How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
Setting up Team-Based Access for Dynamics 365 CRM Documents Stored on SharePoint, Dropbox or Azure Blob Storage
Attach2Dynamics by Inogic is a seamless document management solution for Dynamics 365 CRM that integrates with popular cloud storage platforms...
Microsoft Viva Engage: Community settings for Community Resources and Files tab
Starting from late October 2024 through mid-November 2024, Microsoft Viva Engage will introduce community settings for the Community Resources...
Microsoft Teams and Microsoft Outlook: Name pronunciation on the profile card
Microsoft is introducing a name pronunciation feature to Microsoft Teams and Outlook, allowing users to record and share the correct pronuncia...
Microsoft Viva Engage (Yammer): Enhanced audit log schema
Microsoft Viva Engage (Yammer) is updating its audit log schema to improve transparency and accountability by including unique identifiers for...
Microsoft Teams: Audio support for screen sharing in immersive events
Microsoft Mesh now offers audio support for screen sharing during immersive events on Microsoft Teams. Presenters can opt to incorporate syste...
Microsoft Viva: Viva Glint – Custom question benchmark mapping
Microsoft Viva's latest update, Viva Glint, now allows survey creators to map custom questions to Glint benchmarks for streamlined reporting. ...
Microsoft Copilot (Microsoft 365): Copilot Extensibility – Admins have transparency on granular metadata for agents
Microsoft 365's Copilot Extensibility has introduced a feature that gives administrators access to granular metadata, including data source an...
Microsoft Says SMEs Can Benefit from Microsoft 365 Copilot
An October 17 report highlights how Microsoft 365 Copilot can benefit SMEs in terms of increased revenue and ROI. But the report is a marketin...
Azure SDK Release (October 2024)
The Azure SDKs release every month. This post includes the month's highlights and release notes. The post Azure SDK Release (October 2024) app...
Using Entra profile information in Azure DevOps
We’re excited to announce the ability to use Entra profile information in Azure DevOps. This has been a long-standing feature request from the...