Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Graph API Beta - Un-assign Policy from Service Principal

    Today there is an endpoint to assign Azure AD Policies to service principals, but there is no endpoint to un-assign a policy from a Service Principal.

    Here is the endpoint to assign a policy:
    https://docs.microsoft.com/en-us/graph/api/policy-assign?view=graph-rest-beta

    Here is a link to the powershell cmdlet for unassign policy:
    https://docs.microsoft.com/en-us/powershell/module/azuread/remove-azureadserviceprincipalpolicy?view=azureadps-2.0-preview

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    First note is that we now have named policies rather than a single policy type. This change was made in February, just after your post. See https://docs.microsoft.com/en-us/graph/changelog#identity-and-access-azure-ad-3

    The docs have recently been updated to ensure that the Add, List and Remove topics are present. Please see and example:
    https://docs.microsoft.com/en-gb/graph/api/serviceprincipal-delete-claimsmappingpolicies?view=graph-rest-beta&tabs=http

    While policies are ALSO in v1.0, you can’t currently assign them to servicePrincipals as we only just added this to v1.0. An update will go out in a couple of weeks to enable add, list and remove typed policies to/from a servicePrincipal.

  2. Add manager to list Users graph api

    Currently we allow customer to connect to the Azure AD for listing all people in their AD for an up-to-date personell system.
    If they need to have the hierarchy in our software as well (who is the manager of who) this is near impossible as you have to retrieve the manager object per user.

    Please allow an extra attribute to request the manager information when listing users instead of 'per user' basis.

    12 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    Update: The bug fix (so that select and expand play nice together) is committed, and should be rolled out this quarter (Q2 2020). That should enable things like

    GET ../users?$select=id,userPrincipalName&$expand=manager

  3. Microsoft Graph API to support Enterprise Application User Querying

    Support for the ability to query AD users that are provisioned to an enterprise application.

    Based off of the Microsoft Graphi API there is no way to actively see the users and their associated permissions to an enterprise application.

    6 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →

    This API does exist and you can find it here:
    https://docs.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignments?view=graph-rest-beta&tabs=http

    Granted – this documentation can be massively improved. In the response you need to look at the principalType as it can be user, group or servicePrincipal. For your scenario, you can ignore servicePrincipal, but if a group is provisioned to an enterprise application, you’ll need to get the group’s direct group members (using GET ../groups/{id)/members) to find the users assigned (indirectly) to this enterprise application.

  4. Support Azure Conditional Access for Microsoft Graph

    A lot of Microsoft products does not work as expected due to the fact the Microsoft Graph does not support Azure Conditional Access. Among the applications I can mention is Microsoft Teams, ToDo, etc. that all rely on the Microsoft Graph and breaks to to limited support or no support for Azure Conditional Access.

    Teams:
    https://microsoftteams.uservoice.com/forums/555103-public/suggestions/32657161-conditional-access-team-authentication

    ToDo:
    https://todo.uservoice.com/forums/597175-feature-suggestions/suggestions/32007451-add-support-for-conditional-access

    /Peter Selch Dahl - Azure MVP

    38 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Identity and Access  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base