Loading...
D365Hub logo D365Hub

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.

 

You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code. 

 

First step is to register client application with Azure AD and assign required permissions to create AD groups

 

1. Sign in the Azure portal, search for and select Azure Active Directory.

2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions

3. Least Privileged Permissions required to create AAD groups are:

  • Group.Read.All
  • Group.ReadWrite.All
  • Group.Create

 

MayuriBhavsar_0-1670400799932.png

Python Source Code:

Refer attached python source code (SecurityGroupCreatePythonSample.zip) 

 

  1. Update ClientId, ClientSecret and Tenant details in config.cfg fileMayuriBhavsar_0-1670401770382.png
  2. Update Request body to create new group in graph.py file 

    MayuriBhavsar_1-1670401917055.png

  3. Install Required dependencies to build the project.

     

    python3 -m pip install azure-identity python3 -m pip install msgraph-core

  4. Ensure that installed package script path are added into System Environment Variables.  

    MayuriBhavsar_1-1670405613455.png

     

  5. Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)MayuriBhavsar_3-1670402270726.png

     

    Reference Link:

    Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Postman:

 

Create Authorization Header in Postman Requests Collection Folder Level:

Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

Scope: https://graph.microsoft.com/.default

Grant_Type = Client Credentials

 

MayuriBhavsar_0-1670402672439.png

 

Rest API to create Group:

Url: https://graph.microsoft.com/v1.0/groups

Request Type: Post

Authorization Type: Bearer Token. Copy the access token created from above step

Request Body:

 

 

 

{ "description": "Self help community for sec", "displayName": "Library sec", "groupTypes": [ "Unified" ], "mailEnabled": true, "mailNickname": "sec", "securityEnabled": true }

 

 

 

 

MayuriBhavsar_1-1670402778507.png

 

 

Reference Link:

Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs

 

Note:

  1. If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
  2. If SPN is granted with Application permission, you can follow Grant type= Client Credentials

 

Published on:

Learn more
Azure Developer Community Blog articles
Azure Developer Community Blog articles

Azure Developer Community Blog articles

Share post:

Related posts

Microsoft Teams: Digital signage support for Teams panels

Microsoft Teams will support digital signage on idle Teams panels starting June 2026, configurable by admins via the Teams Rooms Pro Managemen...

5 hours ago

Security Detection Report in Teams Admin Center

A new Security Detection Report in the Teams admin center offers centralized visibility into messaging threats like impersonation, malicious U...

5 hours ago

Department billing for Microsoft 365 Backup

Microsoft 365 Backup now supports department billing, allowing admins to create up to 50 billing policies by department, geography, or unit, w...

5 hours ago

Copilot in SharePoint will start rolling out to all tenants as an opt-out preview starting in mid-June 2026

Copilot in SharePoint will roll out as an opt-out preview starting mid-June 2026 for Microsoft 365 Copilot licensed users. It enables AI-power...

5 hours ago

Microsoft Teams: Searchable keyboard shortcuts from the dialog in Teams

Easily find keyboard shortcuts with a new searchable experience in Microsoft Teams. Search by shortcut name or enter part of a key combination...

5 hours ago

Microsoft Copilot (Microsoft 365): Get actionable suggestions from Copilot in your Copilot Page

Request feedback from Copilot on your Page by selecting “Suggested edits” in the Copilot Shortcuts menu. Copilot will analyze the ...

5 hours ago

Microsoft Teams: Shared & Delegate Mailbox Scheduling for Events

Empower Chiefs of Staff and delegated roles to efficiently organize events on behalf of leaders or teams using shared or delegated mailboxes. ...

5 hours ago

Microsoft Copilot (Microsoft 365): Copilot People Connectors introduces people data ingestions with differentiated access control

Copilot People Connector now supports importing people data with access controls into Microsoft 365. This release enables organizations to bri...

5 hours ago

Business Central 2026 release wave 1 (BC28): Copy contacts from BC to Microsoft 365 (Outlook & Teams)

Hi, Readers.Dynamics 365 Business Central 2026 wave 1 (BC28) is generally available. More details: General Available: Dynamics 365 Busine...

11 hours ago

Connect GIT Source Control (Azure DevOps) with Power Platform Solution

1 day ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy