Microsoft Graph: Add support for "Require re-register MFA"
Currently, "Require re-register MFA" can only be set https://docs.microsoft.com/en-us/azure/active-directory/authentication/howto-mfa-userdevicesettings#manage-user-authentication-options, or via PowerShell using: Set-MsolUser -UserPrincipalName username -StrongAuthenticationMethods @() Please add support for this in the Microsoft Graph API.
Allow addition of members to mail-enabled security groups via Graph API
Previously one could add members to mail-enabled security groups via Graph API. But turns out that was a bug, and it was fixed some weeks ago removing this functionality. Would it be possible to allow add-remove of members in mail-enabled security groups via Graph API?Ability to update or create an event without sending a notification email to attendees
Each time a new event is created or updated in Microsoft Graph API, a notification email is sent to the attendees. We use Microsoft Graph to sync calendar event between our software and Outlook calendar. We'd like to be able to create or update an event with Microsoft Graph without having an email sent to attendees, for example when we sync past events, or when the attendees are notified by other means. There should be an option to create or update an event without sending email.
Graph API Scope 'Sites.Selected' should include read/write to selected site's lists
Scenario and Result My app has been given read/write permissions to a customer's Site. My app can read and write items in the selected site's default document library, which is as expected. But it excludes the ability to read and create lists for the selected site; reading and creating lists should be included. Technology - Graph Explorer - msgraph-sdk-dotnet (Microsoft.Graph.Core version: 1.24.0.0) Reproducible steps Register an app in Azure AD with "Sites.Selected" Graph API applications, not delegated, permissions. Ensure the UX app, which is integrated with msgraph-sdk-dotnet, successfully gets access token to this AD app. Use UX app to get customer's tenant ID to accept this AD app and its permissions (which is the required User.Read, and added Sites.Selected). Sign in on Graph Explorer under customer's tenant to grant read/write permissions to this AD app. e.g. POST https://graph.microsoft.com/v1.0/sites/<site-id>/permissions { "roles": [ "write" ], "grantedToIdentities": [ { "application": { "id": "<AD app id>", "displayName": "Jenny limited permissions" } } ] } 4. Use the UX app to confirm it has access to the selected site, e.g. Site object returned successfully from await graphServiceClient.Sites[siteId].Request().GetAsync() 5. Use the UX app to confirm it can write items to selected site's default document library by ensuring the operation can be run with no exceptions, example code var newFolder = new Folder { Name = "Test folder", Folder = new Folder() } await graphServiceClient.Sites[siteId].Drive.Items.Request().AddAsync(newFolder) 6. Use the UX app to try to create lists, example code var newList = new List { DisplayName = "new document library", ListInfo = new Info { Template = "documentLibrary" } }; await graphServiceClient.Sites[siteId].Lists.Request().AddAsync(newList); Expected behaviour A document library called "new document library" for the selected site gets created. Screenshots Actual behaviour: Access Denied error exception when executing that operation This scenario has been reported in the msgraph-sdk-dotnet github repository and they have confirmed this idea has to be done within Graph API so the wrapper can then support it. https://github.com/microsoftgraph/msgraph-sdk-dotnet/issues/1047#issuecomment-873867323 More information about the Site.Selected permission: https://developer.microsoft.com/en-us/graph/blogs/controlling-app-access-on-specific-sharepoint-site-collections/Determine user who sent a shared mailbox message
In order to determine the user who sent a shared mailbox message, we suggest adding a property of sent messages indicating the user who sent it as a delegate; e.g., message.delegateSender or message.actualSender. Our app reports on shared mailbox activity, including who is sending replies and new messages. Currently, since Graph does not give us access to shared mailbox message sender information, we are forced to do it via the addition of internet message headers with an Outlook add-in and (since the Sent Items message objects don't include the header we added) an Exchange rule that Bcc's outgoing mailbox messages back to the mailbox.Allow management of Teams voice, call queues and auto attendants etc through graph
Currently the only supported model is the teams powershell module, that doesn't support azure ad apps however. We'd love to automate creation and updates to call queues and the like, but we don't like to use an administrative account without mfa. Graph would be perfect for that.Exchange Online v2 API (EXO V2 API) access via Graph
Are there any plans for the #ExchangeOnline API which is behind EXO V2 #PowerShell module to show up in the #MicrosoftGraph in the near future? Working only with PowerShell is a major limitation for ISVs. Microsoft is constantly mentioning the REST API, but there´s currently no way to use it directly or via Graph API. See more about the EXO v2 module here: https://docs.microsoft.com/en-us/powershell/exchange/exchange-online-powershell-v2?view=exchange-ps#updates-for-version-206 https://techcommunity.microsoft.com/t5/exchange-team-blog/exchange-online-powershell-v2-module-preview-now-more-secure/ba-p/2922946 Thx, Toni
Please add API for set or change sign-in default method MFA
https://docs.microsoft.com/en-us/graph/api/resources/authenticationmethods-overview?view=graph-rest-beta#what-authentication-methods-can-be-managed-in-microsoft-graph There is a serious need in the company to add/change/remove MFA login methods to users! There is a problem, for example: 1. If the administrator adds a phone number for the user. And the global policy will specify that the phone call only method is allowed. 2. The user will get an error when trying to log in to resources via the NPS extension for RDG (because he will receive a text message), and when trying to log in to resources restricted by the policy (for example office.com) he will be asked to add the MFA method and redirected to his personal account https://mysignins.microsoft.com/security-info 3. After successfully logging in to your personal account https://mysignins.microsoft.com/security-info its phone call method will work correctly. It is very necessary to be able to set the default MFA method for users throught administrators' API. Without this feature, it is impossible to automate the process for extending NPS to RDG, or to manual access policies for cloud services.
Include Teams Status in Graph Presence API
Currently the Presence API does not provide or interact with the teams status message at all, only out of office. It would be great if we could retrieve this as part of the Presence API, especially if we also had full CRUD access to the status message to read/update/clear it out Thanks!
