Microsoft Graph Feature Requests
Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.
If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.
This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.
For more information on Microsoft Graph, please checkout https://graph.microsoft.com.
-
Restrict permissions to app-only Azure AD applications consuming Office 365 services on resource level
Large organization start leveraging the Graph API to provide integrations between their third party applications and Office 365. In such companies it is common to delegate the development of integrations from the central IT organization to other business units.
The current app-only permission priviledges are not appropriate for such types of setups since there is currently no way to limit the permissions for that app to a specific resource in Office 365. This makes such use cases impossible to implement.As an example we could consider SharePoint Online. Whever a business unit has to develop a daemon tool that exchanges…
500 votesWork has started. This feature is currently in preview for certain Teams resources with the name “resource-specific consent” (RSC).
Admin documentation: https://docs.microsoft.com/en-us/MicrosoftTeams/resource-specific-consent
Developer documentation: https://docs.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
We intend to continue adding support for additional resource types in the future (e.g. SharePoint content), but we have no ETA to share at this time.
-
Include users' last logon time
Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
Can we please please add this attribute to the user object?489 votesThis capability is now in /beta. It was actually documented earlier, but the service wasn’t quite functional. It is now.
Here’s an example of getting users and their last signin activity: https://docs.microsoft.com/graph/api/user-list?view=graph-rest-beta&tabs=http#example-5-list-the-last-sign-in-time-of-users-in-a-specific-time-rangeAlthough not documented you can also filter on a date range to get the set of users that have not signed in since a certain date, or the users that signed in in the last 3 weeks etc.
Try GET https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime ge 2020-03-20T00:00:00Z&$select=signInActivity,id,userPrincipalName
-
Report of centralized deployed Office Add-ins
When you centraly deply Office add-ins as described here (https://docs.microsoft.com/office/dev/add-ins/publish/centralized-deployment), there is no way of report usage of these add-ins. For Exchange add-ins you might be able to use Cmdlet Get-App. Unfortunately this has its limitation in larger environments and you cannot query for other Microsoft apps add-ins e.g.: Excel, Visio
290 votes -
Support the discoverability of Shared Mailboxes
It seems that Outlook REST APIs is providing new scopes and the possibility to request the shared mailboxes. See this question on StackOverflow http://stackoverflow.com/questions/38616499/what-is-the-purpose-of-the-new-read-user-and-shared-mail-delegated-scope-in-az/38626322?noredirect=1#comment64649553_38626322
The problem now lies in the fact that we cannot "discover" the shared mailbox for the end user. It means that you cannot create an application that show all the shared mailboxes for an end-user because we do not know the name/id for them.
265 votesThank you for this feedback. We are aware of this. We are not actively invested in this right now. More votes would help prioritize this. ^JT
-
Application permission for Presence
From https://docs.microsoft.com/en-us/graph/api/presence-get?view=graph-rest-beta, only Delegated (work or school account) is supported. Supporting application permission for presence calls is really helpful for enterprise usage.
236 votes -
Exchange Online Admin API Support
There is an adequate amount of client side Rest APIs for outlook, but nothing truly available on the admin side. Allowing API calls to create Online Rules and Connectors for example would (hopefully) be less error prone than manually invoking Powershell sessions, especially if rules and connectors need to be created en masse.
177 votesThe team is currently planning and reviewing the requirements of request. We will provide more updates here once a timeline is confirmed.
-
Application permissions to Task API
While reviewing the O365 Preview API I was wondering what about Task-Management. Currently there are two systems for task management (Exchange and SharePoint). Would be great to see a roadmap for TaskManagement in the O365 Story and of course get an API to easily connect Apps to consume tasks. (No CSOM required just give us REST :D)
152 votesWhat kinds of things are you trying to do that involves Client Credentials?
In one of the comments below, someone mentioned wanting to provide managers an overview of the work in their organization.
For that scenario, did you try using a service account?
-
MIME upload email content with microsoft graph
Graph API allows me to get the MIME content of email calling following graph api request: GET https://graph.microsoft.com/beta/me/messages//$value .
As we work on O365 app which changes content of email, it would be great to have possibility to edit the MIME content thru PUT operation.
In addition, apps should be able to create new messages using MIME content.
150 votes -
Fully migrate AD users to Azure AD
I would like to be able to fully migrate my AD users to the cloud, so that when I use them to log into an AzureAD Joined Machine, the whoami CMD properly returns AzureAD\fristnamelastname. Right now there are hidden attributes accociated with the previously AD synced user, that causes the whoami CMD to return DOMAIN\username. This is preventing cloud migrations.
Response I received suggesting that I contact this team.
"This a known gap, that we're reviewing. Even though you have migrated the user from AD to Azure AD, the onprem SamAccountName is still intact on the user object, among other…
148 votes -
allow access to user presence via API
Please allow access to read and update user presence via API.
123 votesThanks for the feedback! The presence resource type is now available on the /beta endpoint: https://docs.microsoft.com/en-us/graph/api/resources/presence?view=graph-rest-beta.
-
Add Microsoft Graph API Health endpoint
There should be some official endpoint created to programmatically check the health status of the Microsoft Graph API.
My application makes queries to the Graph API endpoint as part of the app's login process. I have built a health dashboard to notify me when external API's are having trouble. However, there is no specific Microsoft Graph endpoint that provides any status/health indicator for MS Graph API.
I appreciate your consideration.
109 votes -
Add Pagination to the findRooms API, to get past the limit of 100 rooms
The /findRooms API states: "You can get up to the first 100 rooms in the tenant". Could you please add standard Pagination, to get past this limit?
I tried /findRooms?$top=1000&$count=true but I am not able to make these query parameters work. In addition, I now understand that the API doesn't currently support things like $top or $skip.
100 votesWe are moving from the findRooms API to our new Places API. The Places API is available in BETA. We will be adding pagination to this API. Our target date to deliver this is end of January.
Document can be found here: https://docs.microsoft.com/en-us/graph/api/resources/place?view=graph-rest-beta -
SharedMailbox members (mailbox permissions) via Graph API
We are trying to get the members (mailbox permissions) of a SharedMailbox via Graph API. We do not see any Graph endpoint at the moment that can help us get this information. We are in the process of building a custom application where we need to be able to perform read and write operations of SharedMailbox membership/permissions. This functionality is certainly available via the exchange online powershell and I can imagine this being a critical functionality which is not yet available in Graph API. .
97 votes -
Teams- Subscription to user presence updates
As it stands, the API to get Teams presence requires constant polling in order to track a user's presence in near-real time. It would be more useful if we could subscribe to all presence updates using a webhook.
94 votesWe currently have a preview version of the feature in beta. You can read more about it and try it out here https://developer.microsoft.com/en-us/graph/blogs/get-notified-of-presence-changes-the-microsoft-graph-presence-subscription-api-is-now-available-in-public-preview/
-
Possibility to enable/disable multi-factor authentication for a user via the Graph API
We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.
92 votesWe’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.
Michael
-
Ability to filter on collection type properties (e.g. find all users with skill X)
In order to, for example, filter users by a certain skill you cannot do only one REST call now.
From stackexchange:
"Filter on collection type properties is represented as below:
https://graph.microsoft.com/v1.0/users?$filter=skills/any(c:c eq 'Javascript')
However, filter on skills property is currently not supported. You can place a request in uservoice site."
I would like support for this /any command, specifically for skills but for all queries would be great too.
91 votesThis item is still in the backlog. In the meantime we are researching some other options for this. Will provide an update shortly.
-
Allow Access to Planner using Client Credentials Flow
Planner tasks, buckets and plans are apparently not accessible using client credentials flow (app only).
I can access them using code flow authentication, but that's not my requirement (internal web service).
Everything else seems to work - it's just the planner stuff that doesn't (401 unauthorized).
Is there a workaround that doesn't require a user to log in?
90 votesWhat kinds of things are you trying to do that involves Client Credentials?
In one of the comments below, someone mentioned wanting to provide managers an overview of the work in their organization.
For that scenario, did you try using a service account?
-
Add a "My Groups - Read/Write" Permission (that does not require Admin Consent)
It should not be necessary to require an admin consent to do Group read write operations through the graph API. There should be a permission for My Groups.
89 votesThe work has started, but there is no target date yet due to early investigations. This will work first on Microsoft Teams, then we will target Office 365 Groups. ^JT
-
Office 365 REST API - Include Email Signature
I'm sending email on behalf of logged-in user in my app.
I would like to ability to include email signature defined in the user's mail settings.88 votesThis is something we are aware of. There is currently work being done in all the Outlook clients so that a mail signature roams between clients. Then work can be done to make it available on the Microsoft Graph. ^JT
-
Allow MS Graph proxyAddress filters to specify endsWith() and contains()
Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.
$filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))
See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a
84 votesThis work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY
- Don't see your idea?