Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. 17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    WhenCreated (createdDateTime) is already exposed on some objects, like user, and organization in Microsoft Graph. This may get extended to other objects. NOTE for the user resource you will need to explicitly $select this property to get it in the response.

    We don’t currently expose WhenChanged. I don’t think this is even in the backlog – sorry. We would also need to look at the history aspect, but you could build your own history (including when changed) by using the directory audit logs – https://docs.microsoft.com/en-us/graph/api/resources/azure-ad-auditlog-overview?view=graph-rest-1.0

  2. Office 365 Unified API Credentials/Call Proxy

    It should be possible through the Office.js to call the Unified API, without having to log on separately in the add-in using adal. This would drasticall simplify the application flow. It could possibly be implemented similarly to mailbox.makeEwsRequestAsync.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  3. Provide examples that actually work, and a non overcomplicated guide/wizard

    Azure App/Manifest design and documentation is probably the worst design I have seen, and I have seen a lot.

    For starters you could document your implementation of Oauth2 with Azure using actual working examples. I have spent days and days sifting trough your cryptic, half written moron documentation justs to achieve the simplest of simple things, namely authorize a user and get the user security groups in a list.

    It is amazing how complicated you have managed to created the tools to perform such a mundane task. I was happy to see some initiative in the right direction, namely easyauth.azurewebsites.net,…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  4. API support to create application registration portal

    Is there any API available to create new Application in Application registration portal (https://apps.dev.microsoft.com) and get the password.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  5. Improve audit API signal-to-noise ratio by publishing MS-initiated events on a different endpoint

    User-initiated audit events often get drowned out by floods of MS-initiated events. These MS events are undocumented, don't present any obvious utility to the observer and can't easily be filtered out. They really should be on a separate endpoint so they can be ignored unless there were some need to monitor them. I understand that the Azure Graph is being deprecated. I hope this can be taken into consideration if and when the audit and reporting events get moved to the MS graph.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  6. Expose the passwordDescription field for application's client credential keys in Microsoft Graph API or Azure Graph API

    Currently when get a list of keys for an application through the Graph API, it returns the startDate, endDate, KeyId and Type. However, through the Azure Web portal we are able the set and view a description field when we go to settings -> keys. I don't see why this field should not be exposed through the APIs as well.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  7. Provide details of license dependency in subscribed sku resposne

    It would be very if we get details of which license plan depends on which another license plan of same SKU. Because many times we get failure in license plan assignment/removal with error like

    License assignment failed because service plan <a>depends on the service plan(s) <b>

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  8. Sign-in audit logs for Office 365 only tenants

    Provide sign-in audit logs for Office 365 Only tenants. It is unfair to make us purchase Azure AD Premium licenses to get these details.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  9. Access without a user, client_assertion instead of client_secret

    There are two good documentation on

    https://developer.microsoft.com/en-us/graph/docs/concepts

    detailing how to get auth tokens, one of them being clientsecret granttype showing how to get access token without a signed in user, it would be great if that documentation was updated or a new one created showing how you can use clientassertion instead of clientsecret to fetch the access token.

    I know that there are many documentation on client_assertion but in my mind it would benifit alot of people to have it all toghether in one place instead of getting redirected to somewhere else which doesn't fully explain…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  10. Support Uploading a x509 Certificate to application manifest for web apps using clientCredential flow

    As it is now there is no way of uploading a x509 certificate programmatically using https://graph.microsoft.com as resource but it's very much possible using https://graph.windows.net which seems very strange to me and only for Delegate Permissions.

    I know that they are two different apis but development on Azure Graph API has halted and I don't want to use that. Consider adding a functionality to upload a x509 certificate to application Manifest for applications created on Microsoft Application Registration Portal!

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  11. allow api windows.graph.net to query the AAD Tenant's trust relationships with Azure Subscriptions

    allow api graph.windows.net or graph.microsoft.net to query the AAD Tenant's trust relationships with Azure Subscriptions. These trust relationships exist in the classic azure portal under Settings showing the Azure Subscription and the default AAD

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  12. Handle Admin Consent App Authorization Errors

    This site lists which errors will be sent back via the redirect_uri:
    https://docs.microsoft.com/en-us/azure/active-directory/active-directory-protocols-oauth-code

    However it would be good to add at the following error to this list so that it can also be handled on the app side:
    "This operation can only be performed by an administrator. Sign out and sign in as an administrator or contact one of your organization's administrators."

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  13. Javascript Example w/ Implicit Auth

    I could really use a core javascript example on how to query the graph api to obtain the beta extended user properties. I just want to grab the information associated with the current logged in user in sharepoint online.

    I read some articles about implicit authentication. I set up the app in Azure but I am still having authentication issues.

    https://graph.microsoft.com/beta/me/

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  14. Allow application permissions for group lifecycle management

    Hi,
    I`d like to ask you to allow Application permission to manage membership of groups in lifecycle policy management.
    In beta bersion of Microsoft Graph you require that only Delegated permissions are allowed. In my use case, I need application with higher permissions executing on behalf of lower privileged user.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  15. 1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  16. Publish gem omniauth-microsoft_v2_auth on rubygems.org

    For current Ruby integration, the gem omniauth-microsoftv2auth needs to be pulled from github, rather than from the standard gems source of rubygems.org.

    omniauthsrc = 'git://github.com/cbales/omniauth-microsoftgraph'
    gem 'omniauth-microsoftv2auth', git: omniauth_src

    Can you please publish the gem with all the other gems on rubygems.org, to avoid pulleding directly from github?

    gem 'omniauth-microsoftv2auth'

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  17. include an API to close Risk Events by external systems

    Documentation does not show an API to use in order to close a risk event (and set it as Resolved/FalsePositive/Ignored as explained here https://docs.microsoft.com/en-us/azure/active-directory/active-directory-identityprotection )

    This is a blocker to automation efforts.. Please add this API.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  18. Allow v2.0 endpoint authenticated apps to use Office management api scopes and claims

    The current azure v2.0 endpoint authenticated access tokens don't work with service management apis listed in this document (https://msdn.microsoft.com/en-us/office-365/office-365-service-communications-api-reference)

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  19. External users grant administrative roles similar to azure external admins

    Add the ability to grant external users administrative roles for office365. This functionality exists for Azure, but not office365/exchange online.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  20. Allow Azure AD High Level setting changes through REST API

    Extend the REST API to allow changing of high level Azure AD attributes including company branding logo, sign in properties and global user settings.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base