How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)
Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.
You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code.
First step is to register a client application with Azure AD and assign required permissions to create AD groups
1. Sign in the Azure portal, search for and select Azure Active Directory.
2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions
3. Least Privileged Permissions required to create AAD groups are:
- Group.Read.All
- Group.ReadWrite.All
- Group.Create
Python Source Code:
Refer attached python source code (SecurityGroupCreatePythonSample.zip)
- Update ClientId, ClientSecret and Tenant details in config.cfg file
- Update Request body to create new group in graph.py file
- Install Required dependencies to build the project.
python3 -m pip install azure-identity python3 -m pip install msgraph-core -
Ensure that installed package script path are added into System Environment Variables.
- Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)
Reference Link:
Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs
Postman:
Create Authorization Header in Postman Requests Collection Folder Level:
Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token
Scope: https://graph.microsoft.com/.default
Grant_Type = Client Credentials
Rest API to create Group:
Url: https://graph.microsoft.com/v1.0/groups
Request Type: Post
Authorization Type: Bearer Token. Copy the access token created from above step
Request Body:
Reference Link:
Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs
Note:
- If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
- If SPN is granted with Application permission, you can follow Grant type= Client Credentials
Published on:
Learn moreRelated posts
April Patches for Azure DevOps Server
We are releasing patches for our self‑hosted product, Azure DevOps Server. We strongly recommend that all customers remain on the latest, most...
Microsoft 365 & Power Platform Call (Microsoft Speakers) – April 14th, 2026 – Screenshot Summary
Call Highlights SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...
Microsoft Defender for Office 365: Enhancing how we handle promotional mail
Microsoft Defender for Office 365 will tag promotional emails as “promotions” and can auto-move them to a Promotions folder, learn...
Microsoft 365 Copilot Chat: Use prepaid Copilot Credits without Pay‑As‑You‑Go billing
Starting April 20, 2026, Microsoft 365 Copilot Chat will support using prepaid Copilot Credits without Pay-As-You-Go billing. Administrators c...
Queues app on Microsoft Teams mobile
The Queues app on Microsoft Teams mobile (iOS and Android) will allow calling representatives and supervisors to manage call queues, view queu...
Microsoft Purview | Information Protection: Sensitivity label inheritance for Teams meeting artifacts
Microsoft Purview Information Protection will support sensitivity label inheritance for Teams meeting artifacts, such as transcripts, recordin...
Broader Windows Autopatch availability to Microsoft 365 Government Community Cloud (GCC)
Next month, Windows Autopatch will become more broadly available in Government Community Cloud (GCC). Previ...
Power Apps – Tenant-Level Microsoft 365 Copilot Settings to Enable Dataverse Data Access Announcement
We are announcing that a new tenant‑level Copilot setting to manage Dataverse data availability in Microsoft 365 Copilot will be available in ...
Microsoft Copilot (Microsoft 365): Copilot Chat can now better match search results from Scanned PDFs and from text inside images embedded in Word, Excel, and PowerPoint
Copilot Chat can now better match search results from Scanned PDFs and from text that appears inside images embedded in Word, Excel, and Power...
Unique Join Link for Teams Meetings and Webinars in Dynamics 365 Customer Insights - Journeys
Dynamics 365 Customer Insights – Journeys integrates with Microsoft Teams to enable attendee‑level tracking through unique join links for mee...