Check member groups

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Check for membership in a specified list of groups, and returns from that list those groups of which the specified user, group, service principal or directory object is a member. This function is transitive.

Permissions

One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All
Delegated (personal Microsoft account) Not supported.
Application User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All

Use the follow scenario guidance to help determine which permission types to use:

  • Use User.Read and GroupMember.Read.All or User.Read and Group.Read.All permissions to get group memberships for the signed-in user.
  • Use User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All or User.Read.All and Group.Read.All permissions to get group memberships for any user.
  • Use GroupMember.Read.All or Group.Read.All permission to get group memberships for a group.
  • Use Application.ReadWrite.All and GroupMember.Read.All or Application.ReadWrite.All and Group.Read.All permissions to get group memberships for a service principal.
  • Use Directory.Read.All permission to get group memberships for a directory object.

HTTP request

POST /me/checkMemberGroups
POST /users/{id | userPrincipalName}/checkMemberGroups
POST /groups/{id}/checkMemberGroups
POST /servicePrincipals/{id}/checkMemberGroups
POST /directoryObjects/{id}/checkMemberGroups

Request headers

Name Type Description
Authorization string Bearer {token}. Required.
Content-Type application/json

Request body

In the request body, provide a JSON object with the following parameters.

Parameter Type Description
groupIds String collection A collection that contains the object IDs of the groups in which to check membership. Up to 20 groups may be specified.

Response

If successful, this method returns 200 OK response code and String collection object in the response body.

Example

Request
POST https://graph.microsoft.com/beta/me/checkMemberGroups
Content-type: application/json

{
  "groupIds": [
        "fee2c45b-915a-4a64-b130-f4eb9e75525e",
        "4fe90ae7-065a-478b-9400-e0a0e1cbd540"
  ]
}
Response

Note: The response object shown here may be truncated for brevity. All of the properties will be returned from an actual call.

HTTP/1.1 200 OK
Content-type: application/json

{
  "value": [
        "fee2c45b-915a-4a64-b130-f4eb9e75525e"
  ]
}