Loading...

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.

 

You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code. 

 

First step is to register client application with Azure AD and assign required permissions to create AD groups

 

1. Sign in the Azure portal, search for and select Azure Active Directory.

2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions

3. Least Privileged Permissions required to create AAD groups are:

  • Group.Read.All
  • Group.ReadWrite.All
  • Group.Create

 

MayuriBhavsar_0-1670400799932.png

Python Source Code:

Refer attached python source code (SecurityGroupCreatePythonSample.zip) 

 

  1. Update ClientId, ClientSecret and Tenant details in config.cfg fileMayuriBhavsar_0-1670401770382.png
  2. Update Request body to create new group in graph.py file 

    MayuriBhavsar_1-1670401917055.png

  3. Install Required dependencies to build the project.

     

    python3 -m pip install azure-identity python3 -m pip install msgraph-core
  4. Ensure that installed package script path are added into System Environment Variables.  

    MayuriBhavsar_1-1670405613455.png

     

  5. Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)MayuriBhavsar_3-1670402270726.png

     

    Reference Link:

    Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Postman:

 

Create Authorization Header in Postman Requests Collection Folder Level:

Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

Scope: https://graph.microsoft.com/.default

Grant_Type = Client Credentials

 

MayuriBhavsar_0-1670402672439.png

 

Rest API to create Group:

Url: https://graph.microsoft.com/v1.0/groups

Request Type: Post

Authorization Type: Bearer Token. Copy the access token created from above step

Request Body:

 

 

 

{ "description": "Self help community for sec", "displayName": "Library sec", "groupTypes": [ "Unified" ], "mailEnabled": true, "mailNickname": "sec", "securityEnabled": true }

 

 

 

 

MayuriBhavsar_1-1670402778507.png

 

 

Reference Link:

Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs

 

Note:

  1. If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
  2. If SPN is granted with Application permission, you can follow Grant type= Client Credentials

 

Published on:

Learn more
Azure Developer Community Blog articles
Azure Developer Community Blog articles

Azure Developer Community Blog articles

Share post:

Related posts

Running Copilot Retrieval Searches with the Microsoft Graph PowerShell SDK

The Copilot Retrieval API is a Microsoft Graph API that apps can use to search Microsoft 365 locations to find information to ground user prom...

3 hours ago

How Dynamics 365 Sales Agents Are Changing Sales Teams

For the past few years, Copilot has helped sellers work faster by drafting emails, summarizing records, and suggesting next steps. But with th...

20 hours ago

Updates available for Microsoft 365 Apps for Current Channel

We’ve released updates to the following update channel for Microsoft 365 Apps: Current Channel When this will happen: We’ll be gra...

1 day ago

Microsoft 365 Copilot: Multimodal capture in Copilot Notebooks in the OneNote mobile app (iOS)

Microsoft 365 Copilot introduces multimodal capture in OneNote mobile (iOS) Copilot Notebooks, combining audio transcription, image capture, a...

1 day ago

Microsoft 365 Copilot: Updated Copilot Notebooks overview page experience

Microsoft 365 Copilot Notebooks will have a redesigned Overview page with AI-generated summaries, key insights, suggested actions, and improve...

1 day ago

Microsoft Teams: AI meeting recap without transcript to meet compliance policies

Microsoft Teams will offer AI meeting recaps without saving transcripts or recordings, supporting compliance policies. Available mid-2026 for ...

1 day ago

Microsoft Copilot Studio – Information regarding the end of support for classic agent creation in Teams

Starting April 1, 2026, classic agent creation in the Microsoft Copilot Studio app for Teams has reached end of support. How does this affect ...

1 day ago

Microsoft Teams: Book future meetings from Microsoft Teams panels (Android)

Microsoft Teams will allow booking future meetings directly from Android-based Teams panel devices starting early May 2026. This feature, off ...

1 day ago

Microsoft Teams: Quick access to read items while using unread only mode

Microsoft Teams will introduce an eye icon in unread only mode to quickly access read chats and channels without changing filters. Rolling out...

1 day ago

Upcoming change: Microsoft 365 Apps SAEC and MEC will unify

Starting July 14, 2026, Microsoft will unify the Semi-Annual Enterprise Channel (SAEC) and Monthly Enterprise Channel (MEC) for Microsoft 365 ...

1 day ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy