Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Provide endpoint to return subscribedSkus cost per user per month/annum

    Since there is an API the returns the subscribedSku's already, it would be nice to have a new endpoint or extend the existing api to return the subscribedSkus cost per user per month/annum

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  2. REST API Support for Creating Directories

    REST API should support the ability to create/suspend/delete whole directories towards Azure AD. This is something that has to me done manually today, not that good for creating automated services with Azure Stack with a lot of directories.

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Connect to outlook Office 365 IMAP using OAUTH2

    From https://stackoverflow.com/questions/29747477/imap-auth-in-office-365-using-oauth2

    It would be way easier to integrate with Office 365 if only you could allow us to login to IMAP using OAuth2. I understand that you are biased towards REST API but it's just making a developer life a hell.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. Global Application Configuration Endpoint for MS Graph

    Ref: https://stackoverflow.com/questions/53686477/global-application-configuration-for-microsoft-graph-api/53698846

    It would be great to store some global Application configuration in MS Graph which can be edited by specific user groups but be readable for everybody in the organization.

    Example usecase:
    - Store internal Link Map of Company which will be picked up by SPA. Links can be updated by admin.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Application Extension Properties documentation is gone, is this feature going away?

    We are using Application Extensions but are worried this is going away. The feature is still working we just noticed the documentation on the beta reference below is no longer working so want to know the future of this!

    Documentation link now broken:
    https://developer.microsoft.com/en-us/graph/docs/api-reference/beta/api/applicationlistextensionproperties

    API sample call to get list of application extensions:
    https://graph.microsoft.com/beta/applications/{id}/extensionProperties

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Allow programmatic access of BitLocker recovery keys

    Currently it is possible (if you have permission) to view BitLocker recovery keys on the "Device" page of the Azure Active Directory portal.

    It is also possible to view Device information through the API or through Microsoft Graph, but this does not include the BitLocker recovery information.

    A programmatic way to view this data would be incredibly useful for creating a secure backup of the recovery keys.

    Another use case, which is what I was hoping to achieve, is to have users in the field encrypt data with their BitLocker key and then send a CD containing the encrypted data…

    10 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Some of the Organization property names are incorrect under properties section

    Some of the organization property names are incorrect. Organization object does have neither companyLastDirSyncTime nor dirSyncEnabled. Please update documentation accordingly under properties section.

    Here is the documentation url: https://docs.microsoft.com/en-us/graph/api/resources/organization?view=graph-rest-beta

    Correct property names should be:
    - onPremisesLastSyncDateTime
    - onPremisesSyncEnabled

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Calculate & expose device's primary user based on usage (user to device affinity)

    In many reporting scenarios it is necessary to map between users/devices. E.g.,
    * VIP Victor is complaining about something, we need a list of the devices he uses
    * I need to report on crashes (or some other device data) by the user's department/building/etc.

    Today we have registeredUsers and registeredOwners, but these can't be used for this purpose because:
    A) They seem to reflect primarily administrative enrollment activity, not end-user-affinity
    B) They are many:many and don't automatically calculate a "primary user" based on logon activity

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Return Description field along with Key/Password Credentials. Inconsistent with front end.

    KeyCredentials/PasswordCredentials are assigned a description field when using the portal, but we cannot access that field when using the API. makes it difficult to keep track of changes made manually and ones via the API

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. API for create and modify service principals with SAML SSO settings (example is SalesForce app)

    We need API to create or modify SAML SSO enabled applications in Azure AD. Use case is: somebody by a mistake deleted SalesForce application - we want the script to restore this app with all settings.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. Allow service apps to create subscriptions for emails, contacts, etc. for an entire tenant

    When an admin grants consent to my service application, I would like to able to create a subscription for changes to emails, contacts, and other resource types, across the entire tenant. Unless I'm mistaken, I currently have to create a subscription for each user separately. It would be easier to only have to create one subscription for all users in the tenant and theoretically that would allow me to support more than 50,000 users (the max number of subscriptions that an application can create).

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Provide admin interface to grant the Managed Service Identity's service principal access to common API operations

    I'd like to be able to leverage the same experience that's offered to 'App Registrations' in the portal when granting my MSI's service principal (for example) access to individual operations within the MS Graph api.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. It would be beneficial to automate User provisioning option(to remove the license for terminated users) via ISIM

    we are trying to automate license removal for terminated users in our company, right now we manually remove the license, but trying to implement O365 Adapter to automate but it looks like fail. Please advise!

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. User schema extension properties can be configured to show up in token claims

    Allow developers/tenant admins to configure apps so that schema extension properties (added to users through Microsoft Graph) can show up as claims in id and access tokens

    9 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    This work is on the backlog and currently isn’t scheduled. The feature will be updated here once dev work is started. -EY

  15. Need API to get Azure AD tenant type: B2C or not

    We manage multiple Azure AD tenants and we need a property to distinguish b2c and non-b2c tenants. Right now we use a workarround - run MS Graph Delta API and analyse if error occurred. b2c doesn't support Delta - so we can understand that it is b2c.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Allow data such as SAML, 2FA, conditional access in Azure AD through Graph API

    I guess the graph API is relatively new with some good features but still lacks certain resources.

    Access to data like SAML, 2FA, conditional access corresponding to every App in Azure AD through Graph API would be great.

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. Support more OData filters (like endswith or substringof)

    When using the 'classic' Get-MSOLUser, the -Domain parameter can be used to filter users by an equivalent "endswith(userPrincipalName, "domain.blah") filter, but this is not possible with the Graph API or the AzureAD v2 PowerShell module.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    In Backlog  ·  1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Return the nextlifecycledate from subscribedSkus

    Return the nextlifecycledate for
    GET https://graph.microsoft.com/beta/subscribedSkus

    get-msolsubscription returns this property. As you encourage people to use graph APIs, instead of MSOL commandlets, please try to provided equivalent functionality in the graph api world.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. make it possible to utilize other domains than .com for Graph extensions

    Currently one can only register schema extensions that have a name of a validated .com domain within the Azure Active Directory tenant. It should be possible to utilize other domains than .com for this purpose.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Expand navigation property of children with a single query

    Impossible to get members of Azure AD group with expanded 'manager' property in one request.
    for example:
    https://graph.windows.net/<tenantid>/directoryObjects/<groupid>/members/?api-version=1.6&$expand=manager

    we gets the following response:
    {"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"An unsupported query was observed. Please ensure you query does not navigate across multiple reference-properties."}

    I suppose reason of such response is clear. and current workaround is the following:
    1) Get group members
    2) for each five members(using OData batch) get manager
    But this way make us do a lot of requests to Azure AD and we expect performance degradation here.

    We develop multi tenant application which access Azure AD of all our customers…

    71 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
    under review  ·  Azure AD Team responded

    We are still looking into it! It is due to current platform limitation, and there is some work going on to address this. Again, thank you for the suggestions! Keep the votes coming.

  • Don't see your idea?

Feedback and Knowledge Base