Microsoft Graph Feature Requests
Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.
If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.
This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.
For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .
-
Include users' last logon time
Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!
Can we please please add this attribute to the user object?461 votesJust to update. We ran into a few problems here, and this has been delayed. Revised timeline is Q1 2020 (hopefully nearer the beginning of the quarter). Sorry for the delay.
-
Ability to filter on collection type properties (e.g. find all users with skill X)
In order to, for example, filter users by a certain skill you cannot do only one REST call now.
From stackexchange:
"Filter on collection type properties is represented as below:
https://graph.microsoft.com/v1.0/users?$filter=skills/any(c:c eq 'Javascript')
However, filter on skills property is currently not supported. You can place a request in uservoice site."
I would like support for this /any command, specifically for skills but for all queries would be great too.
80 votesThis item is still in the backlog. In the meantime we are researching some other options for this. Will provide an update shortly.
-
Add a "My Groups - Read/Write" Permission (that does not require Admin Consent)
It should not be necessary to require an admin consent to do Group read write operations through the graph API. There should be a permission for My Groups.
71 votesThe work has started, but there is no target date yet due to early investigations. This will work first on Microsoft Teams, then we will target Office 365 Groups. ^JT
-
Possibility to enable/disable multi-factor authentication for a user via the Graph API
We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.
70 votesWe’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.
Michael
-
Fully migrate AD users to Azure AD
I would like to be able to fully migrate my AD users to the cloud, so that when I use them to log into an AzureAD Joined Machine, the whoami CMD properly returns AzureAD\fristnamelastname. Right now there are hidden attributes accociated with the previously AD synced user, that causes the whoami CMD to return DOMAIN\username. This is preventing cloud migrations.
Response I received suggesting that I contact this team.
"This a known gap, that we're reviewing. Even though you have migrated the user from AD to Azure AD, the onprem SamAccountName is still intact on the user object, among other…
53 votes -
Ability to update the user's email aliases (proxyAddresses attribute).
https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#user-entity shows that we can GET, POST and PATCH the "otherMails" attribute of a user object. otherMails is described as "A list of additional email addresses for the user", which makes it sound like the user's email aliases. However, if you set this attribute, then look at the user in the Office365 Admin Center or Powershell, you see it's actually the "Alternate Email Address" attribute: i.e. the contact address required for admin accounts. In the Graph API the attribute that lists the email aliases is "proxyAddresses" and this is read-only (i.e. only supports GET). It's been explained to me by…
47 votesWork has started on this, but it’s much more complex than it first appears. It’s unlikely to be available before Q2 2020.
-
expose “lastModifiedDateTime” on user
I need to retrieve the last modified date of user profiles in Office 365 from the Graph API.
Could you please provide the endpoint similar to https://graph.microsoft.com/beta/me/?$select=createdDateTime
But have it be for the last time the user profile was modified by the user or admin, would be awesome for it to be https://graph.microsoft.com/beta/me/?$select=lastModifiedDateTime
43 votesComing soon! Keep an eye on the changelog (https://docs.microsoft.com/en-us/graph/changelog) -EY
-
Allow MS Graph proxyAddress filters to specify endsWith() and contains()
Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.
$filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))
See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a
41 votesThis work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY
-
Extensions Permission
This affects all resources that support extensions but let’s take the User resource as an example:
Extending the User resource currently requires an entire User Profile read/write consent (User.ReadWrite).
We only want to read and write additional data that we provide to the User resource and not modify the entire resource. Users might be hesitant about consenting to Apps that could potentially corrupt their entire user profile.34 votesWe do not have this started yet, but its in our plan due to other priorities. ^JT
-
Allow $filter on showInAddressList for /users and /groups
I'd love to be able to filter the /users and /groups collection on the showInAddressList property.
This would allow us to get all users and groups that are to be shown in the addressbook, currently this means retrieving them all and filtering afterwards (but that poses issues with pagination).
For groups, there is a dependency on this UserVoice: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/32677822-support-hiddenfromaddresslistsenabled-property-on
26 votes -
Include "businesePhones" in basic profile
According to https://docs.microsoft.com/en-us/graph/permissions-reference#remarks-23, now with permission:"User.readBasic.All" , only bleow properties would be visible:
- displayName
- givenName
- photo
- surname
- userPrincipalName
Which means "businessPhones" is not included.
So it means normal user (not admin) won't be able to view other users' business phones in Teams, even these "other users" are their colleagues !
You never want to reach your colleague by calling their business phone !? So what's the point to keep business phone invisible to most users in same organization?
Just suggest to include businessPhones in basic profile.
24 votes -
Allow filtering users by officeLocation
While filtering works for some attributes like department it doesn't work for officeLocation, which sadly I need for my use case.
GET https://graph.microsoft.com/beta/users?$filter=officeLocation eq 'Gaithersburg, MD'
Returns:
{"error": {
"code": "Request_UnsupportedQuery",
"message": "Unsupported or invalid query filter clause specified for property 'officeLocation' of resource 'User'.",
"innerError": {
"request-id": "641beedd-4df5-4b97-b6b5-4f574c382d08",
"date": "2017-07-26T18:32:39"
}
}}
19 votesWe are investigating the technical requirements here to see whether we can move this to the backlog. -EY
-
Implement $skip for users api or provide previous link
Pagination issue. There is no way to redirect to previous page If we use $top parameter, it provides next page url using which we can go to next page. We also can not use $skip parameter when we want to get users of an organization. Please provide $skip to use with users api, or provide previous link with $top parameter
18 votes -
Expose user Authentication Phone and Authentication Email
why graph api don't sending user authentication email and phone number using this api endpoint https://graph.windows.net/myorganization/users/{user_id}?api-version.
in my application i need the email address user used for signup and mobile number which user used for MFA. but i can't find any of those.
18 votes -
Allow update mail attribute for Azure AD User object throught REST API
Currently we are creating users in Azure AD through Azure AD Graph API (from our Identity Manager Application). Also we assign licenses using the same Rest API. Our users, among other thinks, uses Sharepoint Online and Skype for Bussiness Online. All of our users have his mailbox in an Exchange 2010 (on-premise), so they don't have the Exchange Online Plan. For Skype for Bussiness integration with Outlook, it's needed that the mail attribute on the Azure AD object be the same as the mail address in Outlook. The problem is that this attribute is read only throug rest API. Also,…
18 votesWe are investigating the technical requirements here to see whether we can move this to the backlog. -EY
-
Add support for wWWHomepage
Microsoft Graph cant return the wWWHomePage property that people know from regular AD. We need to access this field in a business case and cant do so, because of the current limitations.
Please add support for wWWHomePage on the User object!
17 votesThis is in the backlog along with some other properties we are considering for exposure on the user resource.
-
Allow updating any users Photo with User.ReadWrite.All scope
Currently even if you have the User.ReadWrite.All you cant update another users photo via:
PUT /beta/users/{User ID}/photo/$value
This would be VERY helpful.
17 votesThis work has been started. There is no target In Preview date yet as the investigation is still ongoing on what complete work is required. ^JT
-
Add an O365 REST API endpoint returning a list of pinned "My Apps" of a current user
When I'm creating an App on Office 365, users can pin them and select them from the "My Apps" menu in the new Office 365 ribbon.
I would like to recreate this menu/whole ribbon in my app (desktop or web, whatever), to bring a consistent experience to my end users. By this, my users could easly switch between O365 Apps and my app.
I'm inspired by TechEd Europe and all the O365 sessions. This is what imho is missing and is very important atm.
Something like:
dev.office.com/me/apps/pinned17 votes -
Provide API access to AAD user MFA Properties
Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)
16 votesComing soon! Keep an eye on the changelog (docs.microsoft.com/en-us/graph/changelog) -EY
-
Supportability for more attributes with MS Graph API
Please support syncing more attributes (on user create and update) with MS Graph API.
Here is the wish-list:
proxyAddresses,
postOfficeBox,
pager,
msExchExtensionCustomAttribute,
mail,
ipPhone,
info,
extension<AADAppGUID><attribute_name>,
description,
countryCode,
commonName,
cloudAnchor,
aliasThanks,
Anna14 votes
- Don't see your idea?