Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Implement the possibility of adding AppRoleAssignment through the SDK

    The documentation is already there:

    https://docs.microsoft.com/en-us/graph/api/serviceprincipal-post-
    approleassignments?view=graph-rest-beta&tabs=csharp

    However the AddAsync method is not part of the latest beta-build

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Microsoft Graph API to support Enterprise Application User Querying

    Support for the ability to query AD users that are provisioned to an enterprise application.

    Based off of the Microsoft Graphi API there is no way to actively see the users and their associated permissions to an enterprise application.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    This API does exist and you can find it here:
    https://docs.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignments?view=graph-rest-beta&tabs=http

    Granted – this documentation can be massively improved. In the response you need to look at the principalType as it can be user, group or servicePrincipal. For your scenario, you can ignore servicePrincipal, but if a group is provisioned to an enterprise application, you’ll need to get the group’s direct group members (using GET ../groups/{id)/members) to find the users assigned (indirectly) to this enterprise application.

  3. Return conditional access policies with GET /policies

    Is it possible to retrieve conditional access policies using the 'List Policies' method from the /beta API?

    https://docs.microsoft.com/en-us/graph/api/policy-list?view=graph-rest-beta

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Skype/Teams provisioning via Graph

    Currently, we still have a high dependency on the Skype Online PowerShell module to facilitate identity management processes around user provisioning and subsequent configuration management. This is in the context of being run as a post provisioning process to the main Azure AD provisioning process within Microsoft Identity Manager.

    The underpinning issue is that while Azure AD's integration into Graph is quite good, it's non-existent for Teams/Skype (and numerous other products).

    A specific example of what we can't do right now in Graph is specify the various user policies (messaging, meeting, app setup, etc.) Instead, we have to call the…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. More speed when handling huge amount of notes in one sheet

    I have al my P&Ls for al 52 weeks inserted in to a table with 52 slots that means 52 columns and more than 15 rows. and it is so very slow to see. It is daunting. I don't want to switch softwares because for me Onenote is the more versatile but it crashes, si doesn't sync with my shared notebooks, it is incredible.

    I have a MacBook Pro with dual core and it still suffers. Please build something to solve this!!!
    Thanks
    Carlos
    New York

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Don't auto login accounts so accounts can be swapped (BUG)

    Whenever the Outlook sign in page pops up after a token request, i.e.:

    https://login.microsoftonline.com/common/oauth2/v2.0/authorize?clientid=&responsetype=code&redirecturi=&responsemode=query&scope=&state=

    It gives you the option to login with an account, but immediately forwards back to the redirect url, logging you in with the last selected account.

    A very frustrating bug for many people here.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Api

    Please provide API for manage the users based on application.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Support Azure Conditional Access for Microsoft Graph

    A lot of Microsoft products does not work as expected due to the fact the Microsoft Graph does not support Azure Conditional Access. Among the applications I can mention is Microsoft Teams, ToDo, etc. that all rely on the Microsoft Graph and breaks to to limited support or no support for Azure Conditional Access.

    Teams:
    https://microsoftteams.uservoice.com/forums/555103-public/suggestions/32657161-conditional-access-team-authentication

    ToDo:
    https://todo.uservoice.com/forums/597175-feature-suggestions/suggestions/32007451-add-support-for-conditional-access

    /Peter Selch Dahl - Azure MVP

    39 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Add user.readBasic.all permission as an app permission in Graph

    Azure AD graph has delegated permissions for user.readBasic.all which restricts the information that a 3rd party accessing this api can capture from our tenancy directory. We have a 3rd party app that accesses the Azure directory to retrieve basic data to set up accounts in its user directory and we need to restrict this to the basic data due to the security risk. We cannot rely on the 3rd party just doing the right thing all the time.

    I need a way to set the app to allow app permissions (not delegated as the read occurs every 4 hours without…

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add an endpoint to list the users in each role

    I need to be able to get a list of the "Supervisor" role assigned to a specific application for Azure AD. Please add this to Microsoft Graph

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. workday-AAD photo sync

    "Can I provision user's photo from Workday to Active Directory?
    The solution currently does not support setting binary attributes such as thumbnailPhoto and jpegPhoto in Active Directory."
    Photo management is a pain, we would love for users to upload their own photos to WD (taking care of the cropping and resizing for us) then it syncs to AD,AAD, sharepoint,delve,exchange, etc. Currently we add to AD then force sync to O365 because of sync issues.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Allow other values accepted in GroupMembershipClaim in Manifest for Azure AD

    Currently, GroupMembershipClaim in manifest only accepts one of ("null, "All", "SecurityGroup").

    SecurityGroup returns SecurityGroup along with Azure roles, It will be very useful if there is some filter which only returns SecurityGroup(excluding Azure roles) or only Distribution List.

    Reference: https://docs.microsoft.com/en-us/azure/active-directory/develop/reference-app-manifest

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application.

    Directory.AccessAsUser.All, How to add this permission to my registered app. Its a Delegated permission but I need it in Application permissions. So my app can have access to Reset password.

    When updating the passwordProfile property, the following permission is required: Directory.AccessAsUser.All.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. graph api does not send invitation email for guest user

    I've submitted to this api https://graph.microsoft.com/v1.0/invitations and it creates an invitation, but to send the email I have to log into the portal and click resend invitation. Please have the API actually send the email.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Support for custom resource type schema in azure SCIM implemetation

    Azure AD API implementation only supports User and Groups, but there is no support for provisioning to custom resourceTypes that might exist in the endpoint like devices, roles, entitlements

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Delete application IDs, Service Principals by owner

    Currently when one filters App IDs in AAD, it shows all of the App IDs regardless of who owns the AppID. The ASK here is to provide a way to ONLY shows those App IDs owned by the logged in user OR add a property in Get-AzureADApplication to filter by owner (currently there is no property that makes reference to who owns the application, and this is the reason we are not able to get the required information)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Atlassian Jira/Confluence user creation and authorization

    https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/ms-confluence-jira-plugin-adminguide

    The Jira and Confluence add-on currently only supports SSO authorization. I would like it to also support authorization and user account creation on first sign-in. This way it would be a full SAML implementation.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. There is no(latest) REST API to collect Azure AD application details

    For Azure active directory user related details we are able to collect using API through https://graphexplorer.azurewebsites.net, but for application created in azure Active Directory, don't have an API.

    Requesting MS team to either we need incorporate into Azure AD Graph API or release separate API and allow to get all the properties about the APP.

    Azure Active Directory application: https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. SCIM defects - ResourceTypes endpoint is not being requested by Azure

    Problem: Azure User Provisioning does not use the /ResourceTypes endpoint to discover the correct /Users endpoint in my SCIM implementation



    • Please refer to Page 74 of the SCIM specification, RFC7644, Section 4, which states:

      /ResourceTypes
      An HTTP GET to this endpoint is used to discover the types of
      resources available on a SCIM service provider (e.g., Users and
      Groups). Each resource type defines the endpoints, the core
      schema URI that defines the resource, and any supported schema
      extensions. The attributes defining a resource type can be found
      in Section 6 of [RFC7643], and an example representation can be
      found in…

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. add "skuDisplayName" in subscribedSkus

    In the https://graph.microsoft.com/v1.0/subscribedSkus endpoint

    the following payload is returned:
    ```
    {

    &quot;@odata.context&quot;: &quot;<a rel="nofollow noreferrer" href="https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;">https://graph.microsoft.com/v1.0/$metadata#subscribedSkus&quot;</a>,
    
    &quot;value&quot;: [
    {
    &quot;capabilityStatus&quot;: &quot;Enabled&quot;,
    &quot;consumedUnits&quot;: 3,
    &quot;id&quot;: &quot;6f87a78e-a29b-409d-ac41-6151b417dc65_189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuId&quot;: &quot;189a915c-fe4f-4ffa-bde4-85b9628d07a0&quot;,
    &quot;skuPartNumber&quot;: &quot;DEVELOPERPACK&quot;,
    &quot;appliesTo&quot;: &quot;User&quot;,
    &quot;prepaidUnits&quot;: {
    &quot;enabled&quot;: 10,
    &quot;suspended&quot;: 0,
    &quot;warning&quot;: 0
    },
    &quot;servicePlans&quot;: [...]
    }]

    }
    }
    ```

    "skuPartNumber" is listed as "DEVELOPERPACK" which I believe corresponds to a display name of "Office 365 Enterprise E3 Developer" in the "Home > Products" tab of my Office 365 admin account. In addition, various csv exports from graph endpoints and the admin pages use display name (such as the "Office365ActiveUserDetail" report) and not a…

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base