Add owners

Namespace: microsoft.graph

Add a user or service principal to a Microsoft 365 or security group's owners. The owners are a set of users or service principals who are allowed to modify the group object.

Important: If you update the group owners and you created a team for the group, it can take up to 2 hours for the owners to be synchronized with Microsoft Teams. Also, if you want the owner to be able to make changes in a team - for example, by creating a Planner plan - the owner also needs to be added as a group/team member.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

Choose the permission or permissions marked as least privileged for this API. Use a higher privileged permission or permissions only if your app requires it. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Group.ReadWrite.All Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Group.ReadWrite.All Directory.ReadWrite.All

The signed-in user must also be assigned at least one of the following Microsoft Entra roles:

Microsoft Entra role Limitations
User Administrator Can modify user owners only
Directory Writers Can modify user owners only
Groups Administrator Can modify all types of group owners
Exchange Service Administrator Can modify owners of Microsoft 365 groups only
SharePoint Service Administrator Can modify owners of Microsoft 365 groups only
Teams Administrator Can modify owners of Microsoft 365 groups only
Yammer Administrator Can modify owners of Microsoft 365 groups only
Intune Administrator Can modify owners of security groups only
Knowledge Administrator Can modify owners of security groups only
Knowledge Manager Can modify owners of security groups only
Windows 365 Administrator Can modify owners of security groups only

HTTP request

POST /groups/{id}/owners/$ref

Request headers

Name Description
Authorization Bearer {token}. Required. Learn more about authentication and authorization.
Content-Type application/json. Required.

Request body

In the request body, supply a JSON representation with the @odata.id of a user or servicePrincipal object to be added

Response

If successful, this method returns a 204 No Content response code. It doesn't return anything in the response body. This method returns a 400 Bad Request response code when the object is already a member of the group. This method returns a 404 Not Found response code when the object being added doesn't exist.

Example

Request

The following example shows a request that adds a user as a group owner.

POST https://graph.microsoft.com/v1.0/groups/{id}/owners/$ref
Content-type: application/json

{
  "@odata.id": "https://graph.microsoft.com/v1.0/users/{id}"
}

In the request body, supply a JSON representation with the @odata.id of a user or servicePrincipal object to be added.

Response

The following example shows the response.

Note: The response object shown here might be shortened for readability.

HTTP/1.1 204 No Content