Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow other values accepted in GroupMembershipClaim in Manifest for Azure AD

    Currently, GroupMembershipClaim in manifest only accepts one of ("null, "All", "SecurityGroup").

    SecurityGroup returns SecurityGroup along with Azure roles, It will be very useful if there is some filter which only returns SecurityGroup(excluding Azure roles) or only Distribution List.

    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Add user.readBasic.all permission as an app permission in Graph

    Azure AD graph has delegated permissions for user.readBasic.all which restricts the information that a 3rd party accessing this api can capture from our tenancy directory. We have a 3rd party app that accesses the Azure directory to retrieve basic data to set up accounts in its user directory and we need to restrict this to the basic data due to the security risk. We cannot rely on the 3rd party just doing the right thing all the time.

    I need a way to set the app to allow app permissions (not delegated as the read occurs every 4 hours without…

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. graph api does not send invitation email for guest user

    I've submitted to this api https://graph.microsoft.com/v1.0/invitations and it creates an invitation, but to send the email I have to log into the portal and click resend invitation. Please have the API actually send the email.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Support for custom resource type schema in azure SCIM implemetation

    Azure AD API implementation only supports User and Groups, but there is no support for provisioning to custom resourceTypes that might exist in the endpoint like devices, roles, entitlements

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application.

    Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application permissions. So my app can have access to Reset password.

    When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Delete application IDs, Service Principals by owner

    Currently when one filters App IDs in AAD, it shows all of the App IDs regardless of who owns the AppID. The ASK here is to provide a way to ONLY shows those App IDs owned by the logged in user OR add a property in Get-AzureADApplication to filter by owner (currently there is no property that makes reference to who owns the application, and this is the reason we are not able to get the required information)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Atlassian Jira/Confluence user creation and authorization

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide

    The Jira and Confluence add-on currently only supports SSO authorization. I would like it to also support authorization and user account creation on first sign-in. This way it would be a full SAML implementation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. There is no(latest) REST API to collect Azure AD application details

    For Azure active directory user related details we are able to collect using API through https://graphexplorer.azurewebsites.net, but for application created in azure Active Directory, don't have an API.

    Requesting MS team to either we need incorporate into Azure AD Graph API or release separate API and allow to get all the properties about the APP.

    Azure Active Directory application: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. SCIM defects - ResourceTypes endpoint is not being requested by Azure

    Problem: Azure User Provisioning does not use the /ResourceTypes endpoint to discover the correct /Users endpoint in my SCIM implementation



    • Please refer to Page 74 of the SCIM specification, RFC7644, Section 4, which states:

      /ResourceTypes
      An HTTP GET to this endpoint is used to discover the types of
      resources available on a SCIM service provider (e.g., Users and
      Groups). Each resource type defines the endpoints, the core
      schema URI that defines the resource, and any supported schema
      extensions. The attributes defining a resource type can be found
      in Section 6 of [RFC7643], and an example representation can be
      found in…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. add "skuDisplayName" in subscribedSkus

    In the https://graph.microsoft.com/v1.0/subscribedSkus endpoint

    the following payload is returned:
    ```
    {

    &quot;@odata.context&quot;: &quot;<a rel="nofollow noreferrer" href="https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;">https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;</a>,
    
    &quot;value&quot;: [
    {
    &quot;capabilityStatus&quot;: &quot;Enabled&quot;,
    &quot;consumedUnits&quot;: 3,
    &quot;id&quot;: &quot;6f87a78e-a29b-409d-ac41-6151b417dc65_189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuId&quot;: &quot;189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuPartNumber&quot;: &quot;DEVELOPERPACK&quot;,
    &quot;appliesTo&quot;: &quot;User&quot;,
    &quot;prepaidUnits&quot;: {
    &quot;enabled&quot;: 10,
    &quot;suspended&quot;: 0,
    &quot;warning&quot;: 0
    },
    &quot;servicePlans&quot;: [...]
    }]

    }
    }
    ```

    "skuPartNumber" is listed as "DEVELOPERPACK" which I believe corresponds to a display name of "Office 365 Enterprise E3 Developer" in the "Home > Products" tab of my Office 365 admin account. In addition, various csv exports from graph endpoints and the admin pages use display name (such as the "Office365ActiveUserDetail" report) and not a…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Provide endpoint to return subscribedSkus cost per user per month/annum

    Since there is an API the returns the subscribedSku's already, it would be nice to have a new endpoint or extend the existing api to return the subscribedSkus cost per user per month/annum

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. REST API Support for Creating Directories

    REST API should support the ability to create/suspend/delete whole directories towards Azure AD. This is something that has to me done manually today, not that good for creating automated services with Azure Stack with a lot of directories.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Connect to outlook Office 365 IMAP using OAUTH2

    From https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2

    It would be way easier to integrate with Office 365 if only you could allow us to login to IMAP using OAuth2. I understand that you are biased towards REST API but it's just making a developer life a hell.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Global Application Configuration Endpoint for MS Graph

    Ref: https://stackoverflow.com/questions/53686477/global-application-configuration-for-microsoft-graph-api/53698846

    It would be great to store some global Application configuration in MS Graph which can be edited by specific user groups but be readable for everybody in the organization.

    Example usecase:
    - Store internal Link Map of Company which will be picked up by SPA. Links can be updated by admin.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Application Extension Properties documentation is gone, is this feature going away?

    We are using Application Extensions but are worried this is going away. The feature is still working we just noticed the documentation on the beta reference below is no longer working so want to know the future of this!

    Documentation link now broken:
    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/applicationlistextensionproperties

    API sample call to get list of application extensions:
    https://graph.microsoft.com/beta/applications/{id}/extensionProperties

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow programmatic access of BitLocker recovery keys

    Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.

    It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.

    A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.

    Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Some of the Organization property names are incorrect under properties section

    Some of the organization property names are incorrect. Organization object does have neither companyLastDirSyncTime nor dirSyncEnabled. Please update documentation accordingly under properties section.

    Here is the documentation url: https://docs.microsoft.com/en-us/graph/api/resources/organization?view=graph-rest-beta

    Correct property names should be:
    - onPremisesLastSyncDateTime
    - onPremisesSyncEnabled

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Calculate & expose device's primary user based on usage (user to device affinity)

    In many reporting scenarios it is necessary to map between users/devices. E.g.,
    * VIP Victor is complaining about something, we need a list of the devices he uses
    * I need to report on crashes (or some other device data) by the user's department/building/etc.

    Today we have registeredUsers and registeredOwners, but these can't be used for this purpose because:
    A) They seem to reflect primarily administrative enrollment activity, not end-user-affinity
    B) They are many:many and don't automatically calculate a "primary user" based on logon activity

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Return Description field along with Key/Password Credentials. Inconsistent with front end.

    KeyCredentials/PasswordCredentials are assigned a description field when using the portal, but we cannot access that field when using the API. makes it difficult to keep track of changes made manually and ones via the API

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Provide admin interface to grant the Managed Service Identity's service principal access to common API operations

    I'd like to be able to leverage the same experience that's offered to 'App Registrations' in the portal when granting my MSI's service principal (for example) access to individual operations within the MS Graph api.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base