Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have anidea or feature suggestion based on your experience with Microsoft Graph?Please share these with us by submitting your idea below or voting up ideassubmitted by other users. This forum will be directly monitored by theMicrosoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, pleasechoose the corresponding category. Please submit any broad ideas related toMicrosoft Graph or ideas across more than one service to the “General”category.

This site is only for feature suggestions and ideas! If youneed technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on the Microsoft Graph, please checkout https://graph.microsoft.com .


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Allow service apps to create subscriptions for emails, contacts, etc. for an entire tenant

    When an admin grants consent to my service application, I would like to able to create a subscription for changes to emails, contacts, and other resource types, across the entire tenant. Unless I'm mistaken, I currently have to create a subscription for each user separately. It would be easier to only have to create one subscription for all users in the tenant and theoretically that would allow me to support more than 50,000 users (the max number of subscriptions that an application can create).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. Calculate & expose device's primary user based on usage (user to device affinity)

    In many reporting scenarios it is necessary to map between users/devices. E.g.,
    * VIP Victor is complaining about something, we need a list of the devices he uses
    * I need to report on crashes (or some other device data) by the user's department/building/etc.

    Today we have registeredUsers and registeredOwners, but these can't be used for this purpose because:
    A) They seem to reflect primarily administrative enrollment activity, not end-user-affinity
    B) They are many:many and don't automatically calculate a "primary user" based on logon activity

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Need API to get Azure AD tenant type: B2C or not

    We manage multiple Azure AD tenants and we need a property to distinguish b2c and non-b2c tenants. Right now we use a workarround - run MS Graph Delta API and analyse if error occurred. b2c doesn't support Delta - so we can understand that it is b2c.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Revocation of oauth tokens

    I am unable to find a way to revoke oauth tokens.
    It would be great if you could implement https://tools.ietf.org/html/rfc7009.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Allow data such as SAML, 2FA, conditional access in Azure AD through Graph API

    I guess the graph API is relatively new with some good features but still lacks certain resources.

    Access to data like SAML, 2FA, conditional access corresponding to every App in Azure AD through Graph API would be great.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Support more OData filters (like endswith or substringof)

    When using the 'classic' Get-MSOLUser, the -Domain parameter can be used to filter users by an equivalent "endswith(userPrincipalName, "domain.blah") filter, but this is not possible with the Graph API or the AzureAD v2 PowerShell module.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Backlog  ·  1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. make it possible to utilize other domains than .com for Graph extensions

    Currently one can only register schema extensions that have a name of a validated .com domain within the Azure Active Directory tenant. It should be possible to utilize other domains than .com for this purpose.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Expand navigation property of children with a single query

    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
    for example:
    https://graph.windows.net/<tenantid>/directoryObjects/<groupid>/members/?api-version=1.6&$expand=manager

    we gets the following response:
    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

    I suppose reason of such response is clear. and current workaround is the following:
    1) Get group members
    2) for each five members(using OData batch) get manager
    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

    We develop multi tenant application which access Azure AD of all our customers…

    67 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    We are still looking into it! It is due to current platform limitation, and there is some work going on to address this. Again, thank you for the suggestions! Keep the votes coming.

  9. Allow complex query for assignedLicenses

    Allow filters such as "assignedLicenses/any(x:x/skuId eq guid'4075ceb4-6426-4341-a899-f6a4430f5162')"

    The O365 admin portal can return such results easily, but using PowerShell/API requires me to retrieve 200,000+ objects and filter locally

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Provide examples that actually work, and a non overcomplicated guide/wizard

    Azure App/Manifest design and documentation is probably the worst design I have seen, and I have seen a lot.

    For starters you could document your implementation of Oauth2 with Azure using actual working examples. I have spent days and days sifting trough your cryptic, half written moron documentation justs to achieve the simplest of simple things, namely authorize a user and get the user security groups in a list.

    It is amazing how complicated you have managed to created the tools to perform such a mundane task. I was happy to see some initiative in the right direction, namely easyauth.azurewebsites.net,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. API for create and modify service principals with SAML SSO settings (example is SalesForce app)

    We need API to create or modify SAML SSO enabled applications in Azure AD. Use case is: somebody by a mistake deleted SalesForce application - we want the script to restore this app with all settings.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. API support to create application registration portal

    Is there any API available to create new Application in Application registration portal (https://apps.dev.microsoft.com) and get the password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide admin interface to grant the Managed Service Identity's service principal access to common API operations

    I'd like to be able to leverage the same experience that's offered to 'App Registrations' in the portal when granting my MSI's service principal (for example) access to individual operations within the MS Graph api.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Improve audit API signal-to-noise ratio by publishing MS-initiated events on a different endpoint

    User-initiated audit events often get drowned out by floods of MS-initiated events. These MS events are undocumented, don't present any obvious utility to the observer and can't easily be filtered out. They really should be on a separate endpoint so they can be ignored unless there were some need to monitor them. I understand that the Azure Graph is being deprecated. I hope this can be taken into consideration if and when the audit and reporting events get moved to the MS graph.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. Expose the passwordDescription field for application's client credential keys in Microsoft Graph API or Azure Graph API

    Currently when get a list of keys for an application through the Graph API, it returns the startDate, endDate, KeyId and Type. However, through the Azure Web portal we are able the set and view a description field when we go to settings -> keys. I don't see why this field should not be exposed through the APIs as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Provide details of license dependency in subscribed sku resposne

    It would be very if we get details of which license plan depends on which another license plan of same SKU. Because many times we get failure in license plan assignment/removal with error like

    License assignment failed because service plan <a>depends on the service plan(s) <b>

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Sign-in audit logs for Office 365 only tenants

    Provide sign-in audit logs for Office 365 Only tenants. It is unfair to make us purchase Azure AD Premium licenses to get these details.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Access without a user, client_assertion instead of client_secret

    There are two good documentation on

    https://developer.microsoft.com/en-us/graph/docs/concepts

    detailing how to get auth tokens, one of them being clientsecret granttype showing how to get access token without a signed in user, it would be great if that documentation was updated or a new one created showing how you can use clientassertion instead of clientsecret to fetch the access token.

    I know that there are many documentation on client_assertion but in my mind it would benifit alot of people to have it all toghether in one place instead of getting redirected to somewhere else which doesn't fully explain…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Support Uploading a x509 Certificate to application manifest for web apps using clientCredential flow

    As it is now there is no way of uploading a x509 certificate programmatically using https://graph.microsoft.com as resource but it's very much possible using https://graph.windows.net which seems very strange to me and only for Delegate Permissions.

    I know that they are two different apis but development on Azure Graph API has halted and I don't want to use that. Consider adding a functionality to upload a x509 certificate to application Manifest for applications created on Microsoft Application Registration Portal!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. allow api windows.graph.net to query the AAD Tenant's trust relationships with Azure Subscriptions

    allow api graph.windows.net or graph.microsoft.net to query the AAD Tenant's trust relationships with Azure Subscriptions. These trust relationships exist in the classic azure portal under Settings showing the Azure Subscription and the default AAD

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base