How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
Open Word, Excel, and PowerPoint Files in Microsoft 365 Copilot Chat
Starting early February 2026, Word, Excel, and PowerPoint files cited in Microsoft 365 Copilot Chat (web) will open directly within the chat i...
Drawn electronic signatures with eSignature for Microsoft 365
eSignature for Microsoft 365 will add a drawn signature option for signing PDFs, allowing use of stylus, touch, or mouse. Rolling out worldwid...
Viva Glint: Teams notifications now support user language preferences
Viva Glint notifications in Microsoft Teams will now appear in each user’s configured language instead of the tenant default, starting mid-Feb...
Microsoft Entra ID Governance: Azure subscription required to continue using guest governance features
Starting January 30, 2026, Microsoft Entra ID Governance requires tenants to link an Azure subscription to use guest governance features. With...
Microsoft Copilot (Microsoft 365): Copilot connectors are available for U.S. Department of Defense environment
Copilot connectors enable organizations to integrate content from other external data sources into Microsoft Graph, improving Copilot’s intell...
Microsoft 365: New map-based room booking experience in Places Finder
We are enhancing the room booking experience in the new calendar experience across Outlook for Windows, Outlook for the web, and Teams by intr...
Microsoft Teams: People Skills on the profile card expanding to Teams
Access to People Skills on the Microsoft 365 profile card is expanding to Microsoft Teams. With this update, employees will be able to view sk...
Microsoft 365: New profile cards for buildings, rooms and desks
Buildings, rooms and desks that are added to the Places directory will have new profile cards, accessible from Copilot Chat and across other M...
Microsoft Copilot (Microsoft 365): Microsoft Copilot (Microsoft 365): Open Word, Excel, and PowerPoint Files in Copilot Chat
Currently, clicking on cited content in Copilot opens files outside of Copilot. With this new feature, content can be opened directly in Copil...
Azure Developer CLI (azd) – January 2026: Configuration & Performance
This post announces the January 2026 release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – January 2026: Conf...