How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
Azure SDK Release (June 2025)
Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (June 2025) ap...
Simplifying Copilot Chat in the Microsoft 365 Copilot app
Microsoft is simplifying Copilot Chat in the Microsoft 365 Copilot app for users without a Microsoft 365 Copilot license. Chat will now appear...
Microsoft Teams: Compact notification size for users
Microsoft Teams is introducing a compact toast notification size for Windows users, available from July 2025. Users can enable it via Settings...
Reminder: Updates to required permissions for Microsoft Graph Beta API deviceManagement
Starting July 31, 2025, certain Microsoft Graph Beta APIs will require either DeviceManagementScripts.Read.All or DeviceManagementScripts.Read...
Microsoft Copilot (Microsoft 365): Improved Python-powered answers in Copilot in Excel
Copilot in Excel now provides improved direct answers to your data analysis questions, using Python. Product Excel Release phase General Avail...
Microsoft Copilot (Microsoft 365): Researcher is in Microsoft Word
Researcher agent is now available in Microsoft Word, empowering you to tackle complex, multi-step research tasks with ease. Whether you’...
Microsoft Teams: SQL-like commands in the search bar
Efficiently narrow down your search results by using SQL-like commands in the search bar. Users can quickly filter messages, files, or convers...
Microsoft 365 & Power Platform Call (Microsoft Speakers) – Community Takeover – July 1st, 2025 – Screenshot Summary
Call Highlights SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...
Microsoft Teams: First run experience and prompting users to release previous reservations
Users will be notified of multiple desk reservations and prompted to release previous ones when using bookable desks. A first run experience w...
Dynamics 365 Contact Center – Use Microsoft Teams Phone within Contact Center
We are announcing the ability to use Microsoft Teams Phone in Dynamics 365 Contact Center. This feature will reach general availability on Jul...