Microsoft Graph Feature Requests
Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.
If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.
This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.
For more information on Microsoft Graph, please checkout https://graph.microsoft.com.
-
Graph API Beta - Un-assign Policy from Service Principal
Today there is an endpoint to assign Azure AD Policies to service principals, but there is no endpoint to un-assign a policy from a Service Principal.
Here is the endpoint to assign a policy:
https://docs.microsoft.com/en-us/graph/api/policy-assign?view=graph-rest-betaHere is a link to the powershell cmdlet for unassign policy:
https://docs.microsoft.com/en-us/powershell/module/azuread/remove-azureadserviceprincipalpolicy?view=azureadps-2.0-preview7 votesFirst note is that we now have named policies rather than a single policy type. This change was made in February, just after your post. See https://docs.microsoft.com/en-us/graph/changelog#identity-and-access-azure-ad-3
The docs have recently been updated to ensure that the Add, List and Remove topics are present. Please see and example:
https://docs.microsoft.com/en-gb/graph/api/serviceprincipal-delete-claimsmappingpolicies?view=graph-rest-beta&tabs=httpWhile policies are ALSO in v1.0, you can’t currently assign them to servicePrincipals as we only just added this to v1.0. An update will go out in a couple of weeks to enable add, list and remove typed policies to/from a servicePrincipal.
-
Microsoft Graph API to support Enterprise Application User Querying
Support for the ability to query AD users that are provisioned to an enterprise application.
Based off of the Microsoft Graphi API there is no way to actively see the users and their associated permissions to an enterprise application.
8 votesThis API does exist and you can find it here:
https://docs.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignments?view=graph-rest-beta&tabs=httpGranted – this documentation can be massively improved. In the response you need to look at the principalType as it can be user, group or servicePrincipal. For your scenario, you can ignore servicePrincipal, but if a group is provisioned to an enterprise application, you’ll need to get the group’s direct group members (using GET ../groups/{id)/members) to find the users assigned (indirectly) to this enterprise application.
-
Support Azure Conditional Access for Microsoft Graph
A lot of Microsoft products does not work as expected due to the fact the Microsoft Graph does not support Azure Conditional Access. Among the applications I can mention is Microsoft Teams, ToDo, etc. that all rely on the Microsoft Graph and breaks to to limited support or no support for Azure Conditional Access.
/Peter Selch Dahl - Azure MVP
39 votesAPIs to manage conditional access policies and named locations are now in Microsoft Graph beta (public preview). Please see https://docs.microsoft.com/graph/api/resources/conditionalaccesspolicy?view=graph-rest-beta and https://docs.microsoft.com/graph/api/resources/namedlocation?view=graph-rest-beta
- Don't see your idea?