Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Application Permission support for Microsoft Graph API for Intune

    Most or all of the APIs related to Devices and Apps (Intune) only support Delegated Permissions. I see a lot of use-cases where I want to use Application Permissions instead of delegated to simplify and secure my integrations.

    19 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add Ethernet Mac Address to Get managedDevice API

    Hi, we are currently using https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-get?view=graph-rest-1.0 to extract some info about clients.

    We find it rather strange that we are able to get the Wifi Mac Address but not the Ethernet Mac Address via the API.

    I know that the ethernet mac address was added at a later point and maybe thats the reason for it not being included in the API in the first place. Are there any plans of adding this?

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  3. Add support for Exchange ActiveSync Device Partnerships to Graph API

    Currently to retrieve information about all ActiveSync Device Partnerships from Exchange Online, you need to either use ECP or Exchange Online PowerShell. Both of these ways are VERY SLOW. ECP because it's manual, and PowerShell because you either have to grab a) all mailboxes (get-mailbox) or b) all partnerships (get-mobiledevice), and then loop through the list to look at each partnership (get-mobiledevicestatistics).

    It'd be so much quicker if this was available via the Graph API.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  4. Implement expand functionality detectedApps -> managedDevices

    Hi,

    Could you please implement the expand functionality for managedDevices on the detectedApps?

    So we could fetch the link between devices and apps in one statement, like so:
    https://graph.microsoft.com/v1.0/deviceManagement/detectedApps?$expand=managedDevices
    or only the id
    https://graph.microsoft.com/v1.0/deviceManagement/detectedApps?$expand=managedDevices($select=id).

    The other direction is also a possibility ofcourse:
    https://graph.microsoft.com/beta/deviceManagement/managedDevices?$expand=detectedApps

    Kind regards,

    Peter

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  5. Add/Support new Device attributes

    Not sure I like the (Intune) attribute after Devices and Apps. Would like to see device fields for status and environment. Sample data below:

    STATUS:

    Disposed
    Deployed
    Decommissioned
    Pending Deployment
    In-Inventory
    Pending Decommission
    Loaded in Error
    Archived
    Received
    In Service
    Out of Scope

    ENVIRONMENT:
    Production
    Development
    Test
    Sandbox
    Pre-Build
    UAT
    Disaster Recovery
    Training
    Integration Test
    Staging
    Standby

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  6. Remove detectedApps no longer installed on a device

    When $expand=detectedApps is included on the /deviceManagement/managedDevices/{managedDeviceId} endpoint, all apps that have ever been installed on the device are returned. It would be great if only currently installed applications were returned to get an accurate representation of the applications on the device.

    Example from a device in our environment, I only want to know the current version of the IME, not every version that's ever been installed:
    Microsoft Intune Management Extension 1.15.109.0
    Microsoft Intune Management Extension 1.24.114.0
    Microsoft Intune Management Extension 1.15.102.0
    Microsoft Intune Management Extension 1.23.103.0
    Microsoft Intune Management Extension 1.22.107.0

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  7. delta query for devices

    Any ideas when Microsoft GraphAPI will support delta query on devices? I'm looking of way to detect changes about devices in Azure AD.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  8. Extend open extension / schema extension to managedDevice

    I am trying to see how to store additional info into managedDevices that are available inside the Graph API (/deviceManagement/managedDevices/ endpoint). But it seems that it does not work (only a specific set of items including device but not managedDevice ?)

    It can be a great way to enhance the existing intune solution and store in a central place mandatory data like warranty information or additional device specification.

    Thanks for your work on the graph API by the way !

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  9. Allow contains() on the /devices endpoint

    We need to be able to search a list of devices by name using a contains() filter.

    e.g.:
    /devices?$filter=contains('DESKTOP',displayName)

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  10. Lookup up devices using SN not working against /deviceManagement/managedDevices/

    We would like to use GraphAPI to perform lookups of 'managed devices' using the serial number. For this, we simply follow the https://docs.microsoft.com/en-us/graph/api/intune-devices-manageddevice-get?view=graph-rest-1.0 article (where you say 'This method supports the OData Query Parameters to help customize the response.'), and the $filter parameter, like described at https://docs.microsoft.com/en-us/graph/query-parameters.

    Let's say we want to run a query for all devices where SN starts with C02. We noticed that :

    In the 2nd URL I provided, you explicitly mention that…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide Windows OS MUI language packs and Rest APIs for automatic MUI Windows VM deployment

    In our real world product, we need to automatically deploy a large number of Windows 10 VMs with MUI support required. However, currently there are no existing programmatic APIs for querying and downloading the language packs (installer ISO), which blocks us from automating the provisioning of the MUI enabled Windows 10 VMs on Azure.
    Could you please consider to provide the accompanying version of the language packs and the downloadable iso file for the Microsoft published Windows OS images in some Azure rest APIs?
    I believe this should benefit a lot of developers to make the provisioning MUI enabled Windows…

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  12. Expose MacOS UDID via API

    MacOS devices in Intune have an attribute called UDID which corresponds to the IDs for OneDrive clients. It would be useful to be able to query this via API for use in Sentinel incidents.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  13. Add deviceGeoLocation

    Currently, I see deviceGeoLocation under deviceManagement. However, it would be very useful for security to search for the last GeoLocation of a device.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  14. Intune List managedDevices for security groups

    Hi,

    We are building a portal where we need to display devices for security groups. Currently we can only display basic device information using GET /beta/groups/{groupId}/members.

    We would like to diplay manageDevice information, a request for this would be very usefull, example:
    GET /groups/{groupId}/managedDevices

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  15. Enable actions on identityRiskEvent objects in Graph API

    Currently identityRiskEvent objects can be listed and read, but there are no write actions available, though closing events through "Resolve", "Mark as false positive", "Ignore" and "Dismiss all events" are available through the Azure AD Portal.

    Where are the corresponding API methods and scope, so that we may delegate and/or automate these?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  16. Support setting deviceManagementName in setDeviceName

    Currently setDeviceName only sets the device display name. It'd be nice to also set the deviceManagementName value in the same POST request.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  17. Add User and App Credential (username/App ID and password/certificate) Support for Intune AutoPilot Cmdlets

    Make changes to the Graph API to allow Connect-AutoPilotIntune cmdlet of the WindowsAutoPilotIntune module accept secrets (password and/or certificates) as a parameter to facilitate scripting. At the moment it only accepts <user> as a parameter. When such a script is added to say, Task Scheduler, the user account used will have to be logged into the machine for the task to successfully run the PS script.

    Examples


    1. Connect-AutoPilotIntune -credential


    2. Connect-AutoPilotIntune -TenantID ... -ApplicationID ... -CertifiacateThumbprint


    etc.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  18. targetedManagedAppProtections returning unwanted data

    This endpoint:
    https://docs.microsoft.com/en-us/graph/api/intune-mam-targetedmanagedappprotection-list?view=graph-rest-1.0

    In regards to Intune App Protection policies, the URL and the documenation say "Protection", however it's returning App Configuration policies and Windows Information Protection policies.

    Can this be corrected ?

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  19. Include deleted roleScopeTags when listing them

    The reoleScopeTags list operation does not return tags that were deleted on a global level (Microsoft Intune->Roles->Scope (Tags)), but devices may still be tagged with one of the deleted tags. Please make it possible (at least as an option) to return all tags.

    https://docs.microsoft.com/en-us/graph/api/intune-rbac-rolescopetag-list?view=graph-rest-beta&viewFallbackFrom=graph-rest-1.0

    By the way: the roleScopeTags behave inconsistently in the portal as well. Example: One of my devices was tagged with 6 tags. I deleted 4 of them in the roleScopeTag overview (Microsoft Intune->Roles->Scope (Tags)). In the device overview it now says: "Scope (Tags)
    6 scope tag(s) selected", but when opening the selection it only shows the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  20. delete windows store apps

    Unable to delete Windows Store for Business apps using the code provided in https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/intuneappswindowsstoreapp_delete

    Failure - Status Code 400; No OData route exists that match template ~/singleton/navigation/key/navigation with http verb DELETE for request

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Devices and Apps (Intune)  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base