How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.

You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.

First step is to register a client application with Azure AD and assign required permissions to create AD groups

1. Sign in the Azure portal, search for and select Azure Active Directory.

2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions

3. Least Privileged Permissions required to create AAD groups are:

Group.Read.All
Group.ReadWrite.All
Group.Create

Python Source Code:

Refer attached python source code (SecurityGroupCreatePythonSample.zip)

Update ClientId, ClientSecret and Tenant details in config.cfg file
Update Request body to create new group in graph.py file
Install Required dependencies to build the project.

python3 -m pip install azure-identity python3 -m pip install msgraph-core
Ensure that installed package script path are added into System Environment Variables.
Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)

Reference Link:

Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Postman:

Create Authorization Header in Postman Requests Collection Folder Level:

Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

Scope: https://graph.microsoft.com/.default

Grant_Type = Client Credentials

Rest API to create Group:

Url: https://graph.microsoft.com/v1.0/groups

Request Type: Post

Authorization Type: Bearer Token. Copy the access token created from above step

Request Body:

{ "description": "Self help community for sec", "displayName": "Library sec", "groupTypes": [ "Unified" ], "mailEnabled": true, "mailNickname": "sec", "securityEnabled": true }

Reference Link:

Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs

Note:

If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
If SPN is granted with Application permission, you can follow Grant type= Client Credentials

Published on: December 07, 2022

Learn more

Azure Developer Community Blog articles

Blog image

Azure Developer Community Blog articles

Learn more

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

First step is to register a client application with Azure AD and assign required permissions to create AD groups

Python Source Code:

Reference Link:

Postman:

Reference Link:

Related posts

Microsoft 365 Copilot: Publish organization prompts to Copilot Chat

Microsoft Teams: Open message links in new window

Dataverse – Chat and reason over Dataverse business data in Microsoft 365 Copilot (preview)

Microsoft 365 app: Updated light-weight Notebooks experience in the Microsoft 365 Copilot App (iOS)

Microsoft Teams: Language selection by users in Teams Rooms on Android

Microsoft 365 & Power Platform Community Call – June 18th, 2026 – Screenshot Summary

Azure Service Health Alerts - Quick start guide

Move Dynamics 365 Attachments to SharePoint Automatically | Attach2Dynamics

Microsoft Teams: Interpreter simultaneous mode enhancements

Microsoft SharePoint Online: Retirement of Restricted SharePoint Search