Create group
Namespace: microsoft.graph
Create a new group as specified in the request body. You can create the following types of groups:
- Microsoft 365 group (unified group)
- Security group
This operation returns by default only a subset of the properties for each group. These default properties are noted in the Properties section.
To get properties that are not returned by default, do a GET operation and specify the properties in a $select OData query option.
Note: Although Microsoft Teams is built on Microsoft 365 groups, you can't currently create a team via this API. You can use the other group APIs to manage a team that has been created in the Microsoft Teams UI.
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
| Permission type | Permissions (from least to most privileged) |
|---|---|
| Delegated (work or school account) | Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All |
| Delegated (personal Microsoft account) | Not supported. |
| Application | Group.Create, Group.ReadWrite.All, Directory.ReadWrite.All |
HTTP request
POST /groups
Request headers
| Name | Description |
|---|---|
| Authorization | Bearer {token}. Required. |
| Content-Type | application/json |
Request body
In the request body, supply a JSON representation of the group object.
The following table shows the properties that are required when you create the group. Specify other writable properties as necessary for your group.
| Property | Type | Description |
|---|---|---|
| displayName | String | The name to display in the address book for the group. Maximum length: 256 characters. Required. |
| mailEnabled | Boolean | Set to true for mail-enabled groups. Required. |
| mailNickname | String | The mail alias for the group, unique in the organization. Maximum length is 64 characters. This property can contain only characters in the ASCII character set 0 - 127 except the following: @ () \ [] " ; : . <> , SPACE. Required. |
| securityEnabled | Boolean | Set to true for security-enabled groups, including Microsoft 365 groups. Required. Note: Groups created using the Microsoft Azure portal always have securityEnabled initially set to true. |
Important
Creating a group using the Group.Create application permission without specifying owners will create the group anonymously and the group will not be modifiable. Add owners to the group while creating it to specify owners who can modify the group.
Creating a Microsoft 365 group programmatically with an app-only context and without specifying owners will create the group anonymously. Doing so can result in the associated SharePoint Online site not being created automatically until further manual action is taken.
To following properties can't be set in the initial POST request and must be set in a subsequent PATCH request: allowExternalSenders, autoSubscribeNewMembers, hideFromAddressLists, hideFromOutlookClients, isSubscribedByMail, unseenCount.
groupTypes options
Use the groupTypes property to control the type of group and its membership, as shown.
| Type of group | Assigned membership | Dynamic membership |
|---|---|---|
| Microsoft 365 (aka unified group) | ["Unified"] |
["Unified","DynamicMembership"] |
| Dynamic | [] (null) |
["DynamicMembership"] |
Response
If successful, this method returns a 201 Created response code and a group object in the response body. The response includes only the default properties of the group.
Examples
Example 1: Create a Microsoft 365 group
The following example creates a Microsoft 365 group. Because the owners have not been specified, the calling user is automatically added as the owner of the group.
Request
POST https://graph.microsoft.com/v1.0/groups
Content-type: application/json
{
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mailEnabled": true,
"mailNickname": "library",
"securityEnabled": false
}
Response
The following is an example of the response. The value of the preferredDataLocation property is inherited from the group creator's preferred data location.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"id": "b320ee12-b1cd-4cca-b648-a437be61c5cd",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2018-12-22T00:51:37Z",
"creationOptions": [],
"description": "Self help community for library",
"displayName": "Library Assist",
"groupTypes": [
"Unified"
],
"mail": "library7423@contoso.com",
"mailEnabled": true,
"mailNickname": "library",
"onPremisesLastSyncDateTime": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "CAN",
"proxyAddresses": [
"SMTP:library7423@contoso.com"
],
"renewedDateTime": "2018-12-22T00:51:37Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": false,
"visibility": "Public",
"onPremisesProvisioningErrors": []
}
Example 2: Create a group with owners and members
The following example creates a Security group with an owner and members specified. Note that a maximum of 20 relationships, such as owners and members, can be added as part of group creation. You can subsequently add more members by using the add member API or JSON batching.
Request
POST https://graph.microsoft.com/v1.0/groups
Content-Type: application/json
{
"description": "Group with designated owner and members",
"displayName": "Operations group",
"groupTypes": [
],
"mailEnabled": false,
"mailNickname": "operations2019",
"securityEnabled": true,
"owners@odata.bind": [
"https://graph.microsoft.com/v1.0/users/26be1845-4119-4801-a799-aea79d09f1a2"
],
"members@odata.bind": [
"https://graph.microsoft.com/v1.0/users/ff7cb387-6688-423c-8188-3da9532a73cc",
"https://graph.microsoft.com/v1.0/users/69456242-0067-49d3-ba96-9de6f2728e14"
]
}
Response
The following is an example of a successful response. It includes only default properties. You can subsequently get the owners or members navigation properties of the group to verify the owner or members. The value of the preferredDataLocation property is inherited from the group creator's preferred data location.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"@odata.id": "https://graph.microsoft.com/v2/84841066-274d-4ec0-a5c1-276be684bdd3/directoryObjects/21d05557-b7b6-418f-86fa-a3118d751be4/Microsoft.DirectoryServices.Group",
"id": "21d05557-b7b6-418f-86fa-a3118d751be4",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2021-09-21T07:09:14Z",
"creationOptions": [],
"description": "Group with designated owner and members",
"displayName": "Operations group",
"expirationDateTime": null,
"groupTypes": [],
"isAssignableToRole": null,
"mail": null,
"mailEnabled": false,
"mailNickname": "operations2019",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": null,
"preferredLanguage": null,
"proxyAddresses": [],
"renewedDateTime": "2021-09-21T07:09:14Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-567301463-1099937718-295959174-3827004813",
"theme": null,
"visibility": null,
"onPremisesProvisioningErrors": []
}
Example 3: Create a Microsoft 365 group that can be assigned to an Azure AD role
Request
The following is an example of the request. The calling user or app must be assigned the RoleManagement.ReadWrite.Directory permission to set the isAssignableToRole property or update the membership of such groups.
POST https://graph.microsoft.com/v1.0/groups
Content-Type: application/json
{
"description": "Group assignable to a role",
"displayName": "Role assignable group",
"groupTypes": [
"Unified"
],
"isAssignableToRole": true,
"mailEnabled": true,
"securityEnabled": true,
"mailNickname": "contosohelpdeskadministrators",
"owners@odata.bind": [
"https://graph.microsoft.com/v1.0/users/99e44b05-c10b-4e95-a523-e2732bbaba1e"
],
"members@odata.bind": [
"https://graph.microsoft.com/v1.0/users/6ea91a8d-e32e-41a1-b7bd-d2d185eed0e0",
"https://graph.microsoft.com/v1.0/users/4562bcc8-c436-4f95-b7c0-4f8ce89dca5e"
]
}
Note: A group with isAssignableToRole property set to
truecannot be of dynamic membership type and cannot have an owner. For more information, see Using a group to manage Azure AD role assignments.
Response
The following is an example of the response. It includes only default properties. The value of the preferredDataLocation property is inherited from the group creator's preferred data location.
HTTP/1.1 201 Created
Content-type: application/json
{
"@odata.context": "https://graph.microsoft.com/v1.0/$metadata#groups/$entity",
"@odata.id": "https://graph.microsoft.com/v2/84841066-274d-4ec0-a5c1-276be684bdd3/directoryObjects/55ea2e8c-757f-4f2d-be9e-53c22e8c6a54/Microsoft.DirectoryServices.Group",
"id": "55ea2e8c-757f-4f2d-be9e-53c22e8c6a54",
"deletedDateTime": null,
"classification": null,
"createdDateTime": "2021-09-21T07:23:06Z",
"createdByAppId": "de8bc8b5-d9f9-48b1-a8ad-b748da725064",
"organizationId": "84841066-274d-4ec0-a5c1-276be684bdd3",
"description": "Group assignable to a role",
"displayName": "Role assignable group",
"expirationDateTime": null,
"groupTypes": [
"Unified"
],
"infoCatalogs": [],
"isAssignableToRole": true,
"isManagementRestricted": null,
"mail": "contosohelpdeskadministrators@M365x010717.onmicrosoft.com",
"mailEnabled": true,
"mailNickname": "contosohelpdeskadministrators",
"membershipRule": null,
"membershipRuleProcessingState": null,
"onPremisesDomainName": null,
"onPremisesLastSyncDateTime": null,
"onPremisesNetBiosName": null,
"onPremisesSamAccountName": null,
"onPremisesSecurityIdentifier": null,
"onPremisesSyncEnabled": null,
"preferredDataLocation": "EU",
"preferredLanguage": null,
"proxyAddresses": [
"SMTP:contosohelpdeskadministrators@M365x010717.onmicrosoft.com"
],
"renewedDateTime": "2021-09-21T07:23:06Z",
"resourceBehaviorOptions": [],
"resourceProvisioningOptions": [],
"securityEnabled": true,
"securityIdentifier": "S-1-12-1-1441410700-1328379263-3260260030-1416268846",
"theme": null,
"visibility": "Private",
"writebackConfiguration": {
"isEnabled": null,
"onPremisesGroupType": null
},
"onPremisesProvisioningErrors": []
}