Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide admin interface to grant the Managed Service Identity's service principal access to common API operations

    I'd like to be able to leverage the same experience that's offered to 'App Registrations' in the portal when granting my MSI's service principal (for example) access to individual operations within the MS Graph api.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. It would be beneficial to automate User provisioning option(to remove the license for terminated users) via ISIM

    we are trying to automate license removal for terminated users in our company, right now we manually remove the license, but trying to implement O365 Adapter to automate but it looks like fail. Please advise!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Allow service apps to create subscriptions for emails, contacts, etc. for an entire tenant

    When an admin grants consent to my service application, I would like to able to create a subscription for changes to emails, contacts, and other resource types, across the entire tenant. Unless I'm mistaken, I currently have to create a subscription for each user separately. It would be easier to only have to create one subscription for all users in the tenant and theoretically that would allow me to support more than 50,000 users (the max number of subscriptions that an application can create).

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. User schema extension properties can be configured to show up in token claims

    Allow developers/tenant admins to configure apps so that schema extension properties (added to users through Microsoft Graph) can show up as claims in id and access tokens

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    This work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY

  5. Need API to get Azure AD tenant type: B2C or not

    We manage multiple Azure AD tenants and we need a property to distinguish b2c and non-b2c tenants. Right now we use a workarround - run MS Graph Delta API and analyse if error occurred. b2c doesn't support Delta - so we can understand that it is b2c.

    7 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow data such as SAML, 2FA, conditional access in Azure AD through Graph API

    I guess the graph API is relatively new with some good features but still lacks certain resources.

    Access to data like SAML, 2FA, conditional access corresponding to every App in Azure AD through Graph API would be great.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Support more OData filters (like endswith or substringof)

    When using the 'classic' Get-MSOLUser, the -Domain parameter can be used to filter users by an equivalent "endswith(userPrincipalName, "domain.blah") filter, but this is not possible with the Graph API or the AzureAD v2 PowerShell module.

    14 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Backlog  ·  1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Return the nextlifecycledate from subscribedSkus

    Return the nextlifecycledate for
    GET https://graph.microsoft.com/beta/subscribedSkus

    get-msolsubscription returns this property. As you encourage people to use graph APIs, instead of MSOL commandlets, please try to provided equivalent functionality in the graph api world.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. make it possible to utilize other domains than .com for Graph extensions

    Currently one can only register schema extensions that have a name of a validated .com domain within the Azure Active Directory tenant. It should be possible to utilize other domains than .com for this purpose.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Expand navigation property of children with a single query

    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
    for example:
    https://graph.windows.net/<tenantid>/directoryObjects/<groupid>/members/?api-version=1.6&$expand=manager

    we gets the following response:
    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

    I suppose reason of such response is clear. and current workaround is the following:
    1) Get group members
    2) for each five members(using OData batch) get manager
    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

    We develop multi tenant application which access Azure AD of all our customers…

    70 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    We are still looking into it! It is due to current platform limitation, and there is some work going on to address this. Again, thank you for the suggestions! Keep the votes coming.

  11. 17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    WhenCreated (createdDateTime) is already exposed on some objects, like user, and organization in Microsoft Graph. This may get extended to other objects. NOTE for the user resource you will need to explicitly $select this property to get it in the response.

    We don’t currently expose WhenChanged. I don’t think this is even in the backlog – sorry. We would also need to look at the history aspect, but you could build your own history (including when changed) by using the directory audit logs – https://docs.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0

  12. Office 365 Unified API Credentials/Call Proxy

    It should be possible through the Office.js to call the Unified API, without having to log on separately in the add-in using adal. This would drasticall simplify the application flow. It could possibly be implemented similarly to mailbox.makeEwsRequestAsync.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Provide examples that actually work, and a non overcomplicated guide/wizard

    Azure App/Manifest design and documentation is probably the worst design I have seen, and I have seen a lot.

    For starters you could document your implementation of Oauth2 with Azure using actual working examples. I have spent days and days sifting trough your cryptic, half written moron documentation justs to achieve the simplest of simple things, namely authorize a user and get the user security groups in a list.

    It is amazing how complicated you have managed to created the tools to perform such a mundane task. I was happy to see some initiative in the right direction, namely easyauth.azurewebsites.net,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. API for create and modify service principals with SAML SSO settings (example is SalesForce app)

    We need API to create or modify SAML SSO enabled applications in Azure AD. Use case is: somebody by a mistake deleted SalesForce application - we want the script to restore this app with all settings.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. API support to create application registration portal

    Is there any API available to create new Application in Application registration portal (https://apps.dev.microsoft.com) and get the password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Improve audit API signal-to-noise ratio by publishing MS-initiated events on a different endpoint

    User-initiated audit events often get drowned out by floods of MS-initiated events. These MS events are undocumented, don't present any obvious utility to the observer and can't easily be filtered out. They really should be on a separate endpoint so they can be ignored unless there were some need to monitor them. I understand that the Azure Graph is being deprecated. I hope this can be taken into consideration if and when the audit and reporting events get moved to the MS graph.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Expose the passwordDescription field for application's client credential keys in Microsoft Graph API or Azure Graph API

    Currently when get a list of keys for an application through the Graph API, it returns the startDate, endDate, KeyId and Type. However, through the Azure Web portal we are able the set and view a description field when we go to settings -> keys. I don't see why this field should not be exposed through the APIs as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Provide details of license dependency in subscribed sku resposne

    It would be very if we get details of which license plan depends on which another license plan of same SKU. Because many times we get failure in license plan assignment/removal with error like

    License assignment failed because service plan <a>depends on the service plan(s) <b>

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. Sign-in audit logs for Office 365 only tenants

    Provide sign-in audit logs for Office 365 Only tenants. It is unfair to make us purchase Azure AD Premium licenses to get these details.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Access without a user, client_assertion instead of client_secret

    There are two good documentation on

    https://developer.microsoft.com/en-us/graph/docs/concepts

    detailing how to get auth tokens, one of them being clientsecret granttype showing how to get access token without a signed in user, it would be great if that documentation was updated or a new one created showing how you can use clientassertion instead of clientsecret to fetch the access token.

    I know that there are many documentation on client_assertion but in my mind it would benifit alot of people to have it all toghether in one place instead of getting redirected to somewhere else which doesn't fully explain…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base