group resource type
Namespace: microsoft.graph
Represents an Azure Active Directory (Azure AD) group, which can be a Microsoft 365 group, or a security group. This resource is an open type that allows other properties to be passed in.
Inherits from directoryObject.
For performance reasons, the create, get, and list operations return only a subset of more commonly used properties by default. These default properties are noted in the Properties section. To get any of the properties that are not returned by default, specify them in a $select OData query option.
This resource supports:
- Adding your own data to custom properties as extensions.
- Subscribing to change notifications.
- Using delta query to track incremental additions, deletions, and updates, by providing a delta function.
Methods
| Method | Return Type | Description |
|---|---|---|
| Group management | ||
| Create group | group | Create a new group. It can be a Microsoft 365 group, dynamic group, or security group. |
| Get group | group | Read properties of a group object. |
| List groups | group collection | List group objects and their properties. |
| Update group | None | Update the properties of a group object. |
| Delete group | None | Delete group object. |
| delta | group collection | Get incremental changes for groups. |
| Add members | None | Add a member to this group by posting to the members navigation property (supported for security groups and Microsoft 365 groups only). |
| Add owners | None | Add a new owner for the group by posting to the owners navigation property (supported for security groups and Microsoft 365 groups only). |
| List groupLifecyclePolicies | groupLifecyclePolicy collection | List group lifecycle policies. |
| List members | directoryObject collection | Get the direct members of this group from the members navigation property. |
| List owners | directoryObject collection | Get the owners of the group from the owners navigation property. |
| List transitive members | directoryObject collection | Get the users, groups and devices that are members, including nested members of this group. |
| List transitive memberOf | directoryObject collection | List the groups that this group is a member of. This operation is transitive and includes the groups that this group is a nested member of. |
| Remove member | None | Remove a member from a Microsoft 365 group or a security group through the members navigation property. |
| Remove owner | None | Remove an owner from a Microsoft 365 group or a security group through the owners navigation property. |
| assignLicense | group | Add or remove subscriptions for the group. You can also enable and disable specific plans associated with a subscription. |
| renew | Boolean | Renews a group's expiration. When a group is renewed, the group expiration is extended by the number of days defined in the policy. |
| validateProperties | JSON | Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies. |
| App role assignments | ||
| List appRoleAssignments | appRoleAssignment collection | Get the apps and app roles which this group has been assigned. |
| Add appRoleAssignment | appRoleAssignment | Assign an app role to this group. |
| Remove appRoleAssignment | None. | Remove an app role assignment from this group. |
| Calendar | ||
| Create event | event | Create a new event by posting to the events collection. |
| Get event | event | Read properties of an event object. |
| List events | event collection | Get an event object collection. |
| Update event | None | Update the properties of an event object. |
| Delete event | None | Delete event object. |
| List calendarView | event collection | Get a collection of events in a specified time window. |
| Conversations | ||
| Create conversation | conversation | Create a new conversation by posting to the conversations collection. |
| Get conversation | conversation | Read properties of a conversation object. |
| List conversations | conversation collection | Get a conversation object collection. |
| Delete conversation | None | Delete conversation object. |
| Create thread | conversationThread | Create a new conversation thread. |
| Get thread | conversationThread | Read properties of a thread object. |
| List threads | conversationThread collection | Get all the threads of a group. |
| Update thread | None | Update properties of a thread object. |
| Delete thread | None | Delete thread object. |
| List acceptedSenders | directoryObject collection | Get a list of users or groups that are in the accepted-senders list for this group. |
| Add acceptedSender | directoryObject | Add a User or Group to the acceptSenders collection. |
| Remove acceptedSender | directoryObject | Remove a User or Group from the acceptedSenders collection. |
| List rejectedSenders | directoryObject collection | Get a list of users or groups that are in the rejected-senders list for this group. |
| Add rejectedSender | directoryObject | Add a new User or Group to the rejectedSenders collection. |
| Remove rejectedSender | directoryObject | Remove new User or Group from the rejectedSenders collection. |
| Create setting | groupSetting | Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation. |
| Directory objects | ||
| List deleted groups | directoryObject collection | Retrieve the groups deleted in the tenant in the last 30 days. |
| List deleted groups owned by user | directoryObject collection | Retrieve the groups deleted in the tenant in the last 30 days and that are owned by a user. |
| Get deleted group | directoryObject collection | Retrieve a deleted group by ID. |
| Restore deleted group | directoryObject collection | Restore a group deleted in the tenant in the last 30 days. |
| Permanently delete group | directoryObject collection | Permanently delete a deleted group from the tenant. |
| checkMemberGroups | String collection | Check for membership in a list of groups. The function is transitive. |
| getMemberGroups | String collection | Return all the groups that the group is a member of. The function is transitive. |
| checkMemberObjects | String collection | Check for membership in a list of group, directory role, or administrative unit objects. The function is transitive. |
| getMemberObjects | String collection | Return all of the groups and administrative units that the group is a member of. The function is transitive. |
| Group settings | ||
| Get setting | groupSetting | Read properties of a specific setting object. |
| List settings | groupSetting collection | List properties of all setting objects. |
| Update setting | None | Update a setting object. |
| Delete setting | None | Delete a setting object. |
| Get setting template | None | Read properties of a setting template. |
| List setting template | None | List properties of all setting templates. |
| Open extensions | ||
| Create open extension | openTypeExtension | Create an open extension and add custom properties to a new or existing resource. |
| Get open extension | openTypeExtension collection | Get an open extension identified by the extension name. |
| Schema extensions | ||
| Add schema extension values | None | Create a schema extension definition and then use it to add custom typed data to a resource. |
| Other group resources | ||
| List photos | profilePhoto collection | Get a collection of profile photos for the group. |
| List plannerPlans | plannerPlan collection | Get Planner plans owned by the group. |
| List permissionGrants | resourceSpecificPermissionGrant collection | List permissions that have been granted to apps to access the group. |
| User settings | ||
| addFavorite | None | Add the group to the list of the signed-in user's favorite groups. Supported for only Microsoft 365 groups. |
| removeFavorite | None | Remove the group from the list of the signed-in user's favorite groups. Supported for only Microsoft 365 groups. |
| List memberOf | directoryObject collection | Get the groups and administrative units that this user is a direct member of, from the memberOf navigation property. |
| List joinedTeams | group collection | Get the Microsoft Teams that the user is a direct member of. |
| List associated teams | associatedTeamInfo collection | Get the list of associatedTeamInfo objects in Microsoft Teams that a user is associated with. |
| subscribeByMail | None | Set the isSubscribedByMail property to true. Enabling the signed-in user to receive email conversations. Supported for only Microsoft 365 groups. |
| unsubscribeByMail | None | Set the isSubscribedByMail property to false. Disabling the signed-in user from receive email conversations. Supported for only Microsoft 365 groups. |
| resetUnseenCount | None | Reset the unseenCount to 0 of all the posts that the signed-in user has not seen since their last visit. Supported for only Microsoft 365 groups. |
Properties
Important
Specific usage of $filter and the $search query parameter is supported only when you use the ConsistencyLevel header set to eventual and $count. For more information, see Advanced query capabilities on directory objects.
| Property | Type | Description |
|---|---|---|
| allowExternalSenders | Boolean | Indicates if people external to the organization can send messages to the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| assignedLabels | assignedLabel collection | The list of sensitivity label pairs (label ID, label name) associated with a Microsoft 365 group. Returned only on $select. |
| assignedLicenses | assignedLicense collection | The licenses that are assigned to the group. Returned only on $select. Supports $filter (eq).Read-only. |
| autoSubscribeNewMembers | Boolean | Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| classification | String | Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). |
| createdDateTime | DateTimeOffset | Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. |
| deletedDateTime | DateTimeOffset | For some Azure Active Directory objects (user, group, application), if the object is deleted, it is first logically deleted, and this property is updated with the date and time when the object was deleted. Otherwise this property is null. If the object is restored, this property is updated to null. |
| description | String | An optional description for the group. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith) and $search. |
| displayName | String | The display name for the group. This property is required when a group is created and cannot be cleared during updates. Maximum length is 256 characters. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values), $search, and $orderby. |
| expirationDateTime | DateTimeOffset | Timestamp of when the group is set to expire. Is null for security groups but for Microsoft 365 groups, it represents when the group is set to expire as defined in the groupLifecyclePolicy. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. |
| groupTypes | String collection | Specifies the group type and its membership. If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static. Returned by default. Supports $filter (eq, not). |
| hasMembersWithLicenseErrors | Boolean | Indicates whether there are members in this group that have license errors from its group-based license assignment. This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example. Supports $filter (eq). |
| hideFromAddressLists | Boolean | True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| hideFromOutlookClients | Boolean | True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| id | String | The unique identifier for the group. Returned by default. Inherited from directoryObject. Key. Not nullable. Read-only. Supports $filter (eq, ne, not, in). |
| isArchived | Boolean | When a group is associated with a team this property determines whether the team is in read-only mode. To read this property, use the /group/{groupId}/team endpoint or the Get team API. To update this property, use the archiveTeam and unarchiveTeam APIs. |
| isAssignableToRole | Boolean | Indicates whether this group can be assigned to an Azure Active Directory role or not. Optional. This property can only be set while creating the group and is immutable. If set to true, the securityEnabled property must also be set to true, visibility must be Hidden, and the group cannot be a dynamic group (that is, groupTypes cannot contain DynamicMembership). Only callers in Global Administrator and Privileged Role Administrator roles can set this property. The caller must also be assigned the RoleManagement.ReadWrite.Directory permission to set this property or update the membership of such groups. For more, see Using a group to manage Azure AD role assignments Using this feature requires a Azure AD Premium P1 license. Returned by default. Supports $filter (eq, ne, not). |
| isSubscribedByMail | Boolean | Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| licenseProcessingState | String | Indicates status of the group license assignment to all members of the group. Default value is false. Read-only. Possible values: QueuedForProcessing, ProcessingInProgress, and ProcessingComplete.Returned only on $select. Read-only. |
| String | The SMTP address for the group, for example, "serviceadmins@contoso.onmicrosoft.com". Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
|
| mailEnabled | Boolean | Specifies whether the group is mail-enabled. Required. Returned by default. Supports $filter (eq, ne, not). |
| mailNickname | String | The mail alias for the group, unique for Microsoft 365 groups in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : <> , SPACE. Required. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
| membershipRule | String | The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax. Returned by default. Supports $filter (eq, ne, not, ge, le, startsWith). |
| membershipRuleProcessingState | String | Indicates whether the dynamic membership processing is on or paused. Possible values are On or Paused. Returned by default. Supports $filter (eq, ne, not, in). |
| onPremisesLastSyncDateTime | DateTimeOffset | Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Read-only. Supports $filter (eq, ne, not, ge, le, in). |
| onPremisesProvisioningErrors | onPremisesProvisioningError collection | Errors when using Microsoft synchronization product during provisioning. Returned by default. Supports $filter (eq, not). |
| onPremisesSamAccountName | String | Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith). Read-only. |
| onPremisesSecurityIdentifier | String | Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud. Returned by default. Supports $filter (eq including on null values). Read-only. |
| onPremisesSyncEnabled | Boolean | true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default). Returned by default. Read-only. Supports $filter (eq, ne, not, in, and eq on null values). |
| preferredDataLocation | String | The preferred data location for the Microsoft 365 group. By default, the group inherits the group creator's preferred data location. To set this property, the calling user must be assigned one of the following Azure AD roles:
For more information about this property, see OneDrive Online Multi-Geo. Nullable. Returned by default. |
| preferredLanguage | String | The preferred language for a Microsoft 365 group. Should follow ISO 639-1 Code; for example en-US. Returned by default. Supports $filter (eq, ne, not, ge, le, in, startsWith, and eq on null values). |
| proxyAddresses | String collection | Email addresses for the group that direct to the same group mailbox. For example: ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]. The any operator is required to filter expressions on multi-valued properties. Returned by default. Read-only. Not nullable. Supports $filter (eq, not, ge, le, startsWith, endsWith, /$count eq 0, /$count ne 0). |
| renewedDateTime | DateTimeOffset | Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. Returned by default. Supports $filter (eq, ne, not, ge, le, in). Read-only. |
| resourceBehaviorOptions | String collection | Specifies the group behaviors that can be set for a Microsoft 365 group during creation. This can be set only as part of creation (POST). Possible values are AllowOnlyMembersToPost, HideGroupInOutlook, SubscribeNewGroupMembers, WelcomeEmailDisabled. For more information, see Set Microsoft 365 group behaviors and provisioning options. |
| resourceProvisioningOptions | String collection | Specifies the group resources that are provisioned as part of Microsoft 365 group creation, that are not normally part of default group creation. Possible value is Team. For more information, see Set Microsoft 365 group behaviors and provisioning options. |
| securityEnabled | Boolean | Specifies whether the group is a security group. Required. Returned by default. Supports $filter (eq, ne, not, in). |
| securityIdentifier | String | Security identifier of the group, used in Windows scenarios. Returned by default. |
| theme | string | Specifies a Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red. Returned by default. |
| unseenCount | Int32 | Count of conversations that have received new posts since the signed-in user last visited the group. Returned only on $select. Supported only on the Get group API (GET /groups/{ID}). |
| visibility | String | Specifies the group join policy and group content visibility for groups. Possible values are: Private, Public, or HiddenMembership. HiddenMembership can be set only for Microsoft 365 groups, when the groups are created. It can't be updated later. Other values of visibility can be updated after group creation.If visibility value is not specified during group creation on Microsoft Graph, a security group is created as Private by default and Microsoft 365 group is Public. Groups assignable to roles are always Private. To learn more, see group visibility options. Returned by default. Nullable. |
Group visibility options
| Value | Description |
|---|---|
| Public | Anyone can join the group without needing owner permission. Anyone can view the attributes of the group. Anyone can see the members of the group. |
| Private | Owner permission is needed to join the group. Anyone can view the attributes of the group. Anyone can see the members of the group. |
| HiddenMembership | Owner permission is needed to join the group. Guest users cannot view the attributes of the group. Non-members cannot see the members of the group. Administrators (global, company, user, and helpdesk) can view the membership of the group. The group appears in the global address book (GAL). |
Relationships
| Relationship | Type | Description |
|---|---|---|
| acceptedSenders | directoryObject collection | The list of users or groups that are allowed to create post's or calendar events in this group. If this list is non-empty then only users or groups listed here are allowed to post. |
| appRoleAssignments | appRoleAssignment collection | Represents the app roles a group has been granted for an application. Supports $expand. |
| calendar | calendar | The group's calendar. Read-only. |
| calendarView | event collection | The calendar view for the calendar. Read-only. |
| conversations | conversation collection | The group's conversations. |
| createdOnBehalfOf | directoryObject | The user (or application) that created the group. NOTE: This is not set if the user is an administrator. Read-only. |
| drive | drive | The group's default drive. Read-only. |
| drives | drive collection | The group's drives. Read-only. |
| events | event collection | The group's calendar events. |
| extensions | extension collection | The collection of open extensions defined for the group. Read-only. Nullable. |
| groupLifecyclePolicies | groupLifecyclePolicy collection | The collection of lifecycle policies for this group. Read-only. Nullable. |
| memberOf | directoryObject collection | Groups that this group is a member of. HTTP Methods: GET (supported for all groups). Read-only. Nullable. Supports $expand. |
| members | directoryObject collection | The members of this group, who can be users, devices, other groups, or service principals. Supports the List members, Add member, and Remove member operations. Nullable. Supports $expand including nested $select. For example, /groups?$filter=startsWith(displayName,'Role')&$select=id,displayName&$expand=members($select=id,userPrincipalName,displayName). |
| membersWithLicenseErrors | User collection | A list of group members with license errors from this group-based license assignment. Read-only. |
| onenote | Onenote | Read-only. |
| owners | directoryObject collection | The owners of the group. Limited to 100 owners. Nullable. If this property is not specified when creating a Microsoft 365 group, the calling user is automatically assigned as the group owner. Supports $filter (/$count eq 0, /$count ne 0, /$count eq 1, /$count ne 1). Supports $expand including nested $select. For example, /groups?$filter=startsWith(displayName,'Role')&$select=id,displayName&$expand=owners($select=id,userPrincipalName,displayName). |
| photo | profilePhoto | The group's profile photo |
| photos | profilePhoto collection | The profile photos owned by the group. Read-only. Nullable. |
| planner | plannerGroup | Entry-point to Planner resource that might exist for a Unified Group. |
| rejectedSenders | directoryObject collection | The list of users or groups that are not allowed to create posts or calendar events in this group. Nullable |
| settings | groupSetting collection | Settings that can govern this group's behavior, like whether members can invite guest users to the group. Nullable. |
| sites | site collection | The list of SharePoint sites in this group. Access the default site with /sites/root. |
| team | channel collection | The team associated with this group. |
| threads | conversationThread collection | The group's conversation threads. Nullable. |
| transitiveMemberOf | directoryObject collection | The groups that a group is a member of, either directly and through nested membership. Nullable. |
| transitiveMembers | directoryObject collection | The direct and transitive members of a group. Nullable. |
JSON representation
The following is a JSON representation of the resource.
{
"allowExternalSenders": false,
"acceptedSenders": [{ "@odata.type": "microsoft.graph.directoryObject" }],
"assignedLicenses": [{ "@odata.type": "microsoft.graph.assignedLicense" }],
"autoSubscribeNewMembers": true,
"calendar": { "@odata.type": "microsoft.graph.calendar" },
"calendarView": [{ "@odata.type": "microsoft.graph.event" }],
"classification": "String",
"conversations": [{ "@odata.type": "microsoft.graph.conversation" }],
"createdDateTime": "String (timestamp)",
"createdOnBehalfOf": { "@odata.type": "microsoft.graph.directoryObject" },
"description": "String",
"displayName": "String",
"drive": { "@odata.type": "microsoft.graph.drive" },
"events": [{ "@odata.type": "microsoft.graph.event" }],
"groupTypes": ["String"],
"hasMembersWithLicenseErrors": "Boolean",
"hideFromAddressLists": false,
"hideFromOutlookClients": false,
"id": "String (identifier)",
"isAssignableRole": false,
"isSubscribedByMail": true,
"licenseProcessingState": "String",
"mail": "String",
"mailEnabled": true,
"mailNickname": "String",
"memberOf": [{ "@odata.type": "microsoft.graph.directoryObject" }],
"members": [{ "@odata.type": "microsoft.graph.directoryObject" }],
"membersWithLicenseErrors": [{ "@odata.type": "microsoft.graph.user" }],
"onPremisesLastSyncDateTime": "String (timestamp)",
"onPremisesProvisioningErrors": [
{ "@odata.type": "microsoft.graph.onPremisesProvisioningError" }
],
"onPremisesSecurityIdentifier": "String",
"onPremisesSyncEnabled": true,
"owners": [{ "@odata.type": "microsoft.graph.directoryObject" }],
"preferredDataLocation": "String",
"proxyAddresses": ["String"],
"photo": { "@odata.type": "microsoft.graph.profilePhoto" },
"rejectedSenders": [{ "@odata.type": "microsoft.graph.directoryObject" }],
"renewedDateTime": "String (timestamp)",
"resourceBehaviorOptions": ["String"],
"resourceProvisioningOptions": ["String"],
"securityEnabled": true,
"securityIdentifier": "String",
"sites": [{ "@odata.type": "microsoft.graph.site" }],
"threads": [{ "@odata.type": "microsoft.graph.conversationThread" }],
"unseenCount": 1024,
"visibility": "String"
}
See also
Feedback
Submit and view feedback for