Add owners
Namespace: microsoft.graph
Add a user or service principal to a Microsoft 365 or security group's owners. The owners are a set of users or service principals who are allowed to modify the group object.
Important: If you update the group owners and you created a team for the group, it can take up to 2 hours for the owners to be synchronized with Microsoft Teams. Also, if you want the owner to be able to make changes in a team - for example, by creating a Planner plan - the owner also needs to be added as a group/team member.
This API is available in the following national cloud deployments.
Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet |
---|---|---|---|
✅ | ✅ | ✅ | ✅ |
Permissions
Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.
Permission type | Least privileged permissions | Higher privileged permissions |
---|---|---|
Delegated (work or school account) | Group.ReadWrite.All | Directory.ReadWrite.All |
Delegated (personal Microsoft account) | Not supported. | Not supported. |
Application | Group.ReadWrite.All | Directory.ReadWrite.All |
The signed-in user must also be assigned at least one of the following Microsoft Entra roles:
Microsoft Entra role | Limitations |
---|---|
User Administrator | Can modify user owners only |
Directory Writers | Can modify user owners only |
Groups Administrator | Can modify all types of group owners |
Exchange Service Administrator | Can modify owners of Microsoft 365 groups only |
SharePoint Service Administrator | Can modify owners of Microsoft 365 groups only |
Teams Administrator | Can modify owners of Microsoft 365 groups only |
Yammer Administrator | Can modify owners of Microsoft 365 groups only |
Intune Administrator | Can modify owners of security groups only |
Knowledge Administrator | Can modify owners of security groups only |
Knowledge Manager | Can modify owners of security groups only |
Windows 365 Administrator | Can modify owners of security groups only |
HTTP request
POST /groups/{id}/owners/$ref
Request headers
Name | Description |
---|---|
Authorization | Bearer {token}. Required. Learn more about authentication and authorization. |
Content-Type | application/json. Required. |
Request body
In the request body, supply a JSON representation with the @odata.id of a user or servicePrincipal object to be added
Response
If successful, this method returns a 204 No Content
response code. It doesn't return anything in the response body. This method returns a 400 Bad Request
response code when the object is already a member of the group. This method returns a 404 Not Found
response code when the object being added doesn't exist.
Example
Request
The following example shows a request that adds a user as a group owner.
POST https://graph.microsoft.com/v1.0/groups/{id}/owners/$ref
Content-type: application/json
{
"@odata.id": "https://graph.microsoft.com/v1.0/users/{id}"
}
In the request body, supply a JSON representation with the @odata.id of a user or servicePrincipal object to be added.
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 204 No Content
Related content
Feedback
https://aka.ms/ContentUserFeedback.
Coming soon: Throughout 2024 we will be phasing out GitHub Issues as the feedback mechanism for content and replacing it with a new feedback system. For more information see:Submit and view feedback for