Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.

This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Api

    Please provide API for manage the users based on application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Graph API to support Enterprise Application User Querying

    Support for the ability to query AD users that are provisioned to an enterprise application.

    Based off of the Microsoft Graphi API there is no way to actively see the users and their associated permissions to an enterprise application.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Support Azure Conditional Access for Microsoft Graph

    A lot of Microsoft products does not work as expected due to the fact the Microsoft Graph does not support Azure Conditional Access. Among the applications I can mention is Microsoft Teams, ToDo, etc. that all rely on the Microsoft Graph and breaks to to limited support or no support for Azure Conditional Access.

    Teams:
    https://microsoftteams.uservoice.com/forums/555103-public/suggestions/32657161-conditional-access-team-authentication

    ToDo:
    https://todo.uservoice.com/forums/597175-feature-suggestions/suggestions/32007451-add-support-for-conditional-access

    /Peter Selch Dahl - Azure MVP

    37 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Allow other values accepted in GroupMembershipClaim in Manifest for Azure AD

    Currently, GroupMembershipClaim in manifest only accepts one of ("null, "All", "SecurityGroup").

    SecurityGroup returns SecurityGroup along with Azure roles, It will be very useful if there is some filter which only returns SecurityGroup(excluding Azure roles) or only Distribution List.

    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Support Azure AD B2C local account

    There is currently no easy way to manage Azure AD B2C local account from a .Net Core app.

    Currently the only way to manage B2C local account is with Azure AD Graph API through Microsoft.Azure.ActiveDirectory.GraphClient nuget. But since those projects are deprecated and only maintained for critical issues, they will not be ported to .Net Core.

    If you have an ASP.Net Core WebApp or WebApi you need to use the Microsoft Graph .NET Client Library which support .Net Standard 1.1. But as Microsoft Graph API does not support local account, it is useless if your tenant is an Azure AD…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    This is now in Microsoft Graph beta. Please see the identities property of the user resource https://docs.microsoft.com/graph/api/resources/user?view=graph-rest-beta and the objectIdentity resource type: https://docs.microsoft.com/graph/api/resources/objectidentity?view=graph-rest-beta. You can see an example of creating a user with the identities property here (second example): https://docs.microsoft.com/graph/api/user-post-users?view=graph-rest-beta&tabs=http

    We hope to have this in GA by end of 2019 Q4, but it might roll into 2020 Q1.

  6. Add an endpoint to list the users in each role

    I need to be able to get a list of the "Supervisor" role assigned to a specific application for Azure AD. Please add this to Microsoft Graph

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. graph api does not send invitation email for guest user

    I've submitted to this api https://graph.microsoft.com/v1.0/invitations and it creates an invitation, but to send the email I have to log into the portal and click resend invitation. Please have the API actually send the email.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Delete application IDs, Service Principals by owner

    Currently when one filters App IDs in AAD, it shows all of the App IDs regardless of who owns the AppID. The ASK here is to provide a way to ONLY shows those App IDs owned by the logged in user OR add a property in Get-AzureADApplication to filter by owner (currently there is no property that makes reference to who owns the application, and this is the reason we are not able to get the required information)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Atlassian Jira/Confluence user creation and authorization

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide

    The Jira and Confluence add-on currently only supports SSO authorization. I would like it to also support authorization and user account creation on first sign-in. This way it would be a full SAML implementation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. There is no(latest) REST API to collect Azure AD application details

    For Azure active directory user related details we are able to collect using API through https://graphexplorer.azurewebsites.net, but for application created in azure Active Directory, don't have an API.

    Requesting MS team to either we need incorporate into Azure AD Graph API or release separate API and allow to get all the properties about the APP.

    Azure Active Directory application: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add user.readBasic.all permission as an app permission in Graph

    Azure AD graph has delegated permissions for user.readBasic.all which restricts the information that a 3rd party accessing this api can capture from our tenancy directory. We have a 3rd party app that accesses the Azure directory to retrieve basic data to set up accounts in its user directory and we need to restrict this to the basic data due to the security risk. We cannot rely on the 3rd party just doing the right thing all the time.

    I need a way to set the app to allow app permissions (not delegated as the read occurs every 4 hours without…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application.

    Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application permissions. So my app can have access to Reset password.

    When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Connect to outlook Office 365 IMAP using OAUTH2

    From https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2

    It would be way easier to integrate with Office 365 if only you could allow us to login to IMAP using OAuth2. I understand that you are biased towards REST API but it's just making a developer life a hell.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Global Application Configuration Endpoint for MS Graph

    Ref: https://stackoverflow.com/questions/53686477/global-application-configuration-for-microsoft-graph-api/53698846

    It would be great to store some global Application configuration in MS Graph which can be edited by specific user groups but be readable for everybody in the organization.

    Example usecase:
    - Store internal Link Map of Company which will be picked up by SPA. Links can be updated by admin.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Application Extension Properties documentation is gone, is this feature going away?

    We are using Application Extensions but are worried this is going away. The feature is still working we just noticed the documentation on the beta reference below is no longer working so want to know the future of this!

    Documentation link now broken:
    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/applicationlistextensionproperties

    API sample call to get list of application extensions:
    https://graph.microsoft.com/beta/applications/{id}/extensionProperties

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide endpoint to return subscribedSkus cost per user per month/annum

    Since there is an API the returns the subscribedSku's already, it would be nice to have a new endpoint or extend the existing api to return the subscribedSkus cost per user per month/annum

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Some of the Organization property names are incorrect under properties section

    Some of the organization property names are incorrect. Organization object does have neither companyLastDirSyncTime nor dirSyncEnabled. Please update documentation accordingly under properties section.

    Here is the documentation url: https://docs.microsoft.com/en-us/graph/api/resources/organization?view=graph-rest-beta

    Correct property names should be:
    - onPremisesLastSyncDateTime
    - onPremisesSyncEnabled

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow programmatic access of BitLocker recovery keys

    Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.

    It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.

    A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.

    Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Return Description field along with Key/Password Credentials. Inconsistent with front end.

    KeyCredentials/PasswordCredentials are assigned a description field when using the portal, but we cannot access that field when using the API. makes it difficult to keep track of changes made manually and ones via the API

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. add "skuDisplayName" in subscribedSkus

    In the https://graph.microsoft.com/v1.0/subscribedSkus endpoint

    the following payload is returned:
    ```
    {

    &quot;@odata.context&quot;: &quot;<a rel="nofollow noreferrer" href="https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;">https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;</a>,
    
    &quot;value&quot;: [
    {
    &quot;capabilityStatus&quot;: &quot;Enabled&quot;,
    &quot;consumedUnits&quot;: 3,
    &quot;id&quot;: &quot;6f87a78e-a29b-409d-ac41-6151b417dc65_189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuId&quot;: &quot;189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuPartNumber&quot;: &quot;DEVELOPERPACK&quot;,
    &quot;appliesTo&quot;: &quot;User&quot;,
    &quot;prepaidUnits&quot;: {
    &quot;enabled&quot;: 10,
    &quot;suspended&quot;: 0,
    &quot;warning&quot;: 0
    },
    &quot;servicePlans&quot;: [...]
    }]

    }
    }
    ```

    "skuPartNumber" is listed as "DEVELOPERPACK" which I believe corresponds to a display name of "Office 365 Enterprise E3 Developer" in the "Home > Products" tab of my Office 365 admin account. In addition, various csv exports from graph endpoints and the admin pages use display name (such as the "Office365ActiveUserDetail" report) and not a…

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base