Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!

Can we please please add this attribute to the user object?

In order to, for example, filter users by a certain skill you cannot do only one REST call now.

From stackexchange:

"Filter on collection type properties is represented as below:

https://graph.microsoft.com/v1.0/users?$filter=skills/any(c:c eq 'Javascript')

However, filter on skills property is currently not supported. You can place a request in uservoice site."

I would like support for this /any command, specifically for skills but for all queries would be great too.

We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.

$filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))

See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a

I need to retrieve the last modified date of user profiles in Office 365 from the Graph API.

Could you please provide the endpoint similar to https://graph.microsoft.com/beta/me/?$select=createdDateTime

But have it be for the last time the user profile was modified by the user or admin, would be awesome for it to be https://graph.microsoft.com/beta/me/?$select=lastModifiedDateTime

Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)

As a security monitoring expert for an organization, we need to get the details of all the users under a particular tenant to list the email forwarding user ids. Using this information the organization can evaluate the security profile. Currently, this information is available using PowerShell.

Suppose a user john@contosa.com has rule enabled to forward some or few of his mail to another email id. We want to have a list of such users.

This affects all resources that support extensions but let’s take the User resource as an example:

Extending the User resource currently requires an entire User Profile read/write consent (User.ReadWrite).
We only want to read and write additional data that we provide to the User resource and not modify the entire resource. Users might be hesitant about consenting to Apps that could potentially corrupt their entire user profile.

While filtering works for some attributes like department it doesn't work for officeLocation, which sadly I need for my use case.

GET https://graph.microsoft.com/beta/users?$filter=officeLocation eq 'Gaithersburg, MD'

Returns:
{

"error": {

    "code": "Request_UnsupportedQuery",

    "message": "Unsupported or invalid query filter clause specified for property 'officeLocation' of resource 'User'.",

    "innerError": {

        "request-id": "641beedd-4df5-4b97-b6b5-4f574c382d08",

        "date": "2017-07-26T18:32:39"

    }

}

}

According to https://docs.microsoft.com/en-us/graph/permissions-reference#remarks-23, now with permission:"User.readBasic.All" , only bleow properties would be visible:

• displayName


• givenName


• mail


• photo


• surname


• userPrincipalName

Which means "businessPhones" is not included.

So it means normal user (not admin) won't be able to view other users' business phones in Teams, even these "other users" are their colleagues !

You never want to reach your colleague by calling their business phone !? So what's the point to keep business phone invisible to most users in same organization?

Just suggest to include businessPhones in basic profile.

I'd love to be able to filter the /users and /groups collection on the showInAddressList property.

This would allow us to get all users and groups that are to be shown in the addressbook, currently this means retrieving them all and filtering afterwards (but that poses issues with pagination).

For groups, there is a dependency on this UserVoice: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/32677822-support-hiddenfromaddresslistsenabled-property-on

Pagination issue. There is no way to redirect to previous page If we use $top parameter, it provides next page url using which we can go to next page. We also can not use $skip parameter when we want to get users of an organization. Please provide $skip to use with users api, or provide previous link with $top parameter

Currently even if you have the User.ReadWrite.All you cant update another users photo via:

PUT /beta/users/{User ID}/photo/$value

This would be VERY helpful.

It will be very interesting to allow filter by onPremisesSamAccountName in users endpoint.

Microsoft Graph cant return the wWWHomePage property that people know from regular AD. We need to access this field in a business case and cant do so, because of the current limitations.

Please add support for wWWHomePage on the User object!

When I'm creating an App on Office 365, users can pin them and select them from the "My Apps" menu in the new Office 365 ribbon.

I would like to recreate this menu/whole ribbon in my app (desktop or web, whatever), to bring a consistent experience to my end users. By this, my users could easly switch between O365 Apps and my app.

I'm inspired by TechEd Europe and all the O365 sessions. This is what imho is missing and is very important atm.

Something like:
dev.office.com/me/apps/pinned

Currently there is no API for identifying whether user is enabled with Azure AD MFA or not, so kindly provide