question

RayHayes-4489 avatar image
0 Votes"
RayHayes-4489 asked azure-cxp-api edited

Retrieving Azure AD Groups

I'm logged on as a user on an Azure AD joined device (Windows 10) and I'd like to see what Azure AD groups are assigned to my user. In AD it was relatively straightforward but I don't see an API to allow me see what Azure AD groups I'm currently in so that I can discover the capabilities of the user. How to do this without doing a query to Azure AD which requires a bearer token and a query to Azure AD. This a C++ desktop application.

azure-active-directory
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

michev avatar image
0 Votes"
michev answered RayHayes-4489 commented

You cannot do it without querying Azure AD (or Exchange Online, if the user is a valid recipient). The ID token can contain the list of groups, in case you can leverage that: https://docs.microsoft.com/en-us/azure/active-directory/develop/id-tokens#payload-claims

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

So how would I retrieve a Bearer Token for the logged on user so that I can execute the query?

0 Votes 0 ·

Another scenario, there is no application. I'm just querying Azure AD in my logged on user context to find out if I have any email? Is that possible?

0 Votes 0 ·