Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.

This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. expose “lastModifiedDateTime” on user

    I need to retrieve the last modified date of user profiles in Office 365 from the Graph API.

    Could you please provide the endpoint similar to https://graph.microsoft.com/beta/me/?$select=createdDateTime

    But have it be for the last time the user profile was modified by the user or admin, would be awesome for it to be https://graph.microsoft.com/beta/me/?$select=lastModifiedDateTime

    43 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  2. Support the $count operator for user and group objects

    Given that the return size of any query is limited, the $count operator should be supported a lot more broadly. My immediate need when targetting AzureAD instead of an OnPrem AD is knowing the number of users, and number of groups when I send a query.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide Graph API to check user has enabled Azure AD MFA or not

    Currently there is no API for identifying whether user is enabled with Azure AD MFA or not, so kindly provide

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    Coming soon! Work on this has been started. Keep an eye on the changelog (docs.microsoft.com/en-us/graph/changelog) -EY

  4. Provide API access to AAD user MFA Properties

    Would be good to not only retrieve the state of the authentication requirements, but the details around MFA as well: MFA Methods, etc (StrongAuthenticationMethod, StrongAuthenticationRequirement, StrongAuthenticationDetails that was available in PS for AAD V1)

    16 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  5. Include users' last logon time

    Last Logon is missing from the user objects in Azure! I'd like to be able to read the Last Logon information through the Graph API, to tell which users are actually logging in. But very surprisingly I can't find any such attribute!

    Can we please please add this attribute to the user object?

    461 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    38 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  6. Possibility to enable/disable multi-factor authentication for a user via the Graph API

    We would like to be able to set MFA for users from a custom application, by using Graph API or Azure AD SDK.

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    12 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
    started  ·  Azure AD Team responded

    We’re in the process of building APIs for both conditional access policies and authentication method registration. Between the two, you’ll be able to programmatically register your users’ auth methods (sms, voice, etc) and also create and edit conditional access policies to require MFA.

    Michael

  7. Add support for filtering users on assignedLicenses

    Getting a list of all users with a specific license without having to iterate through all users would make license management and reporting a whole lot easier.

    Example:
    https://graph.microsoft.com/beta/users?$filter=AssignedLicenses/any(a:a/SkuId eq f8a1db68-be16-40ed-86d5-cb42ce701560)

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  8. Ability to update the user's email aliases (proxyAddresses attribute).

    https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/entity-and-complex-type-reference#user-entity shows that we can GET, POST and PATCH the "otherMails" attribute of a user object. otherMails is described as "A list of additional email addresses for the user", which makes it sound like the user's email aliases. However, if you set this attribute, then look at the user in the Office365 Admin Center or Powershell, you see it's actually the "Alternate Email Address" attribute: i.e. the contact address required for admin accounts. In the Graph API the attribute that lists the email aliases is "proxyAddresses" and this is read-only (i.e. only supports GET). It's been explained to me by…

    47 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    6 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add a "My Groups - Read/Write" Permission (that does not require Admin Consent)

    It should not be necessary to require an admin consent to do Group read write operations through the graph API. There should be a permission for My Groups.

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    7 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    The work has started, but there is no target date yet due to early investigations. This will work first on Microsoft Teams, then we will target Office 365 Groups. ^JT

  10. Allow updating any users Photo with User.ReadWrite.All scope

    Currently even if you have the User.ReadWrite.All you cant update another users photo via:

    PUT /beta/users/{User ID}/photo/$value

    This would be VERY helpful.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Users  ·  Flag idea as inappropriate…  ·  Admin →

    This work has been started. There is no target In Preview date yet as the investigation is still ongoing on what complete work is required. ^JT

  • Don't see your idea?

Feedback and Knowledge Base