Microsoft Graph Feature Requests
Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.
If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.
This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.
For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .
-
Support assistant attribute via Graph API
Please expose the assistance attribute via Graph API. Because on Active Directory this is a reference attribute, probably we need something similar to the manager attribute.
1 vote -
Allow MS Graph proxyAddress filters to specify endsWith() and contains()
Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.
$filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))
See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a
40 votesThis work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY
-
Provide API access to AAD user MFA Properties
Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)
15 votesComing soon! Keep an eye on the changelog (docs.microsoft.com/en-us/graph/changelog) -EY
-
7 votes
-
Expose additional O365 subscription and user data
Data that can be fetched using Get-MsolSubscription is not exposed via Graph API: CreatedDate, IsTrial, RenewalDate. Also, when fetching users, there are fewer user fields available with GraphApi than with Get-MsolUser: WhenCreated, LicenseReconciliationNeeded, IsLicensed, Blocked... It would be nice to expose this data related to license usage.
3 votes -
Get office365 user last sign_in time
How can I get office365 user last login details in realtime?
3 votes -
expand directoryObjects of a user with a select statement
In the USER entity, SELECT works and EXPAND works, but not together for listing directory Objects like registeredDevices, Instead we have to choose to either make batch calls of the select first, and then per user make the expand call -or do just the EXPAND and get all of it. Could we expand the ability to make a SELECT and EXPAND in the call? This would be the ideal call in BETA to get users enabled and their devices.
https://graph.microsoft.com/beta/users?filter=accountEnabled eq true&select=id,accountEnabled,userPrincipalName,registeredDevices&expand=registeredDevices3 votes -
The ability to filter Guest users on userType using AAD Graph API
I'm using the following endpoint to query only GUEST users in my tenant
https://graph.windows.net/<tenantId>/groups/<groupId>/members?api-version=1.5&$filter=userType%20eq%20'Guest'
This is returning the following error
Status code 400
Response body {"error":{"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"The specified filter to the reference property query is currently not supported."}}}
It would be nice to have an option to query external users in a particular group.
3 votes -
GetUserPhotoMetadata should include the last date/time it was updated
Centralizing users photos in to office 365 seems like a great idea however for systems that need to sync this photo having a way to determine the last time a photo was edited would be great so we can run logic apps to pull in updated photos without having to compare binary or even talk to our other systems first.
2 votes -
Graph API extensions to place users on hold
It would be really helpful if the Graph API could put mailboxes and onedrive sites on litigation hold. This would also make the process a bit more secure so we could utilize an application to implement the process instead of relying on user credentials. In our organization we are driving towards just in time access. Without Azure P2 licensing this is just another blocker in fully implementing just in time access due to the current requirements of using the Security and Compliance Powershell module.
10 votes -
Add support for negation operators in Microsoft Graph for Azure AD resources
It would be useful to be able to support negation operators such as "not" and "ne" when querying the Microsoft Graph.
Sometimes you want all items, except some data. Fetching all data first and using post filtering is not very efficient.
To filter on displayName and id is priority, and userPrincipalName a secondary want.
6 votes -
Allow filtering users by officeLocation
While filtering works for some attributes like department it doesn't work for officeLocation, which sadly I need for my use case.
GET https://graph.microsoft.com/beta/users?$filter=officeLocation eq 'Gaithersburg, MD'
Returns:
{"error": {
"code": "Request_UnsupportedQuery",
"message": "Unsupported or invalid query filter clause specified for property 'officeLocation' of resource 'User'.",
"innerError": {
"request-id": "641beedd-4df5-4b97-b6b5-4f574c382d08",
"date": "2017-07-26T18:32:39"
}
}}
19 votesWe are investigating the technical requirements here to see whether we can move this to the backlog. -EY
-
Include users' last logon time
Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
Can we please please add this attribute to the user object?460 votesJust to update. We ran into a few problems here, and this has been delayed. Revised timeline is Q1 2020 (hopefully nearer the beginning of the quarter). Sorry for the delay.
-
Possibility to enable/disable multi-factor authentication for a user via the Graph API
We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.
69 votesWe’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.
Michael
-
Make it possible to update LastPasswordChangeTimestamp via Graph API
As mentioned in this article: https://support.microsoft.com/en-ph/help/4025960/federated-users-in-azure-ad-are-forced-to-sign-in-frequently , some federated users are required frequent login.
Although the article present resolutions that LastPasswordChangeTimestamp can be updated via PowerShell, it actually cannot. It should be fixed and, more generally, the value should be updated via Graph API.
9 votes -
Get full user object from microsoft graph
There should be a possibility to get the entire user object from Microsoft Graph. Now we can get users basic info via the /users/id, and get additional fields via the /users/id$select=prop1,prop2...propn
Implementing a /simpleusers/id returning simple properties and a /fulluser/id wich returns all properties for users.Syncinc my ad to the cloud and fetching the entire userobject via a /fulluser/ (including custom properties) would make the transition to the cloud easier.
2 votes -
mobile filter
add support filtering on mobilePhone
3 votes -
Add support for filtering users on assignedLicenses
Getting a list of all users with a specific license without having to iterate through all users would make license management and reporting a whole lot easier.
Example:
https://graph.microsoft.com/beta/users?$filter=AssignedLicenses/any(a:a/SkuId eq f8a1db68-be16-40ed-86d5-cb42ce701560)6 votesThis work is in progress and should be available in preview and GA by Q1 2020.
-
LitigationHoldEnabled
My client have a requirement to Litigation hold O365 account, Could you please tell us is there any way to achieve this hold functionality using Microsoft Graph API? I explored on google to implement this using Microsoft Graph API, but i did not find any thing.
Please suggest is there any alternate way for this?
Thanks
Vijay D3 votes -
Ability to update the user's email aliases (proxyAddresses attribute).
https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#user-entity shows that we can GET, POST and PATCH the "otherMails" attribute of a user object. otherMails is described as "A list of additional email addresses for the user", which makes it sound like the user's email aliases. However, if you set this attribute, then look at the user in the Office365 Admin Center or Powershell, you see it's actually the "Alternate Email Address" attribute: i.e. the contact address required for admin accounts. In the Graph API the attribute that lists the email aliases is "proxyAddresses" and this is read-only (i.e. only supports GET). It's been explained to me by…
46 votesWork has started on this, but it’s much more complex than it first appears. It’s unlikely to be available before Q2 2020.
- Don't see your idea?