Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Include users' last logon time

    Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!

    Can we please please add this attribute to the user object?

    479 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    46 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This capability is now in /beta. It was actually documented earlier, but the service wasn’t quite functional. It is now.
    Here’s an example of getting users and their last signin activity: https://docs.microsoft.com/graph/api/user-list?view=graph-rest-beta&tabs=http#example-5-list-the-last-sign-in-time-of-users-in-a-specific-time-range

    Although not documented you can also filter on a date range to get the set of users that have not signed in since a certain date, or the users that signed in in the last 3 weeks etc.

    Try GET https://graph.microsoft.com/beta/users?$filter=signInActivity/lastSignInDateTime ge 2020-03-20T00:00:00Z&$select=signInActivity,id,userPrincipalName

  2. Fully migrate AD users to Azure AD

    I would like to be able to fully migrate my AD users to the cloud, so that when I use them to log into an AzureAD Joined Machine, the whoami CMD properly returns AzureAD\fristnamelastname. Right now there are hidden attributes accociated with the previously AD synced user, that causes the whoami CMD to return DOMAIN\username. This is preventing cloud migrations.

    Response I received suggesting that I contact this team.

    "This a known gap, that we're reviewing. Even though you have migrated the user from AD to Azure AD, the onprem SamAccountName is still intact on the user object, among other…

    126 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    11 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  3. Ability to filter on collection type properties (e.g. find all users with skill X)

    In order to, for example, filter users by a certain skill you cannot do only one REST call now.

    From stackexchange:

    "Filter on collection type properties is represented as below:

    https://graph.microsoft.com/v1.0/users?$filter=skills/any(c:c eq 'Javascript')

    However, filter on skills property is currently not supported. You can place a request in uservoice site."

    I would like support for this /any command, specifically for skills but for all queries would be great too.

    88 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  4. Possibility to enable/disable multi-factor authentication for a user via the Graph API

    We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

    85 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    14 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

    Michael

  5. Allow MS Graph proxyAddress filters to specify endsWith() and contains()

    Currently there is support for startsWith and eq filters on proxyAddresses. However there is no way to search for proxyAddresses that endsWith or contains a string. E.g. finding users with a proxyAddress in a specific domain.

    $filter=proxyAddresses/any(x:endsWith(x,'@acme.com'))

    See this thread for more information: https://stackoverflow.com/questions/46588870/filtering-on-proxyaddresses-with-microsoft-graph-api-that-endswith-or-contains-a

    78 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY

  6. Ability to update the user's email aliases (proxyAddresses attribute).

    https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#user-entity shows that we can GET, POST and PATCH the "otherMails" attribute of a user object. otherMails is described as "A list of additional email addresses for the user", which makes it sound like the user's email aliases. However, if you set this attribute, then look at the user in the Office365 Admin Center or Powershell, you see it's actually the "Alternate Email Address" attribute: i.e. the contact address required for admin accounts. In the Graph API the attribute that lists the email aliases is "proxyAddresses" and this is read-only (i.e. only supports GET). It's been explained to me by…

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  7. expose “lastModifiedDateTime” on user

    I need to retrieve the last modified date of user profiles in Office 365 from the Graph API.

    Could you please provide the endpoint similar to https://graph.microsoft.com/beta/me/?$select=createdDateTime

    But have it be for the last time the user profile was modified by the user or admin, would be awesome for it to be https://graph.microsoft.com/beta/me/?$select=lastModifiedDateTime

    52 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  8. Provide API access to AAD user MFA Properties

    Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)

    45 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    8 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  9. Graph API to list the Mail forwarding details for all the users for a tenant using the auth token for global admin account

    As a security monitoring expert for an organization, we need to get the details of all the users under a particular tenant to list the email forwarding user ids. Using this information the organization can evaluate the security profile. Currently, this information is available using PowerShell.

    Suppose a user john@contosa.com has rule enabled to forward some or few of his mail to another email id. We want to have a list of such users.

    43 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  10. Allow filtering users by officeLocation

    While filtering works for some attributes like department it doesn't work for officeLocation, which sadly I need for my use case.

    GET https://graph.microsoft.com/beta/users?$filter=officeLocation eq 'Gaithersburg, MD'

    Returns:
    {

    "error": {
    
    "code": "Request_UnsupportedQuery",
    "message": "Unsupported or invalid query filter clause specified for property 'officeLocation' of resource 'User'.",
    "innerError": {
    "request-id": "641beedd-4df5-4b97-b6b5-4f574c382d08",
    "date": "2017-07-26T18:32:39"
    }
    }

    }

    36 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This capability is now available in Microsoft Graph public preview. It’s not currently documented.

    NOTE: you’ll need to use a custom HTTP request header ConsistencyLevel: eventual and request $count=true as well, to enable this query capability.

    GET ../beta/users?$filter=officeLocation eq ‘SomeLocation’&$count=true
    ConsistencyLevel:eventual

    See also related queries in the changelog entry https://docs.microsoft.com/en-us/graph/changelog#identity-and-access-azure-ad

  11. Extensions Permission

    This affects all resources that support extensions but let’s take the User resource as an example:

    Extending the User resource currently requires an entire User Profile read/write consent (User.ReadWrite).
    We only want to read and write additional data that we provide to the User resource and not modify the entire resource. Users might be hesitant about consenting to Apps that could potentially corrupt their entire user profile.

    35 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  12. Include "businesePhones" in basic profile

    According to https://docs.microsoft.com/en-us/graph/permissions-reference#remarks-23, now with permission:"User.readBasic.All" , only bleow properties would be visible:


    • displayName

    • givenName

    • mail

    • photo

    • surname

    • userPrincipalName

    Which means "businessPhones" is not included.

    So it means normal user (not admin) won't be able to view other users' business phones in Teams, even these "other users" are their colleagues !

    You never want to reach your colleague by calling their business phone !? So what's the point to keep business phone invisible to most users in same organization?

    Just suggest to include businessPhones in basic profile.

    33 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  13. Implement $skip for users api or provide previous link

    Pagination issue. There is no way to redirect to previous page If we use $top parameter, it provides next page url using which we can go to next page. We also can not use $skip parameter when we want to get users of an organization. Please provide $skip to use with users api, or provide previous link with $top parameter

    28 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    Needs more information  ·  4 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow $filter on showInAddressList for /users and /groups

    I'd love to be able to filter the /users and /groups collection on the showInAddressList property.

    This would allow us to get all users and groups that are to be shown in the addressbook, currently this means retrieving them all and filtering afterwards (but that poses issues with pagination).

    For groups, there is a dependency on this UserVoice: https://microsoftgraph.uservoice.com/forums/920506-microsoft-graph-feature-requests/suggestions/32677822-support-hiddenfromaddresslistsenabled-property-on

    27 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    Hi Yannick,
    showInAddressList filter support for User object in now under consideration.
    We will update the status when we will have more info to share.

    PS: The Group object property hideFromAddressLists is from Exchange service (not AAD), and currently doesn’t support filtering.
    I suggest you opening another feedback to track with this other request separately.

  15. Allow update mail attribute for Azure AD User object throught REST API

    Currently we are creating users in Azure AD through Azure AD Graph API (from our Identity Manager Application). Also we assign licenses using the same Rest API. Our users, among other thinks, uses Sharepoint Online and Skype for Bussiness Online. All of our users have his mailbox in an Exchange 2010 (on-premise), so they don't have the Exchange Online Plan. For Skype for Bussiness integration with Outlook, it's needed that the mail attribute on the Azure AD object be the same as the mail address in Outlook. The problem is that this attribute is read only throug rest API. Also,…

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow updating any users Photo with User.ReadWrite.All scope

    Currently even if you have the User.ReadWrite.All you cant update another users photo via:

    PUT /beta/users/{User ID}/photo/$value

    This would be VERY helpful.

    22 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    3 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This work has been started. There is no target In Preview date yet as the investigation is still ongoing on what complete work is required. ^JT

  17. Useful User (Endpoint) Filtering

    The collection size of a request to /users cannot be feasibly limited.

    Our active directory has tens of thousands of entries. The API only enables retrieving 100 entries per request. Getting ALL the entries takes a long time and I don't need them ALL. Unfortunately, the options for filtering the request are quite chintzy.

    I can use the eq (equal) filter, which would be fine if looking for a single user, but I'm trying to limit the resulting collection to a group of users (e.g. to users who's displayName contains a substring, or where surname is not null). I cannot…

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow / Add onPremisesSamAccountName as a filter

    It will be very interesting to allow filter by onPremisesSamAccountName in users endpoint.

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    his capability is now available in Microsoft Graph public preview. It’s not currently documented.

    NOTE: you’ll need to use a custom HTTP request header ConsistencyLevel: eventual and request $count=true as well, to enable this query capability.

    GET ../beta/users?$filter=onPremisesSamAccountName eq ‘name’&$count=true
    ConsistencyLevel:eventual

    See also related queries in the changelog entry https://docs.microsoft.com/en-us/graph/changelog#identity-and-access-azure-ad

  19. Add support for wWWHomepage

    Microsoft Graph cant return the wWWHomePage property that people know from regular AD. We need to access this field in a business case and cant do so, because of the current limitations.

    Please add support for wWWHomePage on the User object!

    20 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    4 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  20. Delta and Subscriptions to include photo and photo property with last update date

    If you have a tenant with a lot of users or a SaaS platform that works with millions of users accounts in Microsoft, it is extremely painful and time consuming to pull/sync profile images from Microsoft Graph. Doing live queries against Graph for photos are also causing additional strain on the Graph infrastructure and end users suffer the performance penalty of a service having to query another service first. So it is ideal to sync images in some cases to local systems for performance gains.

    Based on testing that I did I calculated that fetching photos on 300'000 users can…

    18 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
← Previous 1 3 4 5 6 7
  • Don't see your idea?

Feedback and Knowledge Base