            "read_only": true,
+            "parameters": {
+                "user_id": {
+                    "description": "User ID - can be user principal name or object ID",
+                    "data_type": "string",
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                "select_string": {
+                    "description": "Select string to get additional user properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                },
+                "expand_string": {
+                    "description": "Expand string to get a resource or collection referenced by a single relationship",
+                    "data_type": "string",
+                    "order": 2
+                },
+                "use_advanced_query": {
+                    "description": "Use advanced query capabilities",
+                    "data_type": "boolean",
+                    "default": false,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.expand_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "manager"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.use_advanced_query",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.context",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.test.com/v1.0/$metadata#users/$entity"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.accountEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.ageGroup",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.assignedLicenses.*.skuId",
+                    "data_type": "string",
+                    "example_values": [
+                        "f30db892-07e9-47e9-837c-80727f46fd3d"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.assignedTimestamp",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-04-26T07:21:18Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Enabled"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "exchange"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.servicePlanId",
+                    "data_type": "string",
+                    "example_values": [
+                        "33c4f319-9bdd-48d6-9c4d-410b750a4a5a"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.city",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.companyName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.consentProvidedForMinor",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.country",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-05-02T20:27:59Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.creationType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.department",
+                    "data_type": "string",
+                    "example_values": [
+                        "Sales"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.dirSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.employeeId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.facsimileTelephoneNumber",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.givenName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "7d55d7e6-cf5a-4dd2-a176-57a3c33b7fa9"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.issuer",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.issuerAssignedId",
+                    "data_type": "string",
+                    "example_values": [
+                        "test2@user.test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.signInType",
+                    "data_type": "string",
+                    "example_values": [
+                        "userPrincipalName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.immutableId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.isCompromised",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.jobTitle",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.lastDirSyncTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.legalAgeGroupClassification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string",
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "test"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mobile",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mobilePhone",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.objectId",
+                    "data_type": "string",
+                    "example_values": [
+                        "59f51194-1998-4932-a8ac-468e59374edc"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.metadata",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.officeLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDistinguishedName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.otherMails",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordPolicies",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.enforceChangePasswordPolicy",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.forceChangePasswordNextLogin",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile.password",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.physicalDeliveryOfficeName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.postalCode",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Enabled"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.provisioningStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Success"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "exchange"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.proxyAddresses",
+                    "data_type": "string",
+                    "example_values": [
+                        "SMTP:test_shared_mailbox@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.refreshTokensValidFromDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2019-05-16T19:54:18Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.showInAddressList",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.sipProxyAddress",
+                    "data_type": "string",
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.state",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.streetAddress",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.surname",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.telephoneNumber",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.thumbnailPhoto@odata.mediaEditLink",
+                    "data_type": "string",
+                    "example_values": [
+                        "directoryObjects/59f12345-1998-4932-a8ac-468e59374edc/test.DirectoryServices.User/thumbnailPhoto"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.usageLocation",
+                    "data_type": "string",
+                    "example_values": [
+                        "US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userPrincipalName",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.userStateChangedOn",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.userType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Member"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully retrieved user attributes",
+                        "Successfully retrieved attributes for user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully retrieved user attributes",
+                        "Status: Successfully retrieved attributes for user user@test.com, User enabled: False"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "list user attributes",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "set user attribute",
+            "description": "Set an attribute for a user",
+            "type": "generic",
+            "identifier": "set_user_attribute",
+            "read_only": false,
+            "parameters": {
+                "user_id": {
+                    "description": "User ID - can be user principal name or object ID",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                "ph_0": {
+                    "description": "Placeholder",
+                    "data_type": "ph",
+                    "order": 1
+                },
+                "attribute": {
+                    "description": "Attribute to set",
+                    "data_type": "string",
+                    "required": true,
+                    "order": 2
+                },
+                "attribute_value": {
+                    "description": "Value of attribute to set",
+                    "data_type": "string",
+                    "required": true,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 3
+                },
+                {
+                    "data_path": "action_result.parameter.attribute",
+                    "data_type": "string",
+                    "example_values": [
+                        "department"
+                    ],
+                    "column_name": "Attribute Name",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.parameter.attribute_value",
+                    "data_type": "string",
+                    "example_values": [
+                        "Sales"
+                    ],
+                    "column_name": "Attribute Value",
+                    "column_order": 2
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.classification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-03-25T18:40:53Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "This is for testing purpose"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.dirSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.expirationDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "2a201c95-101b-42d9-a7af-9a2fdf8193f1"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.isAssignableToRole",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.lastDirSyncTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRule",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRuleProcessingState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDomainName",
+                    "data_type": "string",
+                    "contains": [
+                        "domain"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesNetBiosName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSamAccountName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredDataLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.proxyAddresses",
+                    "data_type": "string",
+                    "example_values": [
+                        "SMTP:test-h@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.renewedDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-03-25T18:40:53Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.securityEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.securityIdentifier",
+                    "data_type": "string",
+                    "example_values": [
+                        "S-1-12-1-294681889-1319597617-672379543-28952017"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.theme",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.visibility",
+                    "data_type": "string",
+                    "example_values": [
+                        "Private"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully enabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully enabled user user@test.com"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "remove user",
+            "description": "Remove a user from a specified group",
+            "type": "generic",
+            "identifier": "remove_user",
+            "read_only": false,
+            "undo": "add user",
+            "parameters": {
+                "group_object_id": {
+                    "description": "Object ID of group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                "user_id": {
+                    "description": "User ID to remove from group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 1,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 2
+                },
+                {
+                    "data_path": "action_result.parameter.group_object_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ddb876b3-603a-437b-9814-2d46a2219a1e"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ],
+                    "column_name": "Group Object ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "17be76d0-35ed-4881-ab62-d2eb73c2ebe3"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully removed user from group",
+                        "User not in group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully removed user from group",
+                        "Status: User not in group"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "add user",
+            "description": "Add a user to a specified group",
+            "type": "generic",
+            "identifier": "add_user",
+            "read_only": false,
+            "undo": "remove user",
+            "parameters": {
+                "group_object_id": {
+                    "description": "Object ID of group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                "user_id": {
+                    "description": "User ID to add to group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 1,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 2
+                },
+                {
+                    "data_path": "action_result.parameter.group_object_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ddb876b3-603a-437b-9814-2d46a2219a1e"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ],
+                    "column_name": "Group Object ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "17be76d0-35ed-4881-ab62-d2eb73c2ebe3"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully added user to group",
+                        "User already in group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Status: Successfully added user to group",
+                        "Status: User already in group"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list groups",
+            "description": "List groups in the organization",
+            "verbose": "By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.",
+            "type": "investigate",
+            "identifier": "list_groups",
+            "read_only": true,
+            "parameters": {
+                "filter_string": {
+                    "description": "Filter string to apply to group listing",
+                    "data_type": "string",
+                    "order": 0
+                },
+                "select_string": {
+                    "description": "Select string to get additional group properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                },
+                "expand_string": {
+                    "description": "Expand string to get a resource or collection referenced by a single relationship",
+                    "data_type": "string",
+                    "order": 2
+                },
+                "use_advanced_query": {
+                    "description": "Use advanced query capabilities",
+                    "data_type": "boolean",
+                    "default": false,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.expand_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "members"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.filter_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "createdDateTime ge '2014-01-01T00:00:00Z'"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.use_advanced_query",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.classification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-03-25T18:40:53Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "This is for testing purpose"
+                    ],
+                    "column_name": "Description",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data.*.dirSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site"
+                    ],
+                    "column_name": "Display Name",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data.*.expirationDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "2a201c95-101b-42d9-a7af-9a2fdf8193f1"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.isAssignableToRole",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.lastDirSyncTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test-site"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRule",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRuleProcessingState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDomainName",
+                    "data_type": "string",
+                    "contains": [
+                        "domain"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesNetBiosName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSamAccountName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredDataLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.proxyAddresses",
+                    "data_type": "string",
+                    "example_values": [
+                        "SMTP:test-h@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.renewedDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2021-03-25T18:40:53Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.securityEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.securityIdentifier",
+                    "data_type": "string",
+                    "example_values": [
+                        "S-1-12-1-294681889-1319597617-672379543-28952017"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.theme",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.visibility",
+                    "data_type": "string",
+                    "example_values": [
+                        "Private"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.num_groups",
+                    "data_type": "numeric",
+                    "example_values": [
+                        7
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Num groups: 7"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "List Groups",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "get group",
+            "description": "Get information about a group",
+            "verbose": "By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.",
+            "type": "investigate",
+            "identifier": "get_group",
+            "read_only": true,
+            "parameters": {
+                "object_id": {
+                    "description": "Object ID of group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                "select_string": {
+                    "description": "Select string to get additional group properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                },
+                "expand_string": {
+                    "description": "Expand string to get a resource or collection referenced by a single relationship",
+                    "data_type": "string",
+                    "order": 2
+                },
+                "use_advanced_query": {
+                    "description": "Use advanced query capabilities",
+                    "data_type": "boolean",
+                    "default": false,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.expand_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "members"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.object_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ddb876b3-603a-437b-9814-2d46a2219a1e"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.use_advanced_query",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.context",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.test.com/v1.0/$metadata#groups(id,displayName)/$entity"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.classification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2020-08-05T11:59:49Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "This is the office 365 group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.dirSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "o365group"
+                    ],
+                    "column_name": "Display Name",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data.*.expirationDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ddb876b3-603a-437b-9814-2d46a2219a1e"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ],
+                    "column_name": "Object ID",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data.*.isAssignableToRole",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.lastDirSyncTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string",
+                    "example_values": [
+                        "bc7f9cabe@test.com"
+                    ],
+                    "contains": [
+                        "email"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mailEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ],
+                    "column_name": "Mail Enabled",
+                    "column_order": 3
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "bc7f9cabe"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRule",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.membershipRuleProcessingState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.metadata",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.windows.net/1t309est-db6c-4tes-t1d2-12bf3456d78d/$metadata#directoryObjects/@Element"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.Group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDomainName",
+                    "data_type": "string",
+                    "contains": [
+                        "domain"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesNetBiosName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSamAccountName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredDataLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.proxyAddresses",
+                    "data_type": "string",
+                    "example_values": [
+                        "SMTP:bc7f9cabe@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.renewedDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2020-08-05T11:59:49Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.securityEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ],
+                    "column_name": "Security Enabled",
+                    "column_order": 2
+                },
+                {
+                    "data_path": "action_result.data.*.securityIdentifier",
+                    "data_type": "string",
+                    "example_values": [
+                        "S-1-12-1-909260723-1083662375-1952945031-2402852259"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.theme",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.visibility",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary.display_name",
+                    "data_type": "string",
+                    "example_values": [
+                        "o365group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "Successfully retrieved group 104d4576-1544-48b5-bb7e-9f8f871aa824"
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Display name: o365group"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "List Groups",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list group members",
+            "description": "List the members in a group",
+            "verbose": "By default, only a limited set of properties are returned, to return an alternative property set use $select query parameter. For more information on using the select_string and expand_string parameters, refer to https://docs.microsoft.com/en-us/graph/query-parameters.",
+            "type": "investigate",
+            "identifier": "list_group_members",
+            "read_only": true,
+            "parameters": {
+                "group_object_id": {
+                    "description": "Object ID of group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                "select_string": {
+                    "description": "Select string to get additional properties. Separate multiple values with commas",
+                    "data_type": "string",
+                    "order": 1
+                },
+                "expand_string": {
+                    "description": "Expand string to get a resource or collection referenced by a single relationship",
+                    "data_type": "string",
+                    "order": 2
+                },
+                "use_advanced_query": {
+                    "description": "Use advanced query capabilities",
+                    "data_type": "boolean",
+                    "default": false,
+                    "order": 3
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.expand_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "manager"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.group_object_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ebcd3130-55a1-4cbf-81b2-86408ff21203"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.select_string",
+                    "data_type": "string",
+                    "example_values": [
+                        "displayName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.parameter.use_advanced_query",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "#test.graph.user"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.accountEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.ageGroup",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.assignedLicenses.*.skuId",
+                    "data_type": "string",
+                    "example_values": [
+                        "189a915c-fe4f-4ffa-bde4-85b9628d07a0"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.assignedDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2022-11-03T15:12:28Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Deleted"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "AADPremiumService"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.assignedPlans.*.servicePlanId",
+                    "data_type": "string",
+                    "example_values": [
+                        "eec0eb4f-6444-4f95-aba0-50c24d67f998"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.city",
+                    "data_type": "string",
+                    "example_values": [
+                        "Palo Alto"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.companyName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.consentProvidedForMinor",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.country",
+                    "data_type": "string",
+                    "example_values": [
+                        "US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2016-06-09T18:33:27Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.creationType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.department",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Firstname Lastname"
+                    ],
+                    "column_name": "Display Name",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data.*.employeeHireDate",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.employeeId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.employeeOrgData",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.employeeType",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.externalUserState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.externalUserStateChangeDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.faxNumber",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.givenName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "17be76d0-35ed-4881-ab62-d2eb73c2ebe3"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.issuer",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.issuerAssignedId",
+                    "data_type": "string",
+                    "example_values": [
+                        "test@user.test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.identities.*.signInType",
+                    "data_type": "string",
+                    "example_values": [
+                        "userPrincipalName"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.isResourceAccount",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.jobTitle",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.legalAgeGroupClassification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mail",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "User"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.mobilePhone",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.officeLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDistinguishedName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesDomainName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute1",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute10",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute11",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute12",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute13",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute14",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute15",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute2",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute3",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute4",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute5",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute6",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute7",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute8",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesExtensionAttributes.extensionAttribute9",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesImmutableId",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSamAccountName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.onPremisesUserPrincipalName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.passwordPolicies",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.passwordProfile",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.postalCode",
+                    "data_type": "string",
+                    "example_values": [
+                        "94303"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.preferredDataLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.capabilityStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Enabled"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.provisioningStatus",
+                    "data_type": "string",
+                    "example_values": [
+                        "Success"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.provisionedPlans.*.service",
+                    "data_type": "string",
+                    "example_values": [
+                        "testCommunicationsOnline"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.refreshTokensValidFromDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2022-08-08T13:00:58Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.showInAddressList",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.signInSessionsValidFromDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2022-08-08T13:00:58Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.state",
+                    "data_type": "string",
+                    "example_values": [
+                        "CA"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.streetAddress",
+                    "data_type": "string",
+                    "example_values": [
+                        "2479 E. Bayshore Rd."
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.surname",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.usageLocation",
+                    "data_type": "string",
+                    "example_values": [
+                        "US"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userPrincipalName",
+                    "data_type": "string",
+                    "example_values": [
+                        "ews_retest@test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.userType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Member"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.num_members",
+                    "data_type": "numeric",
+                    "example_values": [
+                        3
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.num_users",
+                    "data_type": "numeric",
+                    "example_values": [
+                        3
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Num members: 3"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "custom",
+                "title": "list group members",
+                "view": "msadgraph_view.display_view"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "validate group",
+            "description": "Returns true if a user is in a group; otherwise, false",
+            "type": "investigate",
+            "identifier": "validate_group",
+            "read_only": true,
+            "parameters": {
+                "group_object_id": {
+                    "description": "Object ID of group",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 0,
+                    "contains": [
+                        "group object id"
+                    ]
+                },
+                "user_id": {
+                    "description": "User ID to validate",
+                    "data_type": "string",
+                    "required": true,
+                    "primary": true,
+                    "order": 1,
+                    "contains": [
+                        "user id"
+                    ]
+                }
+            },
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 2
+                },
+                {
+                    "data_path": "action_result.parameter.group_object_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "ebcd3130-55a1-4cbf-81b2-86408ff21203"
+                    ],
+                    "contains": [
+                        "group object id"
+                    ],
+                    "column_name": "Group Object ID",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.parameter.user_id",
+                    "data_type": "string",
+                    "example_values": [
+                        "user@test.com"
+                    ],
+                    "contains": [
+                        "user id"
+                    ],
+                    "column_name": "User ID",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data.*.@odata.context",
+                    "data_type": "string",
+                    "example_values": [
+                        "https://graph.test.com/v1.0/$metadata#directoryObjects"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.user_in_group",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.@odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "#test.graph.group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.classification",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.createdDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2022-02-25T12:05:22Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test group for MSGraph"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Test group for MSGraph"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.expirationDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "49233413-24c6-4516-a9e1-4d5f87fe34fd"
+                    ],
+                    "contains": [
+                        "user id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.isAssignableToRole",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.mail",
+                    "data_type": "string",
+                    "example_values": [
+                        "test@user.test.com"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.mailEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.mailNickname",
+                    "data_type": "string",
+                    "example_values": [
+                        "TestgroupforMSGraph"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.membershipRule",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.membershipRuleProcessingState",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesDomainName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesLastSyncDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesNetBiosName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesSamAccountName",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesSecurityIdentifier",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.onPremisesSyncEnabled",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.preferredDataLocation",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.preferredLanguage",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.renewedDateTime",
+                    "data_type": "string",
+                    "example_values": [
+                        "2022-02-25T12:05:22Z"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.securityEnabled",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.securityIdentifier",
+                    "data_type": "string",
+                    "example_values": [
+                        "S-1-12-1-1227043859-1159079110-1598939561-4248108679"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.theme",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.value.*.visibility",
+                    "data_type": "string",
+                    "example_values": [
+                        "Private"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "User is member of group"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.user_in_group",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "User in group: True"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "list directory roles",
+            "description": "List the directory roles that are activated in the tenant",
+            "verbose": "<p>Pagination is not implemented for this action as this endpoint does not support pagination. Here is the <b><a href='https://docs.microsoft.com/en-us/graph/paging' target='_blank'>Documentation</a></b> for the same.</p>",
+            "type": "investigate",
+            "identifier": "list_directory_roles",
+            "read_only": true,
+            "parameters": {},
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.deletedDateTime",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.deletionTimestamp",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.data.*.description",
+                    "data_type": "string",
+                    "example_values": [
+                        "Can read basic directory information. For granting access to applications, not intended for users."
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.displayName",
+                    "data_type": "string",
+                    "example_values": [
+                        "Directory Readers"
+                    ],
+                    "column_name": "Display Name",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data.*.id",
+                    "data_type": "string",
+                    "example_values": [
+                        "02b238cb-0d15-454b-aae6-0e94993a3207"
+                    ],
+                    "contains": [
+                        "directory object id"
+                    ],
+                    "column_name": "Object ID",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "action_result.data.*.isSystem",
+                    "data_type": "boolean",
+                    "example_values": [
+                        true,
+                        false
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.objectType",
+                    "data_type": "string",
+                    "example_values": [
+                        "Role"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.odata.type",
+                    "data_type": "string",
+                    "example_values": [
+                        "test.DirectoryServices.DirectoryRole"
+                    ]
+                },
+                {
+                    "data_path": "action_result.data.*.roleTemplateId",
+                    "data_type": "string",
+                    "example_values": [
+                        "88d8e3e3-8f55-4a1e-953a-9b9898b8876b"
+                    ],
+                    "contains": [
+                        "role template id"
+                    ]
+                },
+                {
+                    "data_path": "action_result.summary.num_directory_roles",
+                    "data_type": "numeric",
+                    "example_values": [
+                        9
+                    ]
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Num directory roles: 9"
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        },
+        {
+            "action": "generate token",
+            "identifier": "generate_token",
+            "description": "Generate a token",
+            "type": "generic",
+            "read_only": false,
+            "parameters": {},
+            "output": [
+                {
+                    "data_path": "action_result.status",
+                    "data_type": "string",
+                    "example_values": [
+                        "success",
+                        "failed"
+                    ],
+                    "column_name": "Status",
+                    "column_order": 0
+                },
+                {
+                    "data_path": "action_result.data",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.summary",
+                    "data_type": "string"
+                },
+                {
+                    "data_path": "action_result.message",
+                    "data_type": "string",
+                    "example_values": [
+                        "Token generated"
+                    ],
+                    "column_name": "Message",
+                    "column_order": 1
+                },
+                {
+                    "data_path": "summary.total_objects",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                },
+                {
+                    "data_path": "summary.total_objects_successful",
+                    "data_type": "numeric",
+                    "example_values": [
+                        1
+                    ]
+                }
+            ],
+            "render": {
+                "type": "table"
+            },
+            "versions": "EQ(*)"
+        }
+    ],
+    "pip_dependencies": {
+        "wheel": [
+            {
+                "module": "beautifulsoup4",
+                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
+            },
+            {
+                "module": "soupsieve",
+                "input_file": "wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl"
+            }
+        ]
+    },
+    "pip39_dependencies": {
+        "wheel": [
+            {
+                "module": "beautifulsoup4",
+                "input_file": "wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl"
+            },
+            {
+                "module": "soupsieve",
+                "input_file": "wheels/py3/soupsieve-2.4.1-py3-none-any.whl"
+            }
+        ]
+    }
+}
diff --git a/deployment-apps/msadgraph/msadgraph_connector.py b/deployment-apps/msadgraph/msadgraph_connector.py
new file mode 100644
index 0000000..3cafc57
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_connector.py
@@ -0,0 +1,1540 @@
+# File: msadgraph_connector.py
+#
+# Copyright (c) 2022-2023 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+#
+#
+# Phantom App imports
+import grp
+import json
+import os
+import pathlib
+import pwd
+import sys
+import time
+import urllib.parse as urlparse
+
+import encryption_helper
+import phantom.app as phantom
+import requests
+from bs4 import BeautifulSoup
+from django.http import HttpResponse
+from phantom.action_result import ActionResult
+from phantom.base_connector import BaseConnector
+
+from msadgraph_consts import *
+
+MAX_END_OFFSET_VAL = 2147483646
+
+
+def _handle_login_redirect(request, key):
+    """ This function is used to redirect login request to microsoft login page.
+
+    :param request: Data given to REST endpoint
+    :param key: Key to search in state file
+    :return: response authorization_url/admin_consent_url
+    """
+
+    asset_id = request.GET.get('asset_id')
+    if not asset_id:
+        return HttpResponse('ERROR: Asset ID not found in URL', content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+    state = _load_app_state(asset_id)
+    if not state:
+        return HttpResponse('ERROR: Invalid asset_id', content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+    url = state.get(key)
+    if not url:
+        return HttpResponse(f'App state is invalid, {key} not found.', content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+    response = HttpResponse(status=302)
+    response['Location'] = url
+    return response
+
+
+def _is_valid_asset_id(asset_id):
+    """ This function validates an asset id.
+    Must be an alphanumeric string of less than 128 characters.
+
+    :param asset_id: asset_id
+    :return: is_valid: Boolean True if valid, False if not.
+    """
+    if not isinstance(asset_id, str):
+        return False
+    if not asset_id.isalnum():
+        return False
+    if len(asset_id) > 128:
+        return False
+    return True
+
+
+def _get_file_path(asset_id, is_state_file=True):
+    """ This function gets the path of the auth status file of an asset id.
+
+    :param asset_id: asset_id
+    :param app_connector: Object of app_connector class
+    :param is_state_file: boolean parameter for state file
+    :return: file_path: Path object of the file
+    """
+    current_file_path = pathlib.Path(__file__).resolve()
+    if is_state_file:
+        input_file = f'{asset_id}_state.json'
+    else:
+        input_file = f'{asset_id}_oauth_task.out'
+    output_file_path = current_file_path.with_name(input_file)
+    return output_file_path
+
+
+def _decrypt_state(state, salt):
+    """
+    Decrypts the state.
+    :param state: state dictionary
+    :param salt: salt used for decryption
+    :return: decrypted state
+    """
+
+    if not state.get("is_encrypted"):
+        return state
+
+    access_token = state.get("token", {}).get("access_token")
+    if access_token:
+        state["token"]["access_token"] = encryption_helper.decrypt(access_token, salt)
+
+    refresh_token = state.get("token", {}).get("refresh_token")
+    if refresh_token:
+        state["token"]["refresh_token"] = encryption_helper.decrypt(refresh_token, salt)
+
+    code = state.get("code")
+    if code:
+        state["code"] = encryption_helper.decrypt(code, salt)
+
+    return state
+
+
+def _encrypt_state(state, salt):
+    """
+    Encrypts the state.
+    :param state: state dictionary
+    :param salt: salt used for encryption
+    :return: encrypted state
+    """
+
+    access_token = state.get("token", {}).get("access_token")
+    if access_token:
+        state["token"]["access_token"] = encryption_helper.encrypt(access_token, salt)
+
+    refresh_token = state.get("token", {}).get("refresh_token")
+    if refresh_token:
+        state["token"]["refresh_token"] = encryption_helper.encrypt(refresh_token, salt)
+
+    code = state.get("code")
+    if code:
+        state["code"] = encryption_helper.encrypt(code, salt)
+
+    state["is_encrypted"] = True
+
+    return state
+
+
+def _load_app_state(asset_id, app_connector=None):
+    """ This function is used to load the current state file.
+
+    :param asset_id: asset_id
+    :param app_connector: Object of app_connector class
+    :return: state: Current state file as a dictionary
+    """
+
+    asset_id = str(asset_id)
+    if not _is_valid_asset_id(asset_id):
+        if app_connector:
+            app_connector.debug_print('In _load_app_state: Invalid asset_id')
+        return {}
+
+    state_file_path = _get_file_path(asset_id)
+
+    state = {}
+    try:
+        with open(state_file_path, 'r') as state_file:
+            state = json.load(state_file)
+    except Exception as e:
+        if app_connector:
+            app_connector.error_print(f'In _load_app_state: Exception: {str(e)}')
+
+    if app_connector:
+        app_connector.debug_print('Loaded state: ', state)
+
+    try:
+        state = _decrypt_state(state, asset_id)
+    except Exception as e:
+        if app_connector:
+            app_connector.error_print("{}: {}".format(MS_AZURE_DECRYPTION_ERROR, str(e)))
+        state = {}
+
+    return state
+
+
+def _save_app_state(state, asset_id, app_connector):
+    """ This function is used to save current state in file.
+
+    :param state: Dictionary which contains data to write in state file
+    :param asset_id: asset_id
+    :param app_connector: Object of app_connector class
+    :return: status: phantom.APP_SUCCESS
+    """
+    asset_id = str(asset_id)
+    if not _is_valid_asset_id(asset_id):
+        if app_connector:
+            app_connector.debug_print('In _save_app_state: Invalid asset_id')
+        return {}
+
+    state_file_path = _get_file_path(asset_id)
+
+    try:
+        state = _encrypt_state(state, asset_id)
+    except Exception as e:
+        if app_connector:
+            app_connector.error_print("{}: {}".format(MS_AZURE_ENCRYPTION_ERROR, str(e)))
+        return phantom.APP_ERROR
+
+    if app_connector:
+        app_connector.debug_print('Saving state: ', state)
+
+    try:
+        with open(state_file_path, 'w+') as state_file:
+            json.dump(state, state_file)
+    except Exception as e:
+        if app_connector:
+            app_connector.error_print(f'Unable to save state file: {str(e)}')
+
+    return phantom.APP_SUCCESS
+
+
+def _handle_login_response(request):
+    """ This function is used to get the login response of authorization request from microsoft login page.
+
+    :param request: Data given to REST endpoint
+    :return: HttpResponse. The response displayed on authorization URL page
+    """
+
+    asset_id = request.GET.get('state')
+    if not asset_id:
+        return HttpResponse(f'ERROR: Asset ID not found in URL\n{json.dumps(request.GET)}',
+                            content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+
+    # Check for error in URL
+    error = request.GET.get('error')
+    error_description = request.GET.get('error_description')
+
+    # If there is an error in response
+    if error:
+        message = f'Error: {error}'
+        if error_description:
+            message = f'{message} Details: {error_description}'
+        return HttpResponse(f'Server returned {message}', content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+
+    code = request.GET.get('code')
+    admin_consent = request.GET.get('admin_consent')
+
+    # If none of the code or admin_consent is available
+    if not (code or admin_consent):
+        return HttpResponse(f'Error while authenticating\n{json.dumps(request.GET)}',
+                            content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+
+    state = _load_app_state(asset_id)
+
+    # If value of admin_consent is available
+    if admin_consent:
+        if admin_consent == 'True':
+            admin_consent = True
+        else:
+            admin_consent = False
+
+        state['admin_consent'] = admin_consent
+        _save_app_state(state, asset_id, None)
+
+        # If admin_consent is True
+        if admin_consent:
+            return HttpResponse('Admin Consent received. Please close this window.', content_type="text/plain")
+        return HttpResponse('Admin Consent declined. Please close this window and try again later.',
+                            content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+
+    # If value of admin_consent is not available, value of code is available
+    state['code'] = code
+    _save_app_state(state, asset_id, None)
+
+    return HttpResponse('Code received. Please close this window, the action will continue to get new token.', content_type="text/plain")
+
+
+def _handle_rest_request(request, path_parts):
+    """ Handle requests for authorization.
+
+    :param request: Data given to REST endpoint
+    :param path_parts: parts of the URL passed
+    :return: dictionary containing response parameters
+    """
+
+    if len(path_parts) < 2:
+        return HttpResponse('error: True, message: Invalid REST endpoint request', content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+
+    call_type = path_parts[1]
+
+    # To handle authorize request in test connectivity action
+    if call_type == 'start_oauth':
+        return _handle_login_redirect(request, 'admin_consent_url')
+
+    # To handle response from microsoft login page
+    if call_type == 'result':
+        return_val = _handle_login_response(request)
+        asset_id = request.GET.get('state')
+        if asset_id:
+            if not _is_valid_asset_id(asset_id):
+                return HttpResponse("Error: Invalid asset_id", content_type="text/plain", status=MS_AZURE_BAD_REQUEST_CODE)
+            auth_status_file_path = _get_file_path(asset_id, is_state_file=False)
+            auth_status_file_path.touch(mode=664, exist_ok=True)
+            try:
+                uid = pwd.getpwnam('apache').pw_uid
+                gid = grp.getgrnam('phantom').gr_gid
+                os.chown(auth_status_file_path, uid, gid)  # nosemgrep file traversal risk is handled by blocking non-alphanum strings
+            except Exception:
+                pass
+
+        return return_val
+    return HttpResponse('error: Invalid endpoint', content_type="text/plain", status=MS_AZURE_NOT_FOUND_CODE)
+
+
+def _get_dir_name_from_app_name(app_name):
+    """ Get name of the directory for the app.
+
+    :param app_name: Name of the application for which directory name is required
+    :return: app_name: Name of the directory for the application
+    """
+
+    app_name = ''.join([x for x in app_name if x.isalnum()])
+    app_name = app_name.lower()
+    if not app_name:
+        app_name = 'app_for_phantom'
+    return app_name
+
+
+class RetVal(tuple):
+
+    def __new__(cls, val1, val2):
+
+        return tuple.__new__(RetVal, (val1, val2))
+
+
+class MSADGraphConnector(BaseConnector):
+
+    def __init__(self):
+
+        # Call the BaseConnectors init first
+        super(MSADGraphConnector, self).__init__()
+
+        self._state = None
+        self._tenant = None
+        self._client_id = None
+        self._client_secret = None
+        self._access_token = None
+        self._refresh_token = None
+        self._base_url = None
+        self._admin_access_required = None
+        self._admin_access_granted = None
+
+    def load_state(self):
+        """
+        Load the contents of the state file to the state dictionary and decrypt it.
+        :return: loaded state
+        """
+        state = super().load_state()
+        if not isinstance(state, dict):
+            self.debug_print("Reseting the state file with the default format")
+            state = {
+                "app_version": self.get_app_json().get('app_version')
+            }
+            return state
+        try:
+            state = _decrypt_state(state, self.get_asset_id())
+        except Exception as e:
+            error_message = self._get_error_message_from_exception(e)
+            self.error_print("{}: {}".format(MS_AZURE_DECRYPTION_ERROR, error_message))
+            self.debug_print("Reseting the state file with the default format")
+            state = {
+                "app_version": self.get_app_json().get('app_version')
+            }
+
+        return state
+
+    def save_state(self, state):
+        """
+        Encrypt and save the current state dictionary to the the state file.
+        :param state: state dictionary
+        :return: status
+        """
+        try:
+            state = _encrypt_state(state, self.get_asset_id())
+        except Exception as e:
+            error_message = self._get_error_message_from_exception(e)
+            self.error_print("{}: {}".format(MS_AZURE_ENCRYPTION_ERROR, error_message))
+
+        return super().save_state(state)
+
+    def _dump_error_log(self, error, message="Exception occurred."):
+        self.error_print(message, dump_object=error)
+
+    def _get_error_message_from_exception(self, e):
+        """
+        Get appropriate error message from the exception.
+        :param e: Exception object
+        :return: error message
+        """
+        error_code = None
+        error_message = MS_AZURE_ERROR_MESSAGE_UNKNOWN
+
+        self._dump_error_log(e)
+
+        try:
+            if hasattr(e, "args"):
+                if len(e.args) > 1:
+                    error_code = e.args[0]
+                    error_message = e.args[1]
+                elif len(e.args) == 1:
+                    error_message = e.args[0]
+        except Exception:
+            self.error_print("Exception occurred while getting error code and message")
+
+        if not error_code:
+            error_text = "Error Message: {}".format(error_message)
+        else:
+            error_text = "Error Code: {}. Error Message: {}".format(error_code, error_message)
+
+        return error_text
+
+    def _process_empty_response(self, response, action_result):
+        """ This function is used to process empty response.
+
+        :param response: response data
+        :param action_result: object of Action Result
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message)
+        """
+
+        if response.status_code == 200 or response.status_code == 202:
+            return RetVal(phantom.APP_SUCCESS, {})
+
+        return RetVal(action_result.set_status(phantom.APP_ERROR, "Empty response and no information in the header"),
+                      None)
+
+    def _process_html_response(self, response, action_result):
+        """ This function is used to process html response.
+
+        :param response: response data
+        :param action_result: object of Action Result
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message)
+        """
+
+        # An html response, treat it like an error
+        status_code = response.status_code
+
+        try:
+            soup = BeautifulSoup(response.text, "html.parser")
+            # Remove the script, style, footer and navigation part from the HTML message
+            for element in soup(["script", "style", "footer", "nav"]):
+                element.extract()
+            error_text = soup.text
+            split_lines = error_text.split('\n')
+            split_lines = [x.strip() for x in split_lines if x.strip()]
+            error_text = '\n'.join(split_lines)
+        except Exception:
+            error_text = "Cannot parse error details"
+
+        message = MS_AZURE_RESPONSE_ERROR_MESSAGE.format(status_code=status_code, error_text=error_text)
+
+        message = message.replace('{', '{{').replace('}', '}}')
+
+        if status_code == MS_AZURE_BAD_REQUEST_CODE:
+            message = MS_AZURE_RESPONSE_ERROR_MESSAGE.format(status_code=status_code, error_text=MS_AZURE_HTML_ERROR)
+
+        return RetVal(action_result.set_status(phantom.APP_ERROR, message), None)
+
+    def _process_json_response(self, response, action_result):
+        """ This function is used to process json response.
+
+        :param response: response data
+        :param action_result: object of Action Result
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message)
+        """
+
+        # Try a json parse
+        try:
+            resp_json = response.json()
+        except Exception as e:
+            error_message = self._get_error_message_from_exception(e)
+            return RetVal(action_result.set_status(phantom.APP_ERROR, "Unable to parse JSON response. Error: {0}".
+                                                   format(error_message)), None)
+
+        # Please specify the status codes here
+        if 200 <= response.status_code < 399:
+            return RetVal(phantom.APP_SUCCESS, resp_json)
+
+        error_message = response.text.replace('{', '{{').replace('}', '}}')
+        message = MS_AZURE_RESPONSE_ERROR_MESSAGE.format(status_code=response.status_code, error_text=error_message)
+
+        # Show only error message if available
+        if isinstance(resp_json.get('error', {}), dict):
+            if resp_json.get('error', {}).get('message'):
+                error_message = resp_json['error']['message']
+                message = MS_AZURE_RESPONSE_ERROR_MESSAGE.format(status_code=response.status_code, error_text=error_message)
+        else:
+            error_message = resp_json['error']
+            message = MS_AZURE_RESPONSE_ERROR_MESSAGE.format(status_code=response.status_code, error_text=error_message)
+
+        return RetVal(action_result.set_status(phantom.APP_ERROR, message), None)
+
+    def _process_response(self, response, action_result):
+        """ This function is used to process html response.
+
+        :param response: response data
+        :param action_result: object of Action Result
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message)
+        """
+
+        # store the r_text in debug data, it will get dumped in the logs if the action fails
+        if hasattr(action_result, 'add_debug_data'):
+            action_result.add_debug_data({'r_status_code': response.status_code})
+            action_result.add_debug_data({'r_text': response.text})
+            action_result.add_debug_data({'r_headers': response.headers})
+
+        # Process each 'Content-Type' of response separately
+
+        # Process a json response
+        if 'json' in response.headers.get('Content-Type', ''):
+            return self._process_json_response(response, action_result)
+
+        if 'text/javascript' in response.headers.get('Content-Type', ''):
+            return self._process_json_response(response, action_result)
+
+        # Process an HTML response, Do this no matter what the API talks.
+        # There is a high chance of a PROXY in between SOAR and the rest of
+        # world, in case of errors, PROXY's return HTML, this function parses
+        # the error and adds it to the action_result.
+        if 'html' in response.headers.get('Content-Type', ''):
+            return self._process_html_response(response, action_result)
+
+        # Reset_password returns empty body
+        if not response.text and 200 <= response.status_code < 399:
+            return RetVal(phantom.APP_SUCCESS, {})
+
+        # it's not content-type that is to be parsed, handle an empty response
+        if not response.text:
+            return self._process_empty_response(response, action_result)
+
+        # everything else is actually an error at this point
+        response_content = response.text.replace('{', '{{').replace('}', '}}')
+        message = MS_AZURE_PROCESS_RESPONSE_ERROR_MESSAGE.format(status_code=response.status_code, content=response_content)
+
+        return RetVal(action_result.set_status(phantom.APP_ERROR, message), None)
+
+    def _get_asset_name(self, action_result):
+        """ Get name of the asset using SOAR URL.
+
+        :param action_result: object of ActionResult class
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message), asset name
+        """
+
+        url = urlparse.urljoin(self.get_phantom_base_url(), f'rest/asset/{self._asset_id}')
+        ret_val, resp_json = self._make_rest_call(action_result=action_result, endpoint=url, verify=False)  # nosemgrep
+
+        if phantom.is_fail(ret_val):
+            return ret_val, None
+
+        asset_name = resp_json.get('name')
+        if not asset_name:
+            return action_result.set_status(phantom.APP_ERROR, f'Asset Name for id: {self._asset_id} not found.'), None
+        return phantom.APP_SUCCESS, asset_name
+
+    def _get_external_phantom_base_url(self, action_result):
+        """ Get base url of SOAR.
+
+        :param action_result: object of ActionResult class
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message),
+        base url of SOAR
+        """
+
+        url = urlparse.urljoin(self.get_phantom_base_url(), 'rest/system_info')
+        ret_val, resp_json = self._make_rest_call(action_result=action_result, endpoint=url, verify=False)  # nosemgrep
+        if phantom.is_fail(ret_val):
+            return ret_val, None
+
+        phantom_base_url = resp_json.get('base_url').rstrip("/")
+        if not phantom_base_url:
+            return action_result.set_status(phantom.APP_ERROR, MS_AZURE_BASE_URL_NOT_FOUND_MESSAGE), None
+        return phantom.APP_SUCCESS, phantom_base_url
+
+    def _get_app_rest_url(self, action_result):
+        """ Get URL for making rest calls.
+
+        :param action_result: object of ActionResult class
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message),
+        URL to make rest calls
+        """
+
+        ret_val, phantom_base_url = self._get_external_phantom_base_url(action_result)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status(), None
+
+        ret_val, asset_name = self._get_asset_name(action_result)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status(), None
+
+        self.save_progress(f'Using SOAR base URL: {phantom_base_url}')
+        app_json = self.get_app_json()
+        app_id = app_json['appid']
+        app_name = app_json['name']
+
+        app_dir_name = _get_dir_name_from_app_name(app_name)
+        url_to_app_rest = f"{phantom_base_url}/rest/handler/{app_dir_name}_{app_id}/{asset_name}"
+        return phantom.APP_SUCCESS, url_to_app_rest
+
+    def _make_rest_call(self, endpoint, action_result, verify=True, headers=None, params=None, data=None, json=None, method="get"):
+        """ Function that makes the REST call to the app.
+
+        :param endpoint: REST endpoint that needs to appended to the service address
+        :param action_result: object of ActionResult class
+        :param headers: request headers
+        :param params: request parameters
+        :param data: request body
+        :param json: JSON object
+        :param method: GET/POST/PUT/DELETE/PATCH (Default will be GET)
+        :param verify: verify server certificate (Default True)
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message),
+        response obtained by making an API call
+        """
+
+        resp_json = None
+
+        try:
+            request_func = getattr(requests, method)
+        except AttributeError:
+            return RetVal(action_result.set_status(phantom.APP_ERROR, f"Invalid method: {method}"), resp_json)
+
+        try:
+            resp_json = request_func(endpoint, json=json, data=data, headers=headers, verify=verify, params=params, timeout=DEFAULT_TIMEOUT)
+        except Exception as e:
+            error_message = f"Error connecting to server. Details: {self._get_error_message_from_exception(e)}"
+            return RetVal(action_result.set_status(phantom.APP_ERROR, error_message), resp_json)
+
+        return self._process_response(resp_json, action_result)
+
+    def _make_rest_call_helper(self, action_result, endpoint, verify=True, headers=None, params=None, data=None, json=None, method="get"):
+        """ Function that helps setting REST call to the app.
+
+        :param endpoint: REST endpoint that needs to appended to the service address
+        :param action_result: object of ActionResult class
+        :param headers: request headers
+        :param params: request parameters
+        :param data: request body
+        :param json: JSON object
+        :param method: GET/POST/PUT/DELETE/PATCH (Default will be GET)
+        :param verify: verify server certificate (Default True)
+        :return: status phantom.APP_ERROR/phantom.APP_SUCCESS(along with appropriate message),
+        response obtained by making an API call
+        """
+
+        url = f"{self._base_url}/{self._tenant}{endpoint}"
+        if headers is None:
+            headers = {}
+
+        token = self._state.get(MS_AZURE_TOKEN_STRING, {})
+        if not token.get(MS_AZURE_ACCESS_TOKEN_STRING):
+            ret_val = self._get_token(action_result)
+
+            if phantom.is_fail(ret_val):
+                return RetVal(action_result.get_status(), None)
+        headers.update({
+                'Authorization': f'Bearer {self._access_token}',
+                'Accept': 'application/json',
+                'Content-Type': 'application/json'
+            })
+        ret_val, resp_json = self._make_rest_call(url, action_result, verify, headers, params, data, json, method)
+
+        # If token is expired, generate a new token
+        message = action_result.get_message()
+        if message and any(failure_message in message for failure_message in AUTH_FAILURE_MESSAGES):
+            self.save_progress("Token is invalid/expired. Hence, generating a new token.")
+            ret_val = self._get_token(action_result)
+            if phantom.is_fail(ret_val):
+                return RetVal(ret_val, None)
+
+            headers.update({'Authorization': f'Bearer {self._access_token}'})
+
+            ret_val, resp_json = self._make_rest_call(url, action_result, verify, headers, params, data, json, method)
+
+        if phantom.is_fail(ret_val):
+            return RetVal(ret_val, resp_json)
+
+        return RetVal(phantom.APP_SUCCESS, resp_json)
+
+    def _handle_generate_token(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+        ret_val = self._get_token(action_result)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        self._state['admin_consent'] = True
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS, "Token generated")
+
+    def _handle_test_connectivity(self, param):
+        """ Function that handles the test connectivity action, it is much simpler than other action handlers."""
+
+        # Progress
+        # self.save_progress("Generating Authentication URL")
+        app_state = {}
+        action_result = self.add_action_result(ActionResult(param))
+
+        if not (self._admin_access_required and self._admin_access_granted):
+
+            self.save_progress("Getting App REST endpoint URL")
+            # Get the URL to the app's REST Endpoint, this is the url that the TC dialog
+            # box will ask the user to connect to
+            ret_val, app_rest_url = self._get_app_rest_url(action_result)
+
+            if phantom.is_fail(ret_val):
+                self.save_progress(MS_REST_URL_NOT_AVAILABLE_MESSAGE.format(error=self.get_status()))
+                return self.set_status(phantom.APP_ERROR)
+
+            # create the url that the oauth server should re-direct to after the auth is completed
+            # (success and failure), this is added to the state so that the request handler will access
+            # it later on
+            redirect_uri = f"{app_rest_url}/result"
+            app_state['redirect_uri'] = redirect_uri
+
+            self.save_progress(MS_OAUTH_URL_MESSAGE)
+            self.save_progress(redirect_uri)
+
+            self._client_id = urlparse.quote(self._client_id)
+            self._tenant = urlparse.quote(self._tenant)
+
+            query_params = {
+                'client_id': self._client_id,
+                'redirect_uri': redirect_uri,
+                'state': self._asset_id,
+            }
+
+            if self._admin_access_required:
+                # Create the url for fetching administrator consent
+                admin_consent_url_base = MS_AZURE_ADMIN_CONSENT_URL.format(tenant_id=self._tenant)
+            else:
+                # Create the url authorization, this is the one pointing to the oauth server side
+                admin_consent_url_base = MS_AZURE_AUTHORIZE_URL.format(tenant_id=self._tenant)
+                query_params['scope'] = MS_AZURE_CODE_GENERATION_SCOPE
+                query_params['response_type'] = 'code'
+
+            query_string = '&'.join(f'{key}={value}' for key, value in query_params.items())
+
+            admin_consent_url = f'{admin_consent_url_base}?{query_string}'
+
+            app_state['admin_consent_url'] = admin_consent_url
+
+            # The URL that the user should open in a different tab.
+            # This is pointing to a REST endpoint that points to the app
+            url_to_show = f"{app_rest_url}/start_oauth?asset_id={self._asset_id}&"
+
+            # Save the state, will be used by the request handler
+            _save_app_state(app_state, self._asset_id, self)
+
+            self.save_progress('Please connect to the following URL from a different tab to continue the connectivity process')
+            self.save_progress(url_to_show)
+            self.save_progress(MS_AZURE_AUTHORIZE_TROUBLESHOOT_MESSAGE)
+
+            time.sleep(MS_AZURE_WAIT_FOR_URL_SLEEP)
+
+            completed = False
+
+            if not _is_valid_asset_id(self._asset_id):
+                return action_result.set_status(phantom.APP_ERROR, "Invalid asset id")
+
+            auth_status_file_path = _get_file_path(self._asset_id, is_state_file=False)
+
+            self.save_progress('Waiting for authorization to complete')
+
+            for i in range(0, 40):
+
+                self.send_progress('{0}'.format('.' * (i % 10)))
+
+                if auth_status_file_path.is_file():
+                    completed = True
+                    auth_status_file_path.unlink()
+                    break
+
+                time.sleep(MS_TC_STATUS_SLEEP)
+
+            if not completed:
+                self.save_progress("Authentication process does not seem to be completed. Timing out")
+                self.save_progress(MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE)
+                return self.set_status(phantom.APP_ERROR)
+
+            self.send_progress("")
+
+            # Load the state again, since the http request handlers would have saved the result of the admin consent
+            self._state = _load_app_state(self._asset_id, self)
+
+            # Deleting the local state file because of it replicates with actual state file while installing the app
+            current_file_path = pathlib.Path(__file__).resolve()
+            input_file = f'{self._asset_id}_state.json'
+            state_file_path = current_file_path.with_name(input_file)
+            state_file_path.unlink()
+
+            if not self._state:
+                self.save_progress(MS_STATE_FILE_ERROR_MESSAGE)
+                self.save_progress(MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE)
+                return action_result.set_status(phantom.APP_ERROR)
+
+            self._state.setdefault('admin_consent', False)
+
+            if self._admin_access_required and not self._state.get('admin_consent'):
+                self.save_progress(MS_ADMIN_CONSENT_ERROR_MESSAGE)
+                self.save_progress(MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE)
+                return action_result.set_status(phantom.APP_ERROR)
+
+            if not self._admin_access_required and not self._state.get('code'):
+                self.save_progress(MS_AUTHORIZATION_ERROR_MESSAGE)
+                self.save_progress(MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE)
+                return action_result.set_status(phantom.APP_ERROR)
+
+            if self._admin_access_required:
+                self.save_progress("Admin consent received")
+                self.save_progress(
+                    "Waiting for 30 seconds before generating token. If action fails with '403: AccessDenied' error, "
+                    "please check permissions and re-run the 'test connectivity' after some time.")
+                self.save_progress(
+                    "Admin consent is already received. You can mark 'Admin Consent Already Provided' to True, "
+                    "unless you make changes in the permissions.")
+                time.sleep(30)
+
+        self.save_progress(MS_GENERATING_ACCESS_TOKEN_MESSAGE)
+        ret_val = self._get_token(action_result)
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        self.save_progress("Getting info about a single user to verify token")
+        params = {'$top': '1'}
+        ret_val, response = self._make_rest_call_helper(action_result, "/users", params=params)
+
+        if phantom.is_fail(ret_val):
+            self.save_progress("API to get users failed")
+            self.save_progress(MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE)
+            return self.set_status(phantom.APP_ERROR)
+
+        value = response.get('value')
+
+        if value:
+            self.save_progress("Got user info")
+
+        self.save_progress(MS_AZURE_TEST_CONNECTIVITY_PASSED)
+
+        return self.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_users(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        filter_string = param.get('filter_string')
+        select_string = param.get('select_string')
+        expand_string = param.get('expand_string')
+        use_advanced_query = param.get('use_advanced_query')
+
+        headers = {}
+        parameters = {}
+
+        if filter_string:
+            parameters['$filter'] = filter_string
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+        if expand_string:
+            parameters['$expand'] = expand_string
+        if use_advanced_query:
+            headers['ConsistencyLevel'] = 'eventual'
+            parameters['$count'] = 'true'
+
+        ret_val = self._handle_pagination(action_result, '/users', headers=headers, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        resp_data = action_result.get_data()
+        if resp_data and resp_data[action_result.get_data_size() - 1] == 'Empty response':
+            summary['num_users'] = (action_result.get_data_size()) - 1
+        else:
+            summary['num_users'] = action_result.get_data_size()
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_reset_password(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+        temp_password = param.get('temp_password', '')
+        force_change = param.get('force_change', True)
+
+        data = {
+            'passwordProfile': {
+                'forceChangePasswordNextSignIn': force_change,
+                'password': temp_password
+            }
+        }
+
+        endpoint = f'/users/{user_id}'
+
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, json=data, method='patch')
+
+        if phantom.is_fail(ret_val):
+            return ret_val
+
+        summary = action_result.update_summary({})
+        summary['status'] = f"Successfully reset password for {user_id}"
+
+        # An empty response indicates success. No response body is returned.
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_enable_user(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+
+        data = {
+            "accountEnabled": True
+        }
+
+        endpoint = f'/users/{user_id}'
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, json=data, method='patch')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['status'] = f"Successfully enabled user {user_id}"
+
+        # An empty response indicates success. No response body is returned.
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_invalidate_tokens(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+        endpoint = f'/users/{user_id}/revokeSignInSessions'
+
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, method='post')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['status'] = "Successfully disabled tokens"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_disable_user(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+
+        data = {
+            "accountEnabled": False
+        }
+
+        endpoint = f'/users/{user_id}'
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, json=data, method='patch')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['status'] = f"Successfully disabled user {user_id}"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_user_attributes(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param.get('user_id')
+        select_string = param.get('select_string')
+        expand_string = param.get('expand_string')
+        use_advanced_query = param.get('use_advanced_query')
+
+        headers = {}
+        parameters = {}
+
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+        if expand_string:
+            parameters['$expand'] = expand_string
+        if use_advanced_query:
+            headers['ConsistencyLevel'] = 'eventual'
+            parameters['$count'] = 'true'
+
+        if user_id:
+            endpoint = f'/users/{user_id}'
+        else:
+            endpoint = '/users'
+
+        ret_val = self._handle_pagination(action_result, endpoint, headers=headers, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        if user_id:
+            summary['status'] = f"Successfully retrieved attributes for user {user_id}"
+        else:
+            summary['status'] = "Successfully retrieved user attributes"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_user_devices(self, param):
+
+        self.save_progress("In action handler for: {0}".format(self.get_action_identifier()))
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+
+        parameters = {}
+        select_string = param.get('select_string')
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+
+        endpoint = f'/users/{user_id}/ownedDevices'
+
+        ret_val = self._handle_pagination(action_result, endpoint, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['status'] = "Successfully retrieved owned devices for user {}".format(user_id)
+
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_set_user_attribute(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        user_id = param['user_id']
+        attribute = param['attribute']
+        attribute_value = param['attribute_value']
+
+        data = {
+            attribute: attribute_value
+        }
+
+        endpoint = f'/users/{user_id}'
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, json=data, method='patch')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['status'] = "Successfully updated user attribute"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_add_user(self, param):
+
+        config = self.get_config()
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        object_id = param['group_object_id']
+        user_id = param['user_id']
+
+        data = {
+            '@odata.id': "https://{}/directoryObjects/{}".format(MSADGRAPH_API_REGION[config.get(MS_AZURE_URL, "Global")], user_id)
+        }
+
+        endpoint = f'/groups/{object_id}/members/$ref'
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, json=data, method='post')
+
+        summary = action_result.update_summary({})
+        if phantom.is_fail(ret_val):
+            message = action_result.get_message()
+            if 'references already exist for the following modified properties: \'members\'.' in message:
+                summary['status'] = "User already in group"
+                return action_result.get_status()
+            else:
+                return ret_val
+        else:
+            summary['status'] = "Successfully added user to group"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_remove_user(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        object_id = param['group_object_id']
+        user_id = param['user_id']
+
+        endpoint = f'/groups/{object_id}/members/{user_id}/$ref'
+        ret_val, _ = self._make_rest_call_helper(action_result, endpoint, method='delete')
+
+        summary = action_result.update_summary({})
+        if phantom.is_fail(ret_val):
+            message = action_result.get_message()
+            if 'does not exist or one of its queried' in message:
+                summary['status'] = "User not in group"
+            return action_result.get_status()
+        else:
+            summary['status'] = "Successfully removed user from group"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_groups(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        filter_string = param.get('filter_string')
+        select_string = param.get('select_string')
+        expand_string = param.get('expand_string')
+        use_advanced_query = param.get('use_advanced_query')
+
+        headers = {}
+        parameters = {}
+
+        if filter_string:
+            parameters['$filter'] = filter_string
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+        if expand_string:
+            parameters['$expand'] = expand_string
+        if use_advanced_query:
+            headers['ConsistencyLevel'] = 'eventual'
+            parameters['$count'] = 'true'
+
+        ret_val = self._handle_pagination(action_result, '/groups', headers=headers, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        resp_data = action_result.get_data()
+        if resp_data and resp_data[action_result.get_data_size() - 1] == 'Empty response':
+            summary['num_groups'] = (action_result.get_data_size()) - 1
+        else:
+            summary['num_groups'] = action_result.get_data_size()
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_get_group(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        select_string = param.get('select_string')
+        expand_string = param.get('expand_string')
+        use_advanced_query = param.get('use_advanced_query')
+
+        headers = {}
+        parameters = {}
+
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+        if expand_string:
+            parameters['$expand'] = expand_string
+        if use_advanced_query:
+            headers['ConsistencyLevel'] = 'eventual'
+            parameters['$count'] = 'true'
+
+        object_id = param['object_id']
+
+        endpoint = f'/groups/{object_id}'
+
+        ret_val, response = self._make_rest_call_helper(action_result, endpoint, method='get', headers=headers, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        action_result.add_data(response)
+
+        summary = action_result.update_summary({})
+        summary['status'] = f"Successfully retrieved group {object_id}"
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_group_members(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        object_id = param['group_object_id']
+
+        select_string = param.get('select_string')
+        expand_string = param.get('expand_string')
+        use_advanced_query = param.get('use_advanced_query')
+
+        headers = {}
+        parameters = {}
+
+        if select_string:
+            select_string = [param_value.strip() for param_value in select_string.split(",")]
+            select_string = list(filter(None, select_string))
+            parameters['$select'] = ','.join(param_value for param_value in select_string)
+        if expand_string:
+            parameters['$expand'] = expand_string
+        if use_advanced_query:
+            headers['ConsistencyLevel'] = 'eventual'
+            parameters['$count'] = 'true'
+
+        endpoint = f'/groups/{object_id}/members'
+
+        ret_val = self._handle_pagination(action_result, endpoint, headers=headers, params=parameters)
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        summary = action_result.update_summary({})
+        summary['num_users'] = action_result.get_data_size()
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_list_directory_roles(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        endpoint = '/directoryRoles'
+        ret_val, response = self._make_rest_call_helper(action_result, endpoint, method='get')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        value = response.get('value', [])
+        for item in value:
+            action_result.add_data(item)
+
+        summary = action_result.update_summary({})
+        summary['num_directory_roles'] = len(value)
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS)
+
+    def _handle_validate_group(self, param):
+
+        self.save_progress(f"In action handler for: {self.get_action_identifier()}")
+        action_result = self.add_action_result(ActionResult(dict(param)))
+
+        object_id = param['group_object_id']
+        user_id = param['user_id']
+
+        endpoint = f'/users/{user_id}/memberOf?$filter=id eq \'{object_id}\''
+        ret_val, response = self._make_rest_call_helper(action_result, endpoint, method='get')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        user_id_map = {}
+
+        for user in response.get('value', []):
+            user_id_map[user['id']] = user['displayName']
+
+        self.save_progress(f"Completed action handler for: {self.get_action_identifier()}")
+        return action_result.set_status(phantom.APP_SUCCESS, f"User is member of group: {ret_val}")
+
+    def _get_token(self, action_result):
+        """ This function is used to get a token via REST Call.
+
+        :param action_result: Object of action result
+        :return: status(phantom.APP_SUCCESS/phantom.APP_ERROR)
+        """
+
+        data = {
+            'client_id': self._client_id,
+            'client_secret': self._client_secret,
+        }
+
+        req_url = SERVER_TOKEN_URL.format(self._tenant)
+        headers = {
+            'Content-Type': 'application/x-www-form-urlencoded'
+        }
+
+        if not self._admin_access_required:
+            data['scope'] = MS_AZURE_CODE_GENERATION_SCOPE
+            data['redirect_uri'] = self._state.get('redirect_uri')
+            auth_code = self._state.get('code', None)
+            if self._state.get(MS_AZURE_TOKEN_STRING, {}).get(MS_AZURE_REFRESH_TOKEN_STRING, None):
+                data['refresh_token'] = self._refresh_token
+                data['grant_type'] = 'refresh_token'
+            elif auth_code:
+                data['code'] = auth_code
+                data['grant_type'] = 'authorization_code'
+            else:
+                return action_result.set_status(phantom.APP_ERROR, "Unexpected details retrieved from the state file.")
+        else:
+            data['scope'] = 'https://graph.microsoft.com/.default'
+            data['grant_type'] = 'client_credentials'
+
+        ret_val, resp_json = self._make_rest_call(req_url, action_result, headers=headers, data=data, method='post')
+
+        if phantom.is_fail(ret_val):
+            return action_result.get_status()
+
+        if self._admin_access_required and self._admin_access_granted:
+            self._state['admin_consent'] = True
+
+        self._state[MS_AZURE_TOKEN_STRING] = resp_json
+        self._access_token = resp_json.get(MS_AZURE_ACCESS_TOKEN_STRING, None)
+        self._refresh_token = resp_json.get(MS_AZURE_REFRESH_TOKEN_STRING, None)
+
+        return phantom.APP_SUCCESS
+
+    def _handle_pagination(self, action_result, endpoint, headers=None, params=None):
+        """
+        This action is used to create an iterator that will paginate through responses from called methods.
+
+        :param action_result: Object of ActionResult class
+        :param endpoint: REST endpoint that needs to appended to the service address
+        :param headers: Dictionary of headers for the rest API calls
+        :param params: Dictionary of params for the rest API calls
+        """
+        # maximum page size
+        page_size = MS_AZURE_PAGE_SIZE
+        if isinstance(params, dict):
+            params.update({"$top": page_size})
+        else:
+            params = {"$top": page_size}
+
+        while True:
+
+            # make rest call
+            ret_val, response = self._make_rest_call_helper(action_result, endpoint, headers=headers, params=params, method='get')
+
+            if phantom.is_fail(ret_val):
+                return None
+
+            if "value" in response:
+                for user in response.get('value', []):
+                    action_result.add_data(user)
+                if len(response.get('value')) > 0 and response.get('value')[0] == {}:
+                    action_result.add_data('Empty response')
+            else:
+                action_result.add_data(response)
+
+            if response.get(MS_AZURE_NEXT_LINK_STRING):
+                parsed_url = urlparse.urlparse(response.get(MS_AZURE_NEXT_LINK_STRING))
+                try:
+                    params['$skiptoken'] = urlparse.parse_qs(parsed_url.query).get('$skiptoken')[0]
+                except Exception:
+                    self.debug_print(f"odata.nextLink is {response.get(MS_AZURE_NEXT_LINK_STRING)}")
+                    self.debug_print("Error occurred while extracting skiptoken from the odata.nextLink")
+                    break
+            else:
+                break
+
+        return phantom.APP_SUCCESS
+
+    def handle_action(self, param):
+
+        ret_val = phantom.APP_SUCCESS
+
+        # Get the action that we are supposed to execute for this App Run
+        action_id = self.get_action_identifier()
+
+        self.debug_print("action_id", self.get_action_identifier())
+
+        if action_id == 'test_connectivity':
+            ret_val = self._handle_test_connectivity(param)
+
+        elif action_id == 'list_users':
+            ret_val = self._handle_list_users(param)
+
+        elif action_id == 'reset_password':
+            ret_val = self._handle_reset_password(param)
+
+        elif action_id == 'invalidate_tokens':
+            ret_val = self._handle_invalidate_tokens(param)
+
+        elif action_id == 'enable_user':
+            ret_val = self._handle_enable_user(param)
+
+        elif action_id == 'disable_user':
+            ret_val = self._handle_disable_user(param)
+
+        elif action_id == 'list_user_attributes':
+            ret_val = self._handle_list_user_attributes(param)
+
+        elif action_id == 'set_user_attribute':
+            ret_val = self._handle_set_user_attribute(param)
+
+        elif action_id == 'remove_user':
+            ret_val = self._handle_remove_user(param)
+
+        elif action_id == 'add_user':
+            ret_val = self._handle_add_user(param)
+
+        elif action_id == 'list_groups':
+            ret_val = self._handle_list_groups(param)
+
+        elif action_id == 'get_group':
+            ret_val = self._handle_get_group(param)
+
+        elif action_id == 'list_group_members':
+            ret_val = self._handle_list_group_members(param)
+
+        elif action_id == 'validate_group':
+            ret_val = self._handle_validate_group(param)
+
+        elif action_id == 'list_directory_roles':
+            ret_val = self._handle_list_directory_roles(param)
+
+        elif action_id == 'generate_token':
+            ret_val = self._handle_generate_token(param)
+
+        elif action_id == 'list_user_devices':
+            ret_val = self._handle_list_user_devices(param)
+
+        return ret_val
+
+    def initialize(self):
+        """ This is an optional function that can be implemented by the AppConnector derived class. Since the
+        configuration dictionary is already validated by the time this function is called, it's a good place to do any
+        extra initialization of any internal modules. This function MUST return a value of either phantom.APP_SUCCESS or
+        phantom.APP_ERROR. If this function returns phantom.APP_ERROR, then AppConnector::handle_action will not get
+        called.
+        """
+
+        self._state = self.load_state()
+
+        # get the asset config
+        config = self.get_config()
+        self._asset_id = self.get_asset_id()
+
+        self._tenant = config[MS_AZURE_CONFIG_TENANT]
+        self._client_id = config[MS_AZURE_CONFIG_CLIENT_ID]
+        self._client_secret = config[MS_AZURE_CONFIG_CLIENT_SECRET]
+        self._admin_access_required = config.get(MS_AZURE_CONFIG_ADMIN_ACCESS_REQUIRED, False)
+        self._admin_access_granted = config.get(MS_AZURE_CONFIG_ADMIN_ACCESS_GRANTED, False)
+        self._access_token = self._state.get(MS_AZURE_TOKEN_STRING, {}).get(MS_AZURE_ACCESS_TOKEN_STRING)
+        self._refresh_token = self._state.get(MS_AZURE_TOKEN_STRING, {}).get(MS_AZURE_REFRESH_TOKEN_STRING)
+        self._base_url = MSADGRAPH_API_URLS[config.get(MS_AZURE_URL, "Global")]
+
+        return phantom.APP_SUCCESS
+
+    def finalize(self):
+
+        # Save the state, this data is saved across actions and app upgrades
+        self.save_state(self._state)
+        return phantom.APP_SUCCESS
+
+
+if __name__ == '__main__':
+
+    import argparse
+
+    import pudb
+
+    pudb.set_trace()
+
+    argparser = argparse.ArgumentParser()
+
+    argparser.add_argument('input_test_json', help='Input Test JSON file')
+    argparser.add_argument('-u', '--username', help='username', required=False)
+    argparser.add_argument('-p', '--password', help='password', required=False)
+    argparser.add_argument('-v', '--verify', action='store_true', help='verify', required=False, default=False)
+
+    args = argparser.parse_args()
+    session_id = None
+
+    username = args.username
+    password = args.password
+    verify = args.verify
+
+    if username is not None and password is None:
+
+        # User specified a username but not a password, so ask
+        import getpass
+        password = getpass.getpass("Password: ")
+
+    if username and password:
+        login_url = BaseConnector._get_phantom_base_url() + "login"
+        try:
+            print("Accessing the Login page")
+            r = requests.get(login_url, verify=verify, timeout=60)
+            csrftoken = r.cookies['csrftoken']
+
+            data = dict()
+            data['username'] = username
+            data['password'] = password
+            data['csrfmiddlewaretoken'] = csrftoken
+
+            headers = dict()
+            headers['Cookie'] = 'csrftoken=' + csrftoken
+            headers['Referer'] = login_url
+
+            print("Logging into Platform to get the session id")
+            r2 = requests.post(login_url, verify=verify, data=data, headers=headers, timeout=60)
+            session_id = r2.cookies['sessionid']
+        except Exception as e:
+            print("Unable to get session id from the platform. Error: " + str(e))
+            sys.exit(1)
+
+    with open(args.input_test_json) as f:
+        in_json = f.read()
+        in_json = json.loads(in_json)
+        print(json.dumps(in_json, indent=4))
+
+        connector = MSADGraphConnector()
+        connector.print_progress_message = True
+
+        if session_id is not None:
+            in_json['user_session_token'] = session_id
+            connector._set_csrf_info(csrftoken, headers['Referer'])
+
+        ret_val = connector._handle_action(json.dumps(in_json), None)
+        print(json.dumps(json.loads(ret_val), indent=4))
+
+    sys.exit(0)
diff --git a/deployment-apps/msadgraph/msadgraph_consts.py b/deployment-apps/msadgraph/msadgraph_consts.py
new file mode 100644
index 0000000..156dd1a
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_consts.py
@@ -0,0 +1,94 @@
+# File: msadgraph_consts.py
+#
+# Copyright (c) 2022-2023 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+
+PHANTOM_SYS_INFO_URL = "{base_url}rest/system_info"
+PHANTOM_ASSET_INFO_URL = "{base_url}rest/asset/{asset_id}"
+
+MSADGRAPH_API_URLS = {
+    "Global": "https://graph.microsoft.com/v1.0",
+    "US Gov L4": "https://graph.microsoft.us",
+    "US Gov L5 (DOD)": "https://dod-graph.microsoft.us",
+    "Germany": "https://graph.microsoft.de",
+    "China (21Vianet)": "https://microsoftgraph.chinacloudapi.cn"
+}
+MSADGRAPH_API_REGION = {
+    "Global": "graph.microsoft.com/v1.0",
+    "US Gov L4": "graph.microsoft.us",
+    "US Gov L5 (DOD)": "dod-graph.microsoft.us",
+    "Germany": "graph.microsoft.de",
+    "China (21Vianet)": "microsoftgraph.chinacloudapi.cn"
+}
+MS_AZURE_CONFIG_TENANT = 'tenant_id'
+MS_AZURE_CONFIG_SUBSCRIPTION = 'subscription_id'
+MS_AZURE_CONFIG_CLIENT_ID = 'client_id'
+MS_AZURE_CONFIG_CLIENT_SECRET = 'client_secret'  # pragma: allowlist secret
+MS_AZURE_CONFIG_ADMIN_ACCESS_REQUIRED = 'admin_access_required'
+MS_AZURE_CONFIG_ADMIN_ACCESS_GRANTED = 'admin_access_granted'
+MS_AZURE_URL = "region"
+MS_AZURE_CONFIG_ADMIN_ACCESS = 'admin_access'
+MS_AZURE_TOKEN_STRING = 'token'
+MS_AZURE_ACCESS_TOKEN_STRING = 'access_token'
+MS_AZURE_REFRESH_TOKEN_STRING = 'refresh_token'
+MS_AZURE_PHANTOM_BASE_URL = '{phantom_base_url}rest'
+MS_AZURE_PHANTOM_SYS_INFO_URL = '/system_info'
+MS_AZURE_PHANTOM_ASSET_INFO_URL = '/asset/{asset_id}'
+MS_AZURE_BASE_URL_NOT_FOUND_MESSAGE = 'SOAR Base URL not found in System Settings. ' \
+                                'Please specify this value in System Settings.'
+MS_AZURE_HTML_ERROR = 'Bad Request Bad Request - Invalid URL HTTP Error 400. The request URL is invalid.'
+MS_AZURE_NEXT_LINK_STRING = 'odata.nextLink'
+MS_AZURE_PAGE_SIZE = 999
+MS_AZURE_ERROR_MESSAGE_UNKNOWN = "Unknown error occurred. Please check the asset configuration and|or action parameters."
+
+# status codes
+MS_AZURE_BAD_REQUEST_CODE = 400
+MS_AZURE_NOT_FOUND_CODE = 404
+
+# For authorization code
+SERVER_TOKEN_URL = "https://login.microsoftonline.com/{0}/oauth2/v2.0/token"
+MS_AZURE_ADMIN_CONSENT_URL = "https://login.microsoftonline.com/{tenant_id}/adminconsent"
+MS_AZURE_AUTHORIZE_URL = "https://login.microsoftonline.com/{tenant_id}/oauth2/v2.0/authorize"
+AUTH_FAILURE_MESSAGES = (
+    "token is invalid",
+    "token has expired",
+    "ExpiredAuthenticationToken",
+    "AuthenticationFailed",
+    "TokenExpired",
+    "InvalidAuthenticationToken"
+)
+MS_REST_URL_NOT_AVAILABLE_MESSAGE = 'Rest URL not available. Error: {error}'
+MS_OAUTH_URL_MESSAGE = 'Using OAuth URL:\n'
+MS_AUTHORIZE_USER_MESSAGE = 'Please authorize user in a separate tab using URL:'
+MS_GENERATING_ACCESS_TOKEN_MESSAGE = 'Generating access token'
+MS_TC_STATUS_SLEEP = 3
+MS_AZURE_WAIT_FOR_URL_SLEEP = 5
+MS_AZURE_CODE_GENERATION_SCOPE = 'offline_access Group.ReadWrite.All User.Read.All User.ReadWrite.All Directory.ReadWrite.All \
+Directory.AccessAsUser.All User.ManageIdentities.All GroupMember.ReadWrite.All RoleManagement.ReadWrite.Directory'
+MS_AZURE_AUTHORIZE_TROUBLESHOOT_MESSAGE = 'If authorization URL fails to communicate with your SOAR instance, check whether you have:  '\
+                                ' 1. Specified the Web Redirect URL of your App -- The Redirect URL should be <POST URL>/result . '\
+                                ' 2. Configured the base URL of your SOAR Instance at Administration -> Company Settings -> Info'
+
+MS_AZURE_TEST_CONNECTIVITY_FAILURE_MESSAGE = "Test Connectivity Failed"
+MS_AZURE_TEST_CONNECTIVITY_PASSED = "Test Connectivity Passed"
+MS_AZURE_ENCRYPTION_ERROR = "Error occurred while encrypting the state file"
+MS_AZURE_DECRYPTION_ERROR = "Error occurred while decrypting the state file"
+MS_AZURE_STATE_FILE_CORRUPT_ERROR = "Error occurred while loading the state file due to it's unexpected format. " \
+    "Resetting the state file with the default format. Please test the connectivity."
+MS_AZURE_RESPONSE_ERROR_MESSAGE = "Error from server. Status Code: {status_code}. Data from server: \n{error_text}\n"
+MS_AZURE_PROCESS_RESPONSE_ERROR_MESSAGE = "Can't process response from server. Status Code: {status_code} Data from server: {content}"
+MS_ADMIN_CONSENT_ERROR_MESSAGE = "Admin consent not received"
+MS_AUTHORIZATION_ERROR_MESSAGE = "Authorization code not received or not given"
+MS_STATE_FILE_ERROR_MESSAGE = "Unable to load state file"
+
+DEFAULT_TIMEOUT = 30
diff --git a/deployment-apps/msadgraph/msadgraph_get_group.html b/deployment-apps/msadgraph/msadgraph_get_group.html
new file mode 100644
index 0000000..5f48c5e
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_get_group.html
@@ -0,0 +1,170 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_get_group.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+        <h3 class="wf-h3-style">Group Details</h3>
+        {% for curr_data in result.data %}
+            <table class="wf-table-horizontal">
+                <tr>
+                    <thead>
+                    {% for key, value in curr_data.items %}
+                        <th> {{ key }} </th>
+                    {% endfor %}
+                    </thead>
+                </tr>
+                <tr>
+                    {% for key, value in curr_data.items %}
+                        <td>{{ value }}</td>
+                    {% endfor %}
+                </tr>
+            </table>
+            <br>
+        {% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">Group Details</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">Group Object Id</th>
+                    <th class="widget-th">Description</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['group object id'],
+                                    'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.id }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                                <td class="widget-td" >
+                                    {{ curr_data.description }}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+
+ </script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_list_group_members.html b/deployment-apps/msadgraph/msadgraph_list_group_members.html
new file mode 100644
index 0000000..092ae77
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_list_group_members.html
@@ -0,0 +1,174 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_list_group_members.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+    <h3 class="wf-h3-style">List of Group Members</h3>
+    {% for curr_data in result.data %}
+    <table class="wf-table-horizontal">
+        <tr>
+            <thead>
+            {% for key, value in curr_data.items %}
+                <th> {{ key }} </th>
+            {% endfor %}
+            </thead>
+        </tr>
+        <tr>
+            {% for key, value in curr_data.items %}
+                <td>{{ value }}</td>
+            {% endfor %}
+        </tr>
+    </table>
+    <br>
+    {% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">List of Group Members</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">User Object Id</th>
+                    <th class="widget-th">User Princicple Name</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.id }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.userPrincipalName }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+
+ </script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_list_groups.html b/deployment-apps/msadgraph/msadgraph_list_groups.html
new file mode 100644
index 0000000..ee345ef
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_list_groups.html
@@ -0,0 +1,174 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_list_groups.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+    {% for curr_data in result.data %}
+    {% if curr_data == 'Empty response' %}
+        <h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
+    {% else %}
+    <h3 class="wf-h3-style">Group</h3>
+    <table class="wf-table-horizontal">
+        <tr>
+            <thead>
+            {% for key, value in curr_data.items %}
+                <th> {{ key }} </th>
+            {% endfor %}
+            </thead>
+        </tr>
+        <tr>
+            {% for key, value in curr_data.items %}
+                <td>{{ value }}</td>
+            {% endfor %}
+        </tr>
+        <br>
+    </table>
+    {% endif %}
+    {% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">List of Groups</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Group Object Id</th>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">Description</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['group object id'],
+                                    'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.id }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    {{ curr_data.description }}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+
+</script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_list_user_attributes.html b/deployment-apps/msadgraph/msadgraph_list_user_attributes.html
new file mode 100644
index 0000000..c70548c
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_list_user_attributes.html
@@ -0,0 +1,175 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_list_user_attributes.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+    <h3 class="wf-h3-style">User Attributes</h3>
+    {% for curr_data in result.data %}
+    <table class="wf-table-horizontal">
+        <tr>
+            <thead>
+            {% for key, value in curr_data.items %}
+                <th> {{ key }} </th>
+            {% endfor %}
+            </thead>
+        </tr>
+        <tr>
+            {% for key, value in curr_data.items %}
+                <td>{{ value }}</td>
+            {% endfor %}
+        </tr>
+    </table>
+    <br>
+{% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">User Attributes</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">User Object Id</th>
+                    <th class="widget-th">User Princicple Name</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.id }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.userPrincipalName }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+
+    </script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_list_user_devices.html b/deployment-apps/msadgraph/msadgraph_list_user_devices.html
new file mode 100644
index 0000000..1f92afb
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_list_user_devices.html
@@ -0,0 +1,163 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_list_user_devices.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+        {% for curr_data in result.data %}
+        {% if curr_data == 'Empty response' %}
+            <h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
+        {% else %}
+        <h3 class="wf-h3-style">Device</h3>
+        <table class="wf-table-horizontal">
+                <tr>
+                    <thead>
+                    {% for key, value in curr_data.items %}
+                        <th> {{ key }} </th>
+                    {% endfor %}
+                    </thead>
+                </tr>
+                <tr>
+                    {% for key, value in curr_data.items %}
+                        <td>{{ value }}</td>
+                    {% endfor %}
+                </tr>
+                <br>
+        </table>
+        {% endif %}
+        {% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">List of User Devices</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">Device ID</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    {{ curr_data.deviceId }}
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+</script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_list_users.html b/deployment-apps/msadgraph/msadgraph_list_users.html
new file mode 100644
index 0000000..a468d03
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_list_users.html
@@ -0,0 +1,177 @@
+{% extends 'widgets/widget_template.html' %}
+{% load custom_template %}
+
+{% block custom_title_prop %}{% if title_logo %}style="background-size: auto 60%; background-position: 50%;
+background-repeat: no-repeat; background-image: url('/app_resource/{{ title_logo }}');"{% endif %}{% endblock %}
+{% block title1 %}{{ title1 }}{% endblock %}
+{% block title2 %}{{ title2 }}{% endblock %}
+{% block custom_tools %}
+{% endblock %}
+
+{% block widget_content %}
+<!-- Main Start Block -->
+
+<!-- File: msadgraph_list_users.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<style>
+    .msadgraph-app a:hover {
+        text-decoration: underline;
+    }
+
+    .msadgraph-app .wf-table-vertical {
+        width: initial;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-vertical td {
+        padding: 5px;
+        border: 1px solid;
+    }
+
+    .msadgraph-app .wf-table-horizontal {
+        margin-right: 10px;
+        width: initial;
+        border: 1px solid;
+        font-size: 12px;
+    }
+
+    .msadgraph-app .wf-table-horizontal th {
+        text-align: center;
+        border: 1px solid;
+        text-transform: uppercase;
+        font-weight: normal;
+        padding: 5px;
+    }
+
+    .msadgraph-app .wf-table-horizontal td {
+        border: 1px solid;
+        padding: 5px;
+        padding-left: 4px;
+    }
+
+    .msadgraph-app .wf-h3-style {
+        font-size: 20px
+    }
+
+    .msadgraph-app .wf-h4-style {
+        font-size: 16px
+    }
+
+    .msadgraph-app .wf-h5-style {
+        font-size: 14px
+    }
+
+    .msadgraph-app .wf-subheader-style {
+        font-size: 12px
+    }
+</style>
+<div class="msadgraph-app" style="overflow: auto; width: 100%; height: 100%; padding-left:10px; padding-right:10px">
+    <!-- Main Div -->
+    {% for result in results %}
+    <!-- loop for each result -->
+    <!------------------- For each Result ---------------------->
+    {% if not result.data %}
+        <h4 class="wf-h4-style">No data found</h4>
+    {% else %}
+    {% if result.param.select_string %}
+        {% for curr_data in result.data %}
+        {% if curr_data == 'Empty response' %}
+            <h3 class="wf-h3-style">Empty response. Please add valid property name</h3>
+        {% else %}
+        <h3 class="wf-h3-style">User</h3>
+        <table class="wf-table-horizontal">
+                <tr>
+                    <thead>
+                    {% for key, value in curr_data.items %}
+                        <th> {{ key }} </th>
+                    {% endfor %}
+                    </thead>
+                </tr>
+                <tr>
+                    {% for key, value in curr_data.items %}
+                        <td>{{ value }}</td>
+                    {% endfor %}
+                </tr>
+                <br>
+        </table>
+        {% endif %}
+        {% endfor %}
+    <br>
+    <!------------------- For each Result END ---------------------->
+    {% else %}
+        <h3 class="wf-h3-style">List of Users</h3>
+            <table class="phantom-table dataTable">
+                <thead>
+                    <th class="widget-th">Display Name</th>
+                    <th class="widget-th">User Object Id</th>
+                    <th class="widget-th">User Princicple Name</th>
+                </thead>
+                <tbody>
+                        {% for curr_data in result.data %}
+                            <tr>
+                                <td class="widget-td" >
+                                    {{ curr_data.displayName  }}
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.id }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.id }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                                <td class="widget-td" >
+                                    <a href="javascript:;" onclick="context_menu(this, [{'contains': ['user id'],
+                                    'value':'{{ curr_data.userPrincipalName }}' }], 0, {{ container.id }}, null, false);">
+                                        {{ curr_data.userPrincipalName }}
+                                        &nbsp;
+                                        <span class="fa fa-caret-down" style="font-size: smaller;"></span>
+                                    </a>
+                                </td>
+                            </tr>
+                        {% endfor %}
+                </tbody>
+            </table>
+        <br>
+    {% endif %}
+    {% endif %}
+    <br>
+    {% endfor %}
+    <!-- loop for each result end -->
+</div> <!-- Main Div -->
+
+<script>
+    $.extend(true, $.fn.dataTable.defaults, {
+        "searching": true,
+        "bLengthChange": false,
+        "language": {
+          "paginate": {
+            "previous": "<i class='fa fa-angle-left fa-lg'></i>",
+            "next": "<i class='fa fa-angle-right fa-lg'></i>"
+          },
+          "emptyTable": "No data available"
+        },
+        "dom": '<"top">rt<"bottom"p><"clear">',
+        drawCallback: function(settings) {
+          var pagination = $(this).closest('.dataTables_wrapper').find('.dataTables_paginate');
+          pagination.toggle(this.api().page.info().pages > 1);
+        }
+      });
+      $('.dataTable').DataTable();
+</script>
+
+{% endblock %}
+<!-- Main Start Block -->
diff --git a/deployment-apps/msadgraph/msadgraph_view.py b/deployment-apps/msadgraph/msadgraph_view.py
new file mode 100644
index 0000000..83f9f9d
--- /dev/null
+++ b/deployment-apps/msadgraph/msadgraph_view.py
@@ -0,0 +1,58 @@
+# File: msadgraph_view.py
+#
+# Copyright (c) 2022-2023 Splunk Inc.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#     http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software distributed under
+# the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+# either express or implied. See the License for the specific language governing permissions
+# and limitations under the License.
+def get_ctx_result(provides, result):
+
+    ctx_result = {}
+    param = result.get_param()
+    summary = result.get_summary()
+    data = result.get_data()
+
+    ctx_result['param'] = param
+    ctx_result['action'] = provides
+
+    if data:
+        ctx_result['data'] = data
+
+    if summary:
+        ctx_result['summary'] = summary
+
+    return ctx_result
+
+
+def display_view(provides, all_app_runs, context):
+
+    context['results'] = results = []
+    for summary, action_results in all_app_runs:
+        for result in action_results:
+
+            ctx_result = get_ctx_result(provides, result)
+            if (not ctx_result):
+                continue
+            results.append(ctx_result)
+
+    if provides == "list users":
+        return_page = "msadgraph_list_users.html"
+    if provides == "list user attributes":
+        return_page = "msadgraph_list_user_attributes.html"
+    if provides == "list groups":
+        return_page = "msadgraph_list_groups.html"
+    if provides == "get group":
+        return_page = "msadgraph_get_group.html"
+    if provides == "list group members":
+        return_page = "msadgraph_list_group_members.html"
+    if provides == "list user devices":
+        return_page = "msadgraph_list_user_devices.html"
+
+    return return_page
diff --git a/deployment-apps/msadgraph/readme.html b/deployment-apps/msadgraph/readme.html
new file mode 100644
index 0000000..37ab7fb
--- /dev/null
+++ b/deployment-apps/msadgraph/readme.html
@@ -0,0 +1,123 @@
+<!-- File: readme.html
+  Copyright (c) 2022-2023 Splunk Inc.
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+    http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software distributed under
+the License is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
+either express or implied. See the License for the specific language governing permissions
+and limitations under the License.
+-->
+
+<html>
+  <head></head>
+  <body>
+    <h2>Authentication</h2>
+      <h3>Microsoft Azure Application creation</h3>
+      <p>This app requires creating a Microsoft Azure Application. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then select <b>Azure Active Directory</b>.</p>
+      <ol>
+        <li>Go to <b>App Registrations</b> and click on <b>+ New registration</b>.</li>
+        <li>Give the app an appropriate name.</li>
+        <li>Select a supported account type (configure the application to be multitenant).</li>
+        <li>Click on the <b>Register</b>.</li>
+        <ul>
+          <li>Under <b>Certificates & secrets</b>, add <b>New client secret</b>. Note this key somewhere secure, as it cannot be retrieved after closing the window.</li>
+          <li>Under <b>Redirect URIs</b> we will be updating the entry of https://phantom.local to reflect the actual redirect URI.  We will get this from the SOAR asset we create below in the section titled "Configure the MS Graph for Active Directory SOAR app Asset"
+        </ul>
+      </ol>
+
+      <h3>Delegated Permissions configuration</h3>
+      <p>Use this procedure to provide non-admin permissions to the app. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then navigate to the previously created app configuration.</p>
+      <ol>
+        <li>Under <b>API Permissions</b>, click on <b>Add a permission</b>.</li>
+        <li>Go to <b>Microsoft Graph Permissions</b>, the following <b>Delegated Permissions</b> need to be added:
+          <ul>
+              <li>User.ReadWrite.All</li>
+              <li>Directory.ReadWrite.All</li>
+              <li>Directory.AccessAsUser.All</li>
+              <li>User.ManageIdentities.All</li>
+              <li>Group.ReadWrite.All</li>
+              <li>GroupMember.ReadWrite.All</li>
+              <li>RoleManagement.ReadWrite.Directory</li>
+              <li>offline_access</li>
+          </ul>
+        </li>
+        <li> Click on the <b>Add permissions</b>.</li>
+        <li>After making these changes, click on <b>Grant admin consent</b>.</li>
+      </ol>
+
+      <h3>Application Permissions configuration</h3>
+      <p>Use this procedure to provide admin permissions to the app. To do so, navigate to <a href="https://portal.azure.com" target="_blank">https://portal.azure.com</a> in a browser and log in with a Microsoft account, then navigate to the previously created app configuration.</p>
+      <ol>
+        <li>Under <b>API Permissions</b>, click on <b>Add a permission</b>.</li>
+        <li>Go to <b>Microsoft Graph Permissions</b>, the following <b>Application Permissions</b> need to be added:
+          <ul>
+              <li>User.ReadWrite.All</li>
+              <li>Directory.ReadWrite.All</li>
+              <li>User.ManageIdentities.All</li>
+              <li>Group.ReadWrite.All</li>
+              <li>GroupMember.ReadWrite.All</li>
+              <li>RoleManagement.ReadWrite.Directory</li>
+          </ul>
+        </li>
+        <li> Click on the <b>Add permissions</b>.</li>
+        <li>After making these changes, click on <b>Grant admin consent</b>.</li>
+      </ol>
+    <h4>Note: <b>reset password</b> action is not supported with Application permissions </h4>
+
+    <h2>Configure the MS Graph for Active Directory SOAR app Asset</h2>
+      <p>When creating an asset for the <b>MS Graph for Active Directory</b> app, place the <b>Application ID</b> of the app created during the previous step in the <b>Client ID</b> field and place the password generated during the app creation process in the <b>Client Secret</b> field. Then, after filling out the <b>Tenant</b> field, click <b>SAVE</b>.</p>
+      <p>After saving, a new field will appear in the <b>Asset Settings</b> tab. Take the URL found in the <b>POST incoming for MS Graph to this location</b> field and place it in the <b>Redirect URIs</b> field of the Azure Application configuration page. To this URL, add <b>/result</b>. After doing so the URL should look something like:</p>
+      <p>https://&lt;phantom_host&gt;/rest/handler/msgraphforactivedirectory_f2a239df-acb2-47d6-861c-726a435cfe76/&lt;asset_name&gt;/result</p>
+      <br>
+      Once again, click on Save.
+
+    <h2>Enable Application Permissions</h2>
+      <p>If you have received admin consent to use application permissions, make sure to check the <b>Admin Access Required</b> and <b>Admin Consent Already Provided</b> checkboxes on the asset.</p>
+
+    <h2>User Permissions</h2>
+    To complete the authorization process, this app needs permission to view assets, which is not granted by default. First, under <b>asset settings</b>, check which user is listed under <b>Select a user on behalf of which automated actions can be executed</b>. By default, the user will be <b>automation</b>, but this user can be changed by clicking <b>EDIT</b> at the bottom of the window. To give this user permission to view assets, follow these steps:
+    <ul>
+        <li>In the main drop-down menu, select <b>Administration</b>, then select the <b>User Management</b>, and under that tab, select <b>Roles</b>. Finally, click <b>+ ROLE</b>.</li>
+        <li>In the <b>Add Role</b> wizard, give the role a name (e.g <b>Asset Viewer</b>), and provide a description. Subsequently, under <b>Available Users</b>, add the user assigned to the asset viewed earlier. Then click the <b>Permissions</b> tab.</li>
+        <li>On the permission tab, under <b>Available Privileges</b>, give the role the <b>View Assets</b> privilege. Then click <b>SAVE</b>.</li>
+    </ul>
+    <h2>Method to Run Test Connectivity (for delegated permissions)</h2>
+      <p>After setting up the asset and user, click the <b>TEST CONNECTIVITY</b> button. A window should pop up and display a URL. Navigate to this URL in a separate browser tab. This new tab will redirect to a Microsoft login page. Log in to a Microsoft account with administrator privileges to the Microsoft AD environment. After logging in, review the requested permissions listed, then click <b>Accept</b>. Finally, close that tab. The test connectivity window should show success.</p>
+      <p>The app should now be ready to use.</p>
+
+    <h2>State File Permissions</h2>
+      Please check the permissions for the state file as mentioned below.
+      <h4>State Filepath</h4>
+      <ul>
+        <li>For Root Install Instance: /opt/phantom/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}_state.json</li>
+        <li>For Non-Root Install Instance: /&lt;PHANTOM_HOME_DIRECTORY&gt;/local_data/app_states/f2a239df-acb2-47d6-861c-726a435cfe76/{asset_id}_state.json</li>
+      </ul>
+      <h4>State File Permissions</h4>
+      <ul>
+        <li>File Rights: rw-rw-r-- (664) (The SOAR user should have read and write access for the state file)</li>
+        <li>File Owner: appropriate SOAR user</li>
+      </ul>
+      <h2>Port Details</h2>
+      <p>
+        The app uses HTTP/ HTTPS protocol for communicating with the Microsoft Graph server. Below are the default ports used by the Splunk SOAR Connector.
+        <table>
+            <tr>
+                <th>Service Name</th>
+                <th>Transport Protocol</th>
+                <th>Port</th>
+            </tr>
+            <tr>
+                <td>https</td>
+                <td>tcp</td>
+                <td>443</td>
+            </tr>
+        </table>
+      </p>
+
+  </body>
+</html>
diff --git a/deployment-apps/msadgraph/release_notes/1.0.5.md b/deployment-apps/msadgraph/release_notes/1.0.5.md
new file mode 100644
index 0000000..f07690d
--- /dev/null
+++ b/deployment-apps/msadgraph/release_notes/1.0.5.md
@@ -0,0 +1,2 @@
+* Initial release with Python3 support
+* Note - This app is a replacement for the Azure AD app with Microsoft Graph API as Azure AD API is going to deprecate in near future
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/release_notes/1.1.0.md b/deployment-apps/msadgraph/release_notes/1.1.0.md
new file mode 100644
index 0000000..aa6dedd
--- /dev/null
+++ b/deployment-apps/msadgraph/release_notes/1.1.0.md
@@ -0,0 +1 @@
+* Added 'list user devices' action
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/release_notes/1.2.0.md b/deployment-apps/msadgraph/release_notes/1.2.0.md
new file mode 100644
index 0000000..0a6c863
--- /dev/null
+++ b/deployment-apps/msadgraph/release_notes/1.2.0.md
@@ -0,0 +1,8 @@
+* Added option to use admin granted permissions
+* Updated the 'test connectivity' action to allow non-interactive tests when admin consent is already provided
+* Added 'expand string' and 'use advanced query' parameters in below five actions 
+  * list users
+  * list groups 
+  * list user attributes 
+  * get group
+  * list group members
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/release_notes/1.3.0.md b/deployment-apps/msadgraph/release_notes/1.3.0.md
new file mode 100644
index 0000000..6a23a79
--- /dev/null
+++ b/deployment-apps/msadgraph/release_notes/1.3.0.md
@@ -0,0 +1,2 @@
+* Fixed the state file reseting logic [PAPP-30760]
+* Removed django and requests dependencies in order to use platform packages [PAPP-31087, PAPP-31082, PAPP-31096, PAPP-30822]
\ No newline at end of file
diff --git a/deployment-apps/msadgraph/release_notes/unreleased.md b/deployment-apps/msadgraph/release_notes/unreleased.md
new file mode 100644
index 0000000..fbcb2fd
--- /dev/null
+++ b/deployment-apps/msadgraph/release_notes/unreleased.md
@@ -0,0 +1 @@
+**Unreleased**
diff --git a/deployment-apps/msadgraph/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl b/deployment-apps/msadgraph/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl
new file mode 100644
index 0000000..080b2f8
Binary files /dev/null and b/deployment-apps/msadgraph/wheels/py3/beautifulsoup4-4.9.1-py3-none-any.whl differ
diff --git a/deployment-apps/msadgraph/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl b/deployment-apps/msadgraph/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl
new file mode 100644
index 0000000..b363a9b
Binary files /dev/null and b/deployment-apps/msadgraph/wheels/py3/soupsieve-2.3.2.post1-py3-none-any.whl differ
diff --git a/deployment-apps/msadgraph/wheels/py3/soupsieve-2.4.1-py3-none-any.whl b/deployment-apps/msadgraph/wheels/py3/soupsieve-2.4.1-py3-none-any.whl
new file mode 100644
index 0000000..26a486c
Binary files /dev/null and b/deployment-apps/msadgraph/wheels/py3/soupsieve-2.4.1-py3-none-any.whl differ