Check member groups


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Check for membership in a specified list of groups, and returns from that list those groups of which the specified user, group, service principal or directory object is a member. This function is transitive.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) Directory.Read.All
Delegated (personal Microsoft account) Not supported.
Application Directory.Read.All

HTTP request

POST /me/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /groups/{id}/checkMemberGroups
POST /servciePrincipals/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberGroups

Request headers

Name Type Description
Authorization string Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
groupIds String collection A collection that contains the object IDs of the groups in which to check membership. Up to 20 groups may be specified.


If successful, this method returns 200 OK response code and String collection object in the response body.


Content-type: application/json

  "groupIds": [

Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

  "value": [

SDK sample code

GraphServiceClient graphClient = new GraphServiceClient( authProvider );

var groupIds = new List<String>()

await graphClient.Me

Read the SDK documentation for details on how to add the SDK to your project and create an authProvider instance.