Loading...

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

How to Create Azure AD Security Group using Microsoft Graph APIs (Postman & Python Code Sample)

Azure Active Directory (Azure AD) groups are used to manage users that all need the same access and permissions to resources, such as potentially restricted apps and services. Instead of adding special permissions to individual users, you create a group that applies the special permissions to every member of that group.

 

You can refer to below steps for the scenarios in which you have Azure AD service principle with required permissions to create Security Groups in Azure Active Directory and need to call Microsoft Graph REST APIs from your dev or local environment via Postman or through python code. 

 

First step is to register client application with Azure AD and assign required permissions to create AD groups

 

1. Sign in the Azure portal, search for and select Azure Active Directory.

2. In the left panel, under Manage, select App registrations > All Applications > Select your registered application (Service Principal Account) > API Permissions

3. Least Privileged Permissions required to create AAD groups are:

  • Group.Read.All
  • Group.ReadWrite.All
  • Group.Create

 

MayuriBhavsar_0-1670400799932.png

Python Source Code:

Refer attached python source code (SecurityGroupCreatePythonSample.zip) 

 

  1. Update ClientId, ClientSecret and Tenant details in config.cfg fileMayuriBhavsar_0-1670401770382.png
  2. Update Request body to create new group in graph.py file 

    MayuriBhavsar_1-1670401917055.png

  3. Install Required dependencies to build the project.

     

    python3 -m pip install azure-identity python3 -m pip install msgraph-core
  4. Ensure that installed package script path are added into System Environment Variables.  

    MayuriBhavsar_1-1670405613455.png

     

  5. Run Main.py file. Choice 6 and 7 are the methods to list or create group using SPN (App Only Authentication)MayuriBhavsar_3-1670402270726.png

     

    Reference Link:

    Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 7: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

    Step 8: Build Python apps with Microsoft Graph - Microsoft Graph | Microsoft Docs

Postman:

 

Create Authorization Header in Postman Requests Collection Folder Level:

Access Token Url: https://login.microsoftonline.com/{{TenantID}}/oauth2/v2.0/token

Scope: https://graph.microsoft.com/.default

Grant_Type = Client Credentials

 

MayuriBhavsar_0-1670402672439.png

 

Rest API to create Group:

Url: https://graph.microsoft.com/v1.0/groups

Request Type: Post

Authorization Type: Bearer Token. Copy the access token created from above step

Request Body:

 

 

 

{ "description": "Self help community for sec", "displayName": "Library sec", "groupTypes": [ "Unified" ], "mailEnabled": true, "mailNickname": "sec", "securityEnabled": true }

 

 

 

 

MayuriBhavsar_1-1670402778507.png

 

 

Reference Link:

Use Postman with the Microsoft Graph API - Microsoft Graph | Microsoft Docs

 

Note:

  1. If SPN is granted with Delegated permission, you need to follow User Authorization Code to generate access token
  2. If SPN is granted with Application permission, you can follow Grant type= Client Credentials

 

Published on:

Learn more
Azure Developer Community Blog articles
Azure Developer Community Blog articles

Azure Developer Community Blog articles

Share post:

Related posts

Azure Developer CLI (azd) – January 2026: Configuration & Performance

This post announces the January 2026 release of the Azure Developer CLI (`azd`). The post Azure Developer CLI (azd) – January 2026: Conf...

17 hours ago

Microsoft 365 Copilot: Researcher agent output formats

Microsoft 365 Copilot’s Researcher agent will add new export formats—PowerPoint, PDF, Infographic, and Audio overview—and improve existing Wor...

18 hours ago

Outlook: Print calendar events in new Outlook and Teams

Users will now have basic options for printing calendar events in the #newoutlookforwindows and Teams calendar, including choosing whether to ...

18 hours ago

Microsoft 365 Exceeds 450 Million Commercial Paid Seats

Microsoft FY26 Q2 results included a new figure for Microsoft 365 commercial paid seats: "over 450 million." Seats are growing at a consistent...

21 hours ago

Azure SDK Release (January 2026)

Azure SDK releases every month. In this post, you'll find this month's highlights and release notes. The post Azure SDK Release (January 2026)...

1 day ago

Microsoft 365 & Power Platform Community Call – January 29th, 2026 – Screenshot Summary

Call Highlights   SharePoint Quicklinks: Primary PnP Website: https://aka.ms/m365pnp Documentation & Guidance SharePoint Dev Videos Issues...

1 day ago

Azure Cosmos DB TV Recap – From Burger to Bots – Agentic Apps with Cosmos DB and LangChain.js | Ep. 111

In Episode 111 of Azure Cosmos DB TV, host Mark Brown is joined by Yohan Lasorsa to explore how developers can build agent-powered application...

1 day ago

Microsoft Copilot (Microsoft 365): Image Upload in Copilot Chat for Government Cloud

The image upload feature in Microsoft 365 Copilot allows users to upload images and seek insights from Copilot based on those images. We are b...

1 day ago

Microsoft 365: Modernized Access Denied Web Experience

We’re introducing a visual refresh of the Access Denied web experience across Microsoft 365, where users can request access to files, sites, a...

1 day ago

Microsoft 365: Enhancements to the room booking experience in the Places app

We’re enhancing the room booking experience in the Places App to align with the desk booking flow and visuals. This unifies the booking experi...

1 day ago
Stay up to date with latest Microsoft Dynamics 365 and Power Platform news!
* Yes, I agree to the privacy policy