How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
Dynamics 365 Sales – Teams owned opportunities to be researched by Sales Opportunity Agent
We are announcing the ability to utilize the Sales Opportunity Agent to research opportunities owned by specific Owner teams in Dynamics 365 S...
Teams frontline mobile onboarding guide retirement
Microsoft is retiring the Frontline Teams Personal Device Onboarding Wizard by late August 2026. Frontline workers will use existing Microsoft...
Microsoft Teams: Enhanced file filtering in channel Shared tabs
Microsoft Teams now offers enhanced file filtering in the channel Shared tab, allowing users to filter files by type and media content in both...
How to Integrate ChatGPT with Dynamics 365 Using Azure Functions (Complete 2026 Guide)
Introduction Artificial Intelligence is transforming enterprise applications, and Microsoft Dynamics 365 is no exception. Businesses are incre...
Microsoft Teams: Explicit recording consent for PSTN participants now available in GCC High and DoD
We are introducing explicit recording consent support for PSTN participants joining Microsoft Teams meetings in GCC High and DoD environments....
Microsoft Copilot (Microsoft 365): Session and Response Sharing in M365 Copilot
Session and Response Sharing let Microsoft 365 Copilot users share Copilot chat content through a link. Session Sharing shares a full chat ses...
Microsoft 365 & Power Platform Community Call – July 16th, 2026 – Screenshot Summary
Call Highlights SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...
How to build long-running MCP tools on Azure Functions
Learn how to build long-running MCP tools on Azure Functions using Durable Functions. This post explains why synchronous tool calls break down...
Microsoft SharePoint Online: Restricted access control for sites enforced across Microsoft 365 search
Restricted Access Control (RAC) for SharePoint and OneDrive sites will be enforced across Microsoft 365 search, limiting search results to con...
Microsoft Teams: AI meeting archive file generation
Microsoft Teams will generate AI meeting archive files capturing key insights to enhance Microsoft 365 Copilot and Facilitator responses while...