Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.

This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. enable all User attributes (which can be queried in the MS Graph API) as custom access token claims

    There are a select few of "optional attributes" to attach to an Azure AD Access Token. Ideally, any "user" attribute can be incorporated into an access token. In our case, we need mailNickname, but I see other attributes being requested such as employeeId. We should be able to name "User" as the source and select any property available as an AD attribute attached to the user.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Allow creation of Teams/Groups without Group.ReadWrite.All

    Lots of partners, ISVs and end-user orgs create provisioning solutions which create Teams and Groups with additional governance/templating/features, but such solutions currently require the Group.ReadWrite.All permission - which is hugely problematic. This is a manifestation of the need for more granular permission scope types (e.g. see https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/37796059-restrict-permissions-to-app-only-azure-ad-applicat), but is a particularly important use case and isn't quite the same thing as the need to access only specified resources.

    To expand, it does not appear to be dealt with by Resource-Specific Consent - after all, I just want permissions to create a new Team/Group, rather than permissions to an…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow notification for user registration (creation) in Azure B2C tenant

    Applications in a B2C workflow need to be able to know when new users have registered.

    In our current flow a user purchases a license to our product. The billing software will call a webhook to our application which triggers a transactional email with a registration link (this is an azure B2C registration link). We need to be able to know once the user has completed registration (e.g. we need to be able to subscribe to a "user created" event that calls our application whenever the user signs up). This is important to send a welcome email and bootstrap the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Raise limit of 100 schema extension property values allowed per resource instance

    Removing the limit of 100 schema extensions property values allowed per resource instance would allow me to build a comprehensive directory with many, many fields for my organization. My on-premise AD has hundreds of fields that I would like to extend to AAD.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Get department manager

    I would like to query managers based on department, where I send department name for instance and get the details of the manager of the department in Graph\User return type

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Implement the possibility of adding AppRoleAssignment through the SDK

    The documentation is already there:

    https://docs.microsoft.com/en-us/graph/api/serviceprincipal-post-
    approleassignments?view=graph-rest-beta&tabs=csharp

    However the AddAsync method is not part of the latest beta-build

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Skype/Teams provisioning via Graph

    Currently, we still have a high dependency on the Skype Online PowerShell module to facilitate identity management processes around user provisioning and subsequent configuration management. This is in the context of being run as a post provisioning process to the main Azure AD provisioning process within Microsoft Identity Manager.

    The underpinning issue is that while Azure AD's integration into Graph is quite good, it's non-existent for Teams/Skype (and numerous other products).

    A specific example of what we can't do right now in Graph is specify the various user policies (messaging, meeting, app setup, etc.) Instead, we have to call the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Return conditional access policies with GET /policies

    Is it possible to retrieve conditional access policies using the 'List Policies' method from the /beta API?

    https://docs.microsoft.com/en-us/graph/api/policy-list?view=graph-rest-beta

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. More speed when handling huge amount of notes in one sheet

    I have al my P&Ls for al 52 weeks inserted in to a table with 52 slots that means 52 columns and more than 15 rows. and it is so very slow to see. It is daunting. I don't want to switch softwares because for me Onenote is the more versatile but it crashes, si doesn't sync with my shared notebooks, it is incredible.

    I have a MacBook Pro with dual core and it still suffers. Please build something to solve this!!!
    Thanks
    Carlos
    New York

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Don't auto login accounts so accounts can be swapped (BUG)

    Whenever the Outlook sign in page pops up after a token request, i.e.:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?clientid=&responsetype=code&redirecturi=&responsemode=query&scope=&state=

    It gives you the option to login with an account, but immediately forwards back to the redirect url, logging you in with the last selected account.

    A very frustrating bug for many people here.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Restrict permissions to app-only Azure AD applications consuming Office 365 services on resource level

    Large organization start leveraging the Graph API to provide integrations between their third party applications and Office 365. In such companies it is common to delegate the development of integrations from the central IT organization to other business units.
    The current app-only permission priviledges are not appropriate for such types of setups since there is currently no way to limit the permissions for that app to a specific resource in Office 365. This makes such use cases impossible to implement.

    As an example we could consider SharePoint Online. Whever a business unit has to develop a daemon tool that exchanges…

    215 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    24 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    Work has started. We plan to build an experience where end users and administrators can pick a specific resource to grant consent to, such as a specific group or site. This will be programmable through Microsoft Graph API.

  14. Add manager to list Users graph api

    Currently we allow customer to connect to the Azure AD for listing all people in their AD for an up-to-date personell system.
    If they need to have the hierarchy in our software as well (who is the manager of who) this is near impossible as you have to retrieve the manager object per user.

    Please allow an extra attribute to request the manager information when listing users instead of 'per user' basis.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Graph API - Azure AD B2B - Organizational Relationships Whitelist

    Azure Active Directory > Organizational Relationships > Settings > Collaboration restrictions ... when "Allow invitations only to the specified domains (most restrictive)" option is set, it would be very nice if I could programmaticly add domains to this list and query them back. I am looking to automate the end-to-end Auzre AD B2B invitation process from an internal portal, and this will be a requirement.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Api

    Please provide API for manage the users based on application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add an endpoint to list the users in each role

    I need to be able to get a list of the "Supervisor" role assigned to a specific application for Azure AD. Please add this to Microsoft Graph

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow other values accepted in GroupMembershipClaim in Manifest for Azure AD

    Currently, GroupMembershipClaim in manifest only accepts one of ("null, "All", "SecurityGroup").

    SecurityGroup returns SecurityGroup along with Azure roles, It will be very useful if there is some filter which only returns SecurityGroup(excluding Azure roles) or only Distribution List.

    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Delete application IDs, Service Principals by owner

    Currently when one filters App IDs in AAD, it shows all of the App IDs regardless of who owns the AppID. The ASK here is to provide a way to ONLY shows those App IDs owned by the logged in user OR add a property in Get-AzureADApplication to filter by owner (currently there is no property that makes reference to who owns the application, and this is the reason we are not able to get the required information)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Security Granularity of Graph Access

    When accessing sites with Graph, the access level is not granular enough. For example writing a daemon to query a sharepoint site where the daemon should only have access to query that one site for meta data. The application should only be able to query that one site, not all of the company sharepoint sites.
    I would think this would be available in some form, but having spent many days researching this I have found no way to enable Graph access to only one or a limited group of company sharepoint sites.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4
  • Don't see your idea?

Feedback and Knowledge Base