How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
Showing SharePoint Documents Grid on a Form Tab in Dynamics 365 CRM
Here's how you can add a Documents Tab to the main form in Dynamics 365 CRM. The post Showing SharePoint Documents Grid on a Form Tab in Dynam...
Exploring azd extensions: Enhance your Azure developer experience
A deep dive into the introduction of the Azure Developer CLI (azd) extensions and the azd extension framework to build extensions. The post Ex...
Automate data management with Azure Storage Actions
Copilot in Teams admin center available in Public Preview
Copilot in Teams admin center is available in Public Preview, rolling out from June to July 2025. Admins with a Microsoft 365 Copilot license ...
Group-less campaigns in Viva Amplify!
Group-less campaigns in Viva Amplify simplify campaign creation by removing the need for Microsoft 365 Groups or Teams channels. This update, ...
Microsoft Viva Amplify: HPA Deprecation
Microsoft Viva Amplify is transitioning from App tokens to Protected Forwarded Tokens (PFTs) for enhanced security. This change limits publica...
Microsoft Copilot: New Microsoft Teams notifications for Microsoft Copilot Academy users
New Microsoft Teams notifications for Microsoft Copilot Academy users will inform them about new courses starting late June 2025. Requires Tea...
Microsoft Purview | Data Loss Prevention: Restrict Microsoft 365 Copilot using content with sensitivity labels
Microsoft Purview Data Loss Prevention (DLP) for Microsoft 365 Copilot is now generally available, allowing organizations to use DLP policies ...
Microsoft Copilot (Microsoft 365): Add topic(s) through Copilot to your existing presentation
Microsoft PowerPoint for Windows desktop will introduce a Copilot feature in July 2025, allowing users to generate and insert new topic-specif...
Microsoft Copilot (Microsoft 365): Add topic(s) through Copilot to your existing presentation – Windows
Microsoft PowerPoint for Windows desktop will introduce a Copilot feature in July 2025, allowing users to generate and insert new topics and s...