Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Application permission on domain level

    We are working with enterprise companies with a lot of concerning legal entities. We are building a third party app and are always running in trouble, if there is a tenant with different domains/legal entities, because usually domain admins will not give permissions to parts of the enterprise, who are not covered by contracts.

    It would be great, if application permission can be combinded with domain (easiest) OR some part of AAD-information (like Devision or an extra attribut).

    In example: I am domain admin of the tenant contexxt.ai, and i've a legal entity called zukunftsdidaktik.de in my tenant. i want…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. API to get notification email addresses listed on SAML certs

    We need a way either through Powershell or API get the notification email address(es) listed on a SAML signing cert and be able to update them. This way we can check if the correct email address is listed and update it if needed.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. log of the activity across your one drive account so if your account gets hacked you can see what activity that hacker performed

    log of the activity across your one drive account so if your account gets hacked you can see what activity that hacker performed - did they view any files, did they down load any files etc

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Failed to admin consent for Microsoft Graph API from Azure portal

    created a Public Client App in Azure Portal, then add all Microsoft Graph API delegatedPermission, totally the 208 permissions. then when clicked 'On behalf of Admin Consent', wait for a while, i got the following error message:
    unable to grant consent
    : Value length '10462' is out of the valid range of '1' to '8000' for property 'DelegationScope'. [WUCaV]

    I tried to use https://xxxx/adminconsent, it failed with the same error message. please suggest if what i missed. thanks!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Extend MSGraph to only query failed sign-ins. Not possible now.

    I'm trying to query only the failed sign-ins using the $filter parameter but it only supports status/errorCode eq [errorcode].

    This means that i need to know all errorcodes on forehand. Which i don't.

    Can this filter be extended with status/errorCode ge 1 ?

    This would really make life easier.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Deliver fileData for Get agreement request

    Performing a GET request for https://docs.microsoft.com/en-us/graph/api/agreement-get?view=graph-rest-beta&tabs=http
    on "agreement" does not deliver the fileData for the ToU files configured in the policy.
    Please deliver the bytes not only the metadata.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Add the raw user agent to Azure AD audit log scheme

    As of today, only parsed user agent information is available as part of the Azure AD audit log (in sign-in in particular). In many cases, the parsing does not work well and most of the parsed fields are 'null'.
    It will be great if we can get the raw user agent string and use our own parsing.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Raise limit of 100 schema extension property values allowed per resource instance

    Removing the limit of 100 schema extensions property values allowed per resource instance would allow me to build a comprehensive directory with many, many fields for my organization. My on-premise AD has hundreds of fields that I would like to extend to AAD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Skype/Teams provisioning via Graph

    Currently, we still have a high dependency on the Skype Online PowerShell module to facilitate identity management processes around user provisioning and subsequent configuration management. This is in the context of being run as a post provisioning process to the main Azure AD provisioning process within Microsoft Identity Manager.

    The underpinning issue is that while Azure AD's integration into Graph is quite good, it's non-existent for Teams/Skype (and numerous other products).

    A specific example of what we can't do right now in Graph is specify the various user policies (messaging, meeting, app setup, etc.) Instead, we have to call the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Return conditional access policies with GET /policies

    Is it possible to retrieve conditional access policies using the 'List Policies' method from the /beta API?

    https://docs.microsoft.com/en-us/graph/api/policy-list?view=graph-rest-beta

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. More speed when handling huge amount of notes in one sheet

    I have al my P&Ls for al 52 weeks inserted in to a table with 52 slots that means 52 columns and more than 15 rows. and it is so very slow to see. It is daunting. I don't want to switch softwares because for me Onenote is the more versatile but it crashes, si doesn't sync with my shared notebooks, it is incredible.

    I have a MacBook Pro with dual core and it still suffers. Please build something to solve this!!!
    Thanks
    Carlos
    New York

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Don't auto login accounts so accounts can be swapped (BUG)

    Whenever the Outlook sign in page pops up after a token request, i.e.:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?clientid=&responsetype=code&redirecturi=&responsemode=query&scope=&state=

    It gives you the option to login with an account, but immediately forwards back to the redirect url, logging you in with the last selected account.

    A very frustrating bug for many people here.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Api

    Please provide API for manage the users based on application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for custom resource type schema in azure SCIM implemetation

    Azure AD API implementation only supports User and Groups, but there is no support for provisioning to custom resourceTypes that might exist in the endpoint like devices, roles, entitlements

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow other values accepted in GroupMembershipClaim in Manifest for Azure AD

    Currently, GroupMembershipClaim in manifest only accepts one of ("null, "All", "SecurityGroup").

    SecurityGroup returns SecurityGroup along with Azure roles, It will be very useful if there is some filter which only returns SecurityGroup(excluding Azure roles) or only Distribution List.

    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Delete application IDs, Service Principals by owner

    Currently when one filters App IDs in AAD, it shows all of the App IDs regardless of who owns the AppID. The ASK here is to provide a way to ONLY shows those App IDs owned by the logged in user OR add a property in Get-AzureADApplication to filter by owner (currently there is no property that makes reference to who owns the application, and this is the reason we are not able to get the required information)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. There is no(latest) REST API to collect Azure AD application details

    For Azure active directory user related details we are able to collect using API through https://graphexplorer.azurewebsites.net, but for application created in azure Active Directory, don't have an API.

    Requesting MS team to either we need incorporate into Azure AD Graph API or release separate API and allow to get all the properties about the APP.

    Azure Active Directory application: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Global Application Configuration Endpoint for MS Graph

    Ref: https://stackoverflow.com/questions/53686477/global-application-configuration-for-microsoft-graph-api/53698846

    It would be great to store some global Application configuration in MS Graph which can be edited by specific user groups but be readable for everybody in the organization.

    Example usecase:
    - Store internal Link Map of Company which will be picked up by SPA. Links can be updated by admin.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Application Extension Properties documentation is gone, is this feature going away?

    We are using Application Extensions but are worried this is going away. The feature is still working we just noticed the documentation on the beta reference below is no longer working so want to know the future of this!

    Documentation link now broken:
    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/applicationlistextensionproperties

    API sample call to get list of application extensions:
    https://graph.microsoft.com/beta/applications/{id}/extensionProperties

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base