Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. The ability to filter Guest users on userType using AAD Graph API

    I'm using the following endpoint to query only GUEST users in my tenant

    https://graph.windows.net/<tenantId>/groups/<groupId>/members?api-version=1.5&$filter=userType%20eq%20'Guest'

    This is returning the following error

    Status code 400

    Response body {"error":{"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"The specified filter to the reference property query is currently not supported."}}}

    It would be nice to have an option to query external users in a particular group.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    Hi,
    this is currently in Beta for Microsoft Graph API:
    ../groups/{group-id}/members/?$filter=userType eq ‘guest’&$count=true

    You can even check nested group members with:
    ../groups/{group-id}/transitiveMembers/?$filter=userType eq ‘guest’&$count=true

    To achieve this:
    - use the MSGraph beta endpoint
    - set request header ConsistencyLevel:eventual
    - add $count=true to the queryString

    try it here: https://developer.microsoft.com/en-us/graph/graph-explorer/

    PS: Please use MSGraph going forward because AAD Graph (graph.windows.net) will be deprecated, see: https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363

  2. How can a guest user fetch data from microsoft graph api?

    How can a guest user fetch data from microsoft graph api? How will the user call https://graph.microsoft.com/beta/me/joinedTeams for guest user tenent?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  3. Graph API extensions to place users on hold

    It would be really helpful if the Graph API could put mailboxes and onedrive sites on litigation hold. This would also make the process a bit more secure so we could utilize an application to implement the process instead of relying on user credentials. In our organization we are driving towards just in time access. Without Azure P2 licensing this is just another blocker in fully implementing just in time access due to the current requirements of using the Security and Compliance Powershell module.

    15 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  4. Get office365 user last sign_in time

    How can I get office365 user last login details in realtime?

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  5. expand directoryObjects of a user with a select statement

    In the USER entity, SELECT works and EXPAND works, but not together for listing directory Objects like registeredDevices, Instead we have to choose to either make batch calls of the select first, and then per user make the expand call -or do just the EXPAND and get all of it. Could we expand the ability to make a SELECT and EXPAND in the call? This would be the ideal call in BETA to get users enabled and their devices.

    https://graph.microsoft.com/beta/users?filter=accountEnabled eq true&select=id,accountEnabled,userPrincipalName,registeredDevices&expand=registeredDevices

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  6. Add support for negation operators in Microsoft Graph for Azure AD resources

    It would be useful to be able to support negation operators such as "not" and "ne" when querying the Microsoft Graph.

    Sometimes you want all items, except some data. Fetching all data first and using post filtering is not very efficient.

    To filter on displayName and id is priority, and userPrincipalName a secondary want.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  7. GetUserPhotoMetadata should include the last date/time it was updated

    Centralizing users photos in to office 365 seems like a great idea however for systems that need to sync this photo having a way to determine the last time a photo was edited would be great so we can run logic apps to pull in updated photos without having to compare binary or even talk to our other systems first.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  8. Possibility to enable/disable multi-factor authentication for a user via the Graph API

    We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

    85 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

    Michael

  9. Include users' last logon time

    Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!

    Can we please please add this attribute to the user object?

    479 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    45 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This capability is now in /beta. It was actually documented earlier, but the service wasn’t quite functional. It is now.
    Here’s an example of getting users and their last signin activity: https://docs.microsoft.com/graph/api/user-list?view=graph-rest-beta&tabs=http#example-5-list-the-last-sign-in-time-of-users-in-a-specific-time-range

    Although not documented you can also filter on a date range to get the set of users that have not signed in since a certain date, or the users that signed in in the last 3 weeks etc.

    Try GET https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime ge 2020-03-20T00:00:00Z&$select=signInActivity,id,userPrincipalName

  10. 6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  11. Make it possible to update LastPasswordChangeTimestamp via Graph API

    As mentioned in this article: https://support.microsoft.com/en-ph/help/4025960/federated-users-in-azure-ad-are-forced-to-sign-in-frequently , some federated users are required frequent login.

    Although the article present resolutions that LastPasswordChangeTimestamp can be updated via PowerShell, it actually cannot. It should be fixed and, more generally, the value should be updated via Graph API.

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  12. Ability to update the user's email aliases (proxyAddresses attribute).

    https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#user-entity shows that we can GET, POST and PATCH the "otherMails" attribute of a user object. otherMails is described as "A list of additional email addresses for the user", which makes it sound like the user's email aliases. However, if you set this attribute, then look at the user in the Office365 Admin Center or Powershell, you see it's actually the "Alternate Email Address" attribute: i.e. the contact address required for admin accounts. In the Graph API the attribute that lists the email aliases is "proxyAddresses" and this is read-only (i.e. only supports GET). It's been explained to me by…

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  13. Get full user object from microsoft graph

    There should be a possibility to get the entire user object from Microsoft Graph. Now we can get users basic info via the /users/id, and get additional fields via the /users/id$select=prop1,prop2...propn
    Implementing a /simpleusers/id returning simple properties and a /fulluser/id wich returns all properties for users.

    Syncinc my ad to the cloud and fetching the entire userobject via a /fulluser/ (including custom properties) would make the transition to the cloud easier.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  14. LitigationHoldEnabled

    My client have a requirement to Litigation hold O365 account, Could you please tell us is there any way to achieve this hold functionality using Microsoft Graph API? I explored on google to implement this using Microsoft Graph API, but i did not find any thing.

    Please suggest is there any alternate way for this?

    Thanks
    Vijay D

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  15. Change Graph API /me/photo/$value content-type

    Currently if you send a GET request to https://graph.microsoft.com/v1.0/me/photo/$value
    you'll get back the binary data of the image in the body (normally a jpeg), but the response header contains an entry

    content-type: text/plain

    instead of

    content-type: image/jpeg

    So please ensure that the content-type returns the correct type and not just text/plain.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  16. Need group assignment support while creating user

    There are two separate Microsoft Graph APIs for creating user :

    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/userpostusers

    and assignment of the group to the user
    https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/api/grouppostmembers

    Idea is to perform both operation in a single call, when creating a user. So no need of second call for group assignment.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support current password when changing a user's password

    When you change a user's password using the update user operation you supply a passwordProfile. This profile only allows for the new password. Add a new property to the passwordProfile for the current password and only allow the change if the current password is correct.

    https://msdn.microsoft.com/en-gb/library/azure/ad/graph/api/users-operations#ResetUserPassword

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow update mail attribute for Azure AD User object throught REST API

    Currently we are creating users in Azure AD through Azure AD Graph API (from our Identity Manager Application). Also we assign licenses using the same Rest API. Our users, among other thinks, uses Sharepoint Online and Skype for Bussiness Online. All of our users have his mailbox in an Exchange 2010 (on-premise), so they don't have the Exchange Online Plan. For Skype for Bussiness integration with Outlook, it's needed that the mail attribute on the Azure AD object be the same as the mail address in Outlook. The problem is that this attribute is read only throug rest API. Also,…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  19. Azure AD Graph API should return PasswordLastChangedDate and PasswordExpiryDate for signed in user

    return "LastPasswordChanged" and "PasswordExpiryDate" for signed in users. former is currently accessible using powershell but not using c# graph api

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow updating any users Photo with User.ReadWrite.All scope

    Currently even if you have the User.ReadWrite.All you cant update another users photo via:

    PUT /beta/users/{User ID}/photo/$value

    This would be VERY helpful.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This work has been started. There is no target In Preview date yet as the investigation is still ongoing on what complete work is required. ^JT

  • Don't see your idea?

Feedback and Knowledge Base