Setting a user's password through the Microsoft Graph API only allows letters from the American alphabet. Many countries have more letters in their alphabets, e.g. the letters Æ, Ø and Å in Denmark and Norway, Ö in Germany and more. These are not allowed when setting a user's password through the Microsoft Graph API.

Passwords with international letters are possible using e.g. DirSync, but not "cloud native", i.e. through the Microsoft Graph API.

At the moment, a PATCH request on a user object in this form

{

"passwordProfile": 

{ 

    "forceChangePasswordNextSignIn": true,

    "password" : "aNewPa55w0rd"


}

}

...works. The next time the user logs in, they use the new password and are forced to change it. However, I would like to send

{

"passwordProfile": 

{ 

    "forceChangePasswordNextSignIn": true

}

}

which would force a user to change their password, but not have to send them a temporary one. It would be the same as issuing this powershell command:

Set-MsolUserPassword -UserPrincipalName some.user@somedomain.onmicrosoft.com -ForceChangePassword:$true -ForceChangePasswordOnly:$true

In US DoD environments, user certificates are needed to encrypt data for a set of users. This data is available from EWS and is stored in the userCertificate or userSMIMECertificate property in AD.

Please expose these missing attributes via Graph API:
- homePhone
- otherHomePhone
- otherTelephone
- facsimileTelephoneNumber
- postOfficeBox

It would be very useful if you could add the user TimeZone as claim when logging into Azure AD.

https://docs.microsoft.com/en-us/azure/active-directory/develop/active-directory-optional-claims

You currently offer a way to disable graph at the tenant level. I am looking for a way to enable/disable on a individual basis. I also need a way to trigger a full reevaluation of the delve type aspects in graph.

Hello,
Please allow/integrate to query modified date for directory roles,
This will allow easy to monitor if someone added to role.

Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)

It would be great to know what process deleted an item in the Delta Query. This way we can tell the difference between a Compliance/Retention delete and a user deletion action. That way third party apps can take action on items deleted by policy.

This affects all resources that support extensions but let’s take the User resource as an example:

Extending the User resource currently requires an entire User Profile read/write consent (User.ReadWrite).
We only want to read and write additional data that we provide to the User resource and not modify the entire resource. Users might be hesitant about consenting to Apps that could potentially corrupt their entire user profile.

Microsoft Graph cant return the wWWHomePage property that people know from regular AD. We need to access this field in a business case and cant do so, because of the current limitations.

Please add support for wWWHomePage on the User object!

Per the documentation at https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/user_update I should be able to update the birthday and hireDate values however my client app (uses app token instead of user token) receives a 500 Internal Server Error when sending a PATCH request

Data that can be fetched using Get-MsolSubscription is not exposed via Graph API: CreatedDate, IsTrial, RenewalDate. Also, when fetching users, there are fewer user fields available with GraphApi than with Get-MsolUser: WhenCreated, LicenseReconciliationNeeded, IsLicensed, Blocked... It would be nice to expose this data related to license usage.

For a hybrid exchange deployment, some users could be assigned the license for exchange, but the according mailbox may still be in onpremise environment.
And we trying to call "https://graph.microsoft.com/v1.0/users/?$select=assignedLicenses,mail,id,displayName,userPrincipalName" to get some details of the users in the specific tenant, however, there is no way to tell whether the user's mailbox is in cloud or on-premise.
So, is there some office365 graph API that being able to know whether the user's mailbox is in cloud or on-premise?

JSON output from Graph beta API should provide string for lastActivatedDate. However null value is retrieved if user has not activated respected product license.
This inconsistency causes data processing failures in Microsoft Flow. The 'Parse JSON' action fails with "Invalid type. Expected String but got Null." for lastActivatedDate property, as JSON schema defines string type for this property.

The Get-AzureAdUser cmdlet does not support any pagination. The only option is -Top nnn. It appears that the underlying REST API does support pagination, so this should be a matter of exposing that support in the cmdlet.

The problem is with large Active Directory instances which currently require -All $true - which consumes a lot of memory (and therefore doesn't work in an Azure Runbook due to the 400MB limit).

I want to show my customers a list of users ordered by their name and all disabled users or guest users in AD should be filtered out.

You can't do this kind of requests with the users endpoint which is quite bad if you want to create an app for a global company.

So please enable the combination to filter and order users so that we can create great apps using the graph api.

Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.

$filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))

See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a