Microsoft Graph Feature Requests

Welcome to the Microsoft Graph UserVoice! Do you have an idea or feature suggestion based on your experience with Microsoft Graph? Please share these with us by submitting your idea below or voting up ideas submitted by other users. This forum will be directly monitored by the Microsoft Graph engineering teams who are working on new features every day.

If you have feedback on a specific API service, please choose the corresponding category. Please submit any broad ideas related to Microsoft Graph or ideas across more than one service to the “General” category.

This site is only for feature suggestions and ideas! If you need technical help, please go to the Microsoft Graph StackOverflow or if you have a Premier support contract raise a support ticket.

For more information on Microsoft Graph, please checkout https://graph.microsoft.com.


  • Hot ideas
  • Top ideas
  • New ideas
  • My feedback
  1. Add Graph API access to Microsoft365 Defender "Safe Attachments"

    Allow to perform the following operations via the graph API:
    1. Query results by file hash - allow querying past results by hash including detailed analysis information.

    2. Get email message scan status by message ID - provide real time status of the email message scan status. If scan has finished provide links to scan results.

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  2. Increase throttling of threat assessment API

    Threat assessment API is very useful to report phishing and malware from Application, and users can proceed with automation (for example, automatic reporting, reporting via chatops, and so on)

    But the throttling for each user is too low.
    (1 request per 15 minutes and 3 requests per 24 hours.)
    (Despite web reporting doesn't have throttling: https://www.microsoft.com/en-us/wdsi/support/report-unsafe-site)

    I would like to have higher throttling.

    Ref:
    - https://docs.microsoft.com/en-us/graph/api/informationprotection-post-threatassessmentrequests?view=graph-rest-1.0&tabs=http
    - https://docs.microsoft.com/en-us/graph/throttling#information-protection
    - https://stackoverflow.com/questions/64821865/-of-microsoft-graph-threat-assessment-api

    11 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  3. Leverage Security API to access MCAS alert info

    Currently, we can query the Graph Security API to get MCAS alerts but the info is limited. The Description contains the file name but there's no other file information. We have to use the MCAS powershell module to get file info such as file path, Collaborators, sharing status and the Sensitive info type that triggered. All of this info is available through the MCAS alert console. It would be nice to be able to get that additional information from Graph.

    We're trying to build a report of all alerts with all file and other data available and Powershell ends up…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  4. Graph API to fetch the permissions for a sharepoint site's pages

    We have APIs for fetching the permissions of individual drive items. However there is no API to fetch the sharing settings associated with a Sharepoint site and its pages - i.e. the users and groups allowed to access the site.

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  5. Security and Compliance Center API

    Being able to access and use the eDiscovery features in the Security & Compliance Center through the Graph API.

    17 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    1 comment  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  6. ApplicationAccessPolicy as Graph API

    it would be good if there would be an api for ApplicationAccessPolicy (https://docs.microsoft.com/graph/auth-limit-mailbox-access).

    Currently it would be possible to have an Application that is a web api that grants a Daemon App specific Access by creating a Security Group and limiting access to specific user or a specific user.

    At the moment it's not possible to have a nice interactive flow to grant an Application with a background process a limited amount of access. Not everybody that administrates Office365 knows how to use the PowerShell.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  7. Include Sentinel incident data and all entities in the Security Graph so the data is available for Splunk

    Include ALL Sentinel incident data (such as incident URL, all entities, alert grouping... ) into the Graph so the data is available for other SIEMs.

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  8. enable deleteTiIndicatorsByExternalId for indicators that are created for "Microsoft Defender ATP"

    After creating TI Indicators using the security graph with the target product of "Microsoft Defender ATP", you can't delete them using deleteTiIndicatorsByExternalId as the external ID is not found.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  9. Security and Compliance center DLP APIs

    APIs for the DLP service in the security and compliance center

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  10. Add bitlocker recovery key count field against devices

    Currently (unless mistaken) there does not seem to be an easy, quick and supported method to identify Windows 10 devices in Azure AD that have not backed up a recovery key successfully. I see this as critical for large enterprise environments that are using AzureAD to store recovery keys. I know it's possible to retrieve all keys through the graph beta (/bitlocker/recoveryKeys) but to do per device API calls or download the full dataset for processing offline is overkill and very slow. Could you add a server side calculated number of recovery keys field for each device against the existing…

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  11. Add API to find physical data location of O365 tenant

    Information regarding where the physical data is stored for an O365 tenant is available in the Admin UI. It would be great if this was also exposed via the Graph API for application developers that want to store the user's data in the same Azure geopolitical region.

    https://www.ntweekly.com/2018/07/07/check-data-location-office-365/

    5 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  12. Authentication reader role

    I have a requirement to read all users MFA phone numbers for a tenancy. Once the authentication methods endpoint is out of beta, it would be great to have a non-admin role that can read all accounts (both admin and non-admin) authentication methods without granting the global reader role.

    1 vote
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  13. Ability to enable the Audit log as it is off by default by way of the Graph

    It would be good to be able to enable the audit log by way of the Graph. I know this can be facilitated in the UI and PowerShell for enablement and PowerShell only for disabling again but it would be good to get it enabled/disabled by way of the Graph.

    Between you and me an even better solution would be to have the audit log enabled by default.

    Thanks

    Henry

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  14. Add Get-BlockedSenderAddress to Graph API

    One common security trigger for email accounts is to monitor whether any account under your tenant is blocked as a spammer (as this could denote infection).

    This data is available in the console or with the Get-BlockedSenderAddress cmdlet, but all the other data I need is available through MS Graph API, and I would prefer to be able to pull everything from Graph as a single federated endpoint rather than going back to pulling bits of data from each system individually.

    This would make sense either under Security or under Mail

    3 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  15. Scoping Microsoft Graph application permissions to specific Sharepoint Sites

    As a developer, I'd like to use the Microsoft Graph API to access data on Microsoft Sharepoint Sites. At first glance, I would enable the permissions at the Application Level and access the Sharepoint Site data, however, when an administrator grants access they are granting access to ALL sharepoint sites - therefore in a large enterprise organization, this is viewed as a security risk and is usually disabled (as it should be). Recently, Exchange services enabled scoped permissions so that only specific mailboxes can be accessed at the application level. It would be great if we could apply a similar…

    8 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    2 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  16. create a security api endpoint for investigations

    ATP has been great - it automatically handles a lot of things for us. So I don't need to see all of the alerts that come through every day.

    However, I do care about seeing the investigations as they need to happen - perhaps to automate it through flows or powerapps.

    It would be great to have an API Endpoint for Investigations. I tried to correlate ThreatManagement alerts to items in the Investigations component, but the IDs don't line up. I don't see any other way to query for those id's.

    Thanks!

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  17. current score

    Calling https://graph.microsoft.com/beta/security/secureScores?$top=1 I can get 'currentScore' and 'maxScore', however when I call https://graph.microsoft.com/beta/$metadata#Security/secureScoreControlProfiles what I am getting back is only 'maxScore' - can you add 'currentScore' here as well? Or I am missing some point here?

    2 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  18. Extend Rest API to allow read of security and compliance center alerts

    Security and compliance center alerts data is only available from powershell, it would be great if we could at least read the alerts through the rest api.

    4 votes
    Sign in
    (thinking…)
    Sign in with: Microsoft
    Signed in as (Sign out)

    We’ll send you updates on this idea

    0 comments  ·  Security  ·  Flag idea as inappropriate…  ·  Admin →
  • Don't see your idea?

Feedback and Knowledge Base