I was going through https://learn.microsoft.com/en-us/graph/delta-query-users?tabs=http
What does this mean:
When the user is deleted, the item contains an annotation: @removed with value of "reason": "changed".
When the user is permanently deleted, the item contains an annotation: @removed with value of "reason": "deleted".
How do these two differ? Both means user will be removed from the tenant?
Let's say User 1 & User 2 are a part of Group 1
https://graph.microsoft.com/v1.0/users/delta returns:
HTTP/1.1 200 OK
Content-type: application/json
{
"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#users(displayName,givenName,surname)",
"@odata.nextLink":"https://graph.microsoft.com/v1.0/users/delta?$skiptoken=oEBwdSP6uehIAxQOWq_3Ksh_TLol6KIm3stvdc6hGhZRi1hQ7Spe__dpvm3U4zReE4CYXC2zOtaKdi7KHlUtC2CbRiBIUwOxPKLa",
"value": [
{
"id": "<User 1>",
"@removed": {
"reason": "deleted"
}
},
{
"id": "<User 2>",
"@removed": {
"reason": "changed"
}
}
]
}
Does that mean user 1 & user 2 are deleted from tenant + deleted from Group 1?
There are two types of deletion in Azure (Entra, Graph):
When a user is soft deleted, it's moved to a temporary container and can be restored within 30 days. In that case delta for users returns @removed with reason changed.
Deleted users can be retrieved through GET /directory/deletedItems/microsoft.graph.user endpoint.
After 30 days, user is permanently deleted. User can be permanently deleted sooner when permanent delete is performed manually either by admin or by calling permanent delete. In that case delta for users returns @removed with reason deleted.