Need ability to allow other resources (such as the Directory.ReadWrite permission) to be scoped/restricted similar to the Application permissions for Exchange resources.

Per MSFT, unfortunately, only Application Permissions for Exchange Online resources can be currently restricted/scoped in Microsoft Graph.

https://docs.microsoft.com/en-us/graph/auth-limit-mailbox-access

In the official documentation there is an example to make a DELETE request in order to delete a member from a group. Here's the documentation

DELETE https://graph.microsoft.com/v1.0/groups/{group-id}/members/{directory-object-id}/$ref

So far from what i've found and tested, when adding an user to a group, you can add up to 20 users per request, into a group

I was wondering if there is any possibility to remove multiple users from a group per request, or if you could remove 20 users at a time from a group, per request, like you can do when you're adding them into a group.

assignedLabels:
The list of sensitivity label pairs (label ID, label name) associated with an Office 365 group. Returned only on $select. Read-only.

Please give us the option to set/write/delete/modify a sensitivity label on a Group / SharePoint Site / Team.

when O365 groups are mail enabled and set to accept messages from external senders the original internet message id and maybe also the external sender email address should be in the JSON payload to verify if it is an email from an external sender.

It would be nice to fix that bug notified FOUR years ago....

I started a new app using MS GRAPH as you suggests, but there are bugs like this for 4 years, so now we must switch to powershell or other option because that silly bug.

It would be nice to have the option to query a user's membership of groups, indicating/limiting the type of group based on securityEnabled and/or mailEnabled flags.

For instance:
https://graph.microsoft.com/v1.0/users/[objectID]/memberof?$filter=securityEnabled eq true

Via MsGraph do the equivalent of the -IgnoreNamingPolicy parameter of Powershell.

https://docs.microsoft.com/en-us/exchange/recipients-in-exchange-online/manage-distribution-groups/override-group-naming-policy

As per https://docs.microsoft.com/en-us/graph/group-set-options resourceBehaviorOptions is a string collection that specifies group behaviors for a Microsoft 365 group. These bahaviors can be set only on group creation (POST).

I would like to be able to update these values later, right now they're considered immutable: Property cannot be updated because it is immutable.

This is specifically useful for us as we would like to enforce certain settings (HideGroupInOutlook, SubscribeMembersToCalendarEventsDisabled, in the future HiddenFromAddressListsEnabled) when some conditions apply.

A better method to either filter M365 based Yammer groups or query only yammer groups. As "resourceBehaviorOptions" is not always acurate.

The Azure Active Directory interface provides in their Group Details page a section called "Group Links". It lists all services associated with the Microsoft Group shown. Would it be possible to get an overview how this information is generated?

Is it possible to get an endpoint that provides these "Group Links" for a group? This might be useful when providing all linked services to an enduser.

The idea is that I can request profile images from all of the members in a group.
Currently, I am having to loop through the users and request the profile picture from every user individually in seperatei requests. I hope you can see how this is sub-optimal. I would rather batch the request with /group/{id}/members endpoint and then use the /group/{id}/members/photos/ endpoint to fetch the profile pictures for example.

Microsoft Graph to get Privileged access groups

Allow the setting of the MailEnabled flag to true via the graph api

Provide ability to return owners for non-unified groups using documented /groups/{ID}/owners ODATA reference.

https://docs.microsoft.com/en-us/graph/api/group-list-owners?view=graph-rest-1.0&tabs=http

Today this only works for Unified Groups and doesn't provide values for Distribution Lists and Mail Enabled Security Groups. Same thing with get-azureadgroupowner powershell command.

I understand this is known limitation, hoping to get enough votes to bump this higher in priority stack as serious limitation for automation of group management.

https://docs.microsoft.com/en-us/graph/known-issues#query-parameter-limitations

In sandbox, Graph Explorer, problem can easily be recreated with this GET request:
https://graph.microsoft.com/v1.0/groups/d8e62a27-848b-437d-8cf1-a21f0e410ed7/owners

Add or remove a member to or from a mail-enabled security group from within a web application. We do know that this works in Powershell with the Add-DistributionGroupMember cmdlet. We want to do the same through Graph

Currently, we can only filter AAD Groups on the DisplayName attribute using the StartsWith operator. It would be useful to be able to use the Contains operator.

We need application specific permission for channel send message. https://docs.microsoft.com/en-us/graph/api/channel-post-messages?view=graph-rest-1.0&tabs=http. The group conversation needs more granual permission for services. the group read write all givers too much access and is problematic.

I would like to do a request like "/groups/{id}/members" in order to get all the members from a particular Exchange Dynamic Distribution Group.

Also, I would like to have a way to find the ID of an Exchange Dynamic Distribution Group (for example, a request to "/groups/" does not return any group of this type).