Microsoft Graph Feature Requests
Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.
If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.
This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.
For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .
-
differential query for devices
Any ideas when Microsoft GraphAPI will support differential query on devices? I'm looking of way to detect changes about devices in Azure AD.
5 votes -
Remove detectedApps no longer installed on a device
When $expand=detectedApps is included on the /deviceManagement/managedDevices/{managedDeviceId} endpoint, all apps that have ever been installed on the device are returned. It would be great if only currently installed applications were returned to get an accurate representation of the applications on the device.
Example from a device in our environment, I only want to know the current version of the IME, not every version that's ever been installed:
Microsoft Intune Management Extension 1.15.109.0
Microsoft Intune Management Extension 1.24.114.0
Microsoft Intune Management Extension 1.15.102.0
Microsoft Intune Management Extension 1.23.103.0
Microsoft Intune Management Extension 1.22.107.02 votes -
Add Application Permission support for Microsoft Graph API for Intune
Most or all of the APIs related to Devices and Apps (Intune) only support Delegated Permissions. I see a lot of use-cases where I want to use Application Permissions instead of delegated to simplify and secure my integrations.
17 votes -
Extend open extension / schema extension to managedDevice
I am trying to see how to store additional info into managedDevices that are available inside the Graph API (/deviceManagement/managedDevices/ endpoint). But it seems that it does not work (only a specific set of items including device but not managedDevice ?)
It can be a great way to enhance the existing intune solution and store in a central place mandatory data like warranty information or additional device specification.
Thanks for your work on the graph API by the way !
1 vote -
Implement expand functionality detectedApps -> managedDevices
Hi,
Could you please implement the expand functionality for managedDevices on the detectedApps?
So we could fetch the link between devices and apps in one statement, like so:
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps?$expand=managedDevices
or only the id
https://graph.microsoft.com/v1.0/deviceManagement/detectedApps?$expand=managedDevices($select=id).The other direction is also a possibility ofcourse:
https://graph.microsoft.com/beta/deviceManagement/managedDevices?$expand=detectedAppsKind regards,
Peter
6 votes -
Support setting deviceManagementName in setDeviceName
Currently setDeviceName only sets the device display name. It'd be nice to also set the deviceManagementName value in the same POST request.
1 vote -
Add User and App Credential (username/App ID and password/certificate) Support for Intune AutoPilot Cmdlets
Make changes to the Graph API to allow Connect-AutoPilotIntune cmdlet of the WindowsAutoPilotIntune module accept secrets (password and/or certificates) as a parameter to facilitate scripting. At the moment it only accepts <user> as a parameter. When such a script is added to say, Task Scheduler, the user account used will have to be logged into the machine for the task to successfully run the PS script.
Examples
Connect-AutoPilotIntune -credential
Connect-AutoPilotIntune -TenantID ... -ApplicationID ... -CertifiacateThumbprint
etc.
1 vote -
targetedManagedAppProtections returning unwanted data
This endpoint:
https://docs.microsoft.com/en-us/graph/api/intune-mam-targetedmanagedappprotection-list?view=graph-rest-1.0In regards to Intune App Protection policies, the URL and the documenation say "Protection", however it's returning App Configuration policies and Windows Information Protection policies.
Can this be corrected ?
1 vote -
Add support for Exchange ActiveSync Device Partnerships to Graph API
Currently to retrieve information about all ActiveSync Device Partnerships from Exchange Online, you need to either use ECP or Exchange Online PowerShell. Both of these ways are VERY SLOW. ECP because it's manual, and PowerShell because you either have to grab a) all mailboxes (get-mailbox) or b) all partnerships (get-mobiledevice), and then loop through the list to look at each partnership (get-mobiledevicestatistics).
It'd be so much quicker if this was available via the Graph API.
10 votes -
Intune List managedDevices for security groups
Hi,
We are building a portal where we need to display devices for security groups. Currently we can only display basic device information using GET /beta/groups/{groupId}/members.
We would like to diplay manageDevice information, a request for this would be very usefull, example:
GET /groups/{groupId}/managedDevices2 votes -
Lookup up devices using SN not working against /deviceManagement/managedDevices/
We would like to use GraphAPI to perform lookups of 'managed devices' using the serial number. For this, we simply follow the https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-get?view=graph-rest-1.0 article (where you say 'This method supports the OData Query Parameters to help customize the response.'), and the $filter parameter, like described at https://docs.microsoft.com/en-us/graph/query-parameters.
Let's say we want to run a query for all devices where SN starts with C02. We noticed that :
-
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices seems to work. -
https://graph.microsoft.com/v1.0/deviceManagement/managedDevices?$filter=startswith(serialnumber,'C02') does not work (0 results). -
https://graph.microsoft.com/beta/deviceManagement/managedDevices?$filter=((contains(activationlockbypasscode, 'C02'))) seems to work, and also to fulfill our goal.
In the 2nd URL I provided, you explicitly mention that…
1 vote -
-
Include deleted roleScopeTags when listing them
The reoleScopeTags list operation does not return tags that were deleted on a global level (Microsoft Intune->Roles->Scope (Tags)), but devices may still be tagged with one of the deleted tags. Please make it possible (at least as an option) to return all tags.
By the way: the roleScopeTags behave inconsistently in the portal as well. Example: One of my devices was tagged with 6 tags. I deleted 4 of them in the roleScopeTag overview (Microsoft Intune->Roles->Scope (Tags)). In the device overview it now says: "Scope (Tags)
6 scope tag(s) selected", but when opening the selection it only shows the…1 vote -
Allow contains() on the /devices endpoint
We need to be able to search a list of devices by name using a contains() filter.
e.g.:
/devices?$filter=contains('DESKTOP',displayName)3 votes -
Provide Windows OS MUI language packs and Rest APIs for automatic MUI Windows VM deployment
In our real world product, we need to automatically deploy a large number of Windows 10 VMs with MUI support required. However, currently there are no existing programmatic APIs for querying and downloading the language packs (installer ISO), which blocks us from automating the provisioning of the MUI enabled Windows 10 VMs on Azure.
Could you please consider to provide the accompanying version of the language packs and the downloadable iso file for the Microsoft published Windows OS images in some Azure rest APIs?
I believe this should benefit a lot of developers to make the provisioning MUI enabled Windows…3 votes -
delete windows store apps
Unable to delete Windows Store for Business apps using the code provided in https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/intuneappswindowsstoreapp_delete
Failure - Status Code 400; No OData route exists that match template ~/singleton/navigation/key/navigation with http verb DELETE for request
1 vote -
Enable actions on identityRiskEvent objects in Graph API
Currently identityRiskEvent objects can be listed and read, but there are no write actions available, though closing events through "Resolve", "Mark as false positive", "Ignore" and "Dismiss all events" are available through the Azure AD Portal.
Where are the corresponding API methods and scope, so that we may delegate and/or automate these?
2 votes
- Don't see your idea?