group resource type

Namespace: microsoft.graph

Represents an Azure Active Directory (Azure AD) group, which can be a Microsoft 365 group, or a security group.

Inherits from directoryObject.

For performance reasons, the create, get, and list operations return only a subset of more commonly used properties by default. These default properties are noted in the Properties section. To get any of the properties that are not returned by default, specify them in a $select OData query option.

This resource supports:

Methods

Method Return Type Description
Group management
Create group group Create a new group. It can be a Microsoft 365 group, dynamic group, or security group.
Get group group Read properties of a group object.
List groups group collection List group objects and their properties.
Update group None Update the properties of a group object.
Delete group None Delete group object.
delta group collection Get incremental changes for groups.
List groupLifecyclePolicies groupLifecyclePolicy collection List group lifecycle policies.
Renew Boolean Renews a group's expiration. When a group is renewed, the group expiration is extended by the number of days defined in the policy.
Add owner None Add a new owner for the group by posting to the owners navigation property (supported for security groups and mail-enabled security groups only).
List owners directoryObject collection Get the owners of the group from the owners navigation property.
Remove owner None Remove an owner from a Microsoft 365 group, a security group or a mail-enabled security group through the owners navigation property.
Add member None Add a user or group to this group by posting to the members navigation property (supported for security groups and mail-enabled security groups only).
List members directoryObject collection Get the users and groups that are direct members of this group from the members navigation property.
List transitive members directoryObject collection Get the users, groups and devices that are members, including nested members of this group.
List transitive memberOf directoryObject collection List the groups that this group is a member of. This operation is transitive and includes the groups that this group is a nested member of.
Remove member None Remove a member from a Microsoft 365 group, a security group or a mail-enabled security group through the members navigation property. You can remove users or other groups.
checkMemberGroups String collection Check this group for membership in a list of groups. The function is transitive.
checkMemberObjects String collection Check for membership in a list of group, directory role, or administrative unit objects. The function is transitive.
getMemberGroups String collection Return all the groups that the group is a member of. The function is transitive.
getMemberObjects String collection Return all of the groups that the group is a member of. The function is transitive.
Create setting groupSetting Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation.
Get setting groupSetting Read properties of a specific setting object.
List settings groupSetting collection List properties of all setting objects.
Update setting groupSetting Update a setting object.
Delete setting None Delete a setting object.
validateProperties JSON Validate that a Microsoft 365 group's display name or mail nickname complies with naming policies.
assignLicense group Add or remove subscriptions for the group. You can also enable and disable specific plans associated with a subscription.
App role assignments
List appRoleAssignments appRoleAssignment collection Get the apps and app roles which this group has been assigned.
Add appRoleAssignment appRoleAssignment Assign an app role to this group.
Remove appRoleAssignment None. Remove an app role assignment from this group.
Calendar
Create event event Create a new event by posting to the events collection.
Get event event Read properties of an event object.
List events event collection Get an event object collection.
Update event None Update the properties of an event object.
Delete event None Delete event object.
List calendarView event collection Get a collection of events in a specified time window.
Conversations
Create conversation conversation Create a new conversation by posting to the conversations collection.
Get conversation conversation Read properties of a conversation object.
List conversations conversation collection Get a conversation object collection.
Delete conversation None Delete conversation object.
Create thread conversationThread Create a new conversation thread.
Get thread conversationThread Read properties of a thread object.
List threads conversationThread collection Get all the threads of a group.
Update thread None Update properties of a thread object.
Delete thread None Delete thread object.
List acceptedSenders directoryObject collection Get a list of users or groups that are in the accepted-senders list for this group.
Add acceptedSender directoryObject Add a User or Group to the acceptSenders collection.
Remove acceptedSender directoryObject Remove a User or Group from the acceptedSenders collection.
List rejectedSenders directoryObject collection Get a list of users or groups that are in the rejected-senders list for this group.
Add rejectedSender directoryObject Add a new User or Group to the rejectedSenders collection.
Remove rejectedSender directoryObject Remove new User or Group from the rejectedSenders collection.
Create setting groupSetting Create a setting object based on a groupSettingTemplate. The POST request must provide settingValues for all the settings defined in the template. Only groups specific templates may be used for this operation.
Get setting groupSetting Read properties of a specific setting object.
List settings groupSetting collection List properties of all setting objects.
Update setting None Update a setting object.
Delete setting None Delete a setting object.
Get setting template None Read properties of a setting template.
List setting template None List properties of all setting templates.
Open extensions
Create open extension openTypeExtension Create an open extension and add custom properties to a new or existing resource.
Get open extension openTypeExtension collection Get an open extension identified by the extension name.
Schema extensions
Add schema extension values None Create a schema extension definition and then use it to add custom typed data to a resource.
Other group resources
List photos profilePhoto collection Get a collection of profile photos for the group.
List plannerPlans plannerPlan collection Get Planner plans owned by the group.
User settings
addFavorite None Add the group to the list of the signed-in user's favorite groups. Supported for only Microsoft 365 groups.
removeFavorite None Remove the group from the list of the signed-in user's favorite groups. Supported for only Microsoft 365 groups.
List memberOf directoryObject collection Get the groups and administrative units that this user is a direct member of, from the memberOf navigation property.
subscribeByMail None Set the isSubscribedByMail property to true. Enabling the signed-in user to receive email conversations. Supported for only Microsoft 365 groups.
unsubscribeByMail None Set the isSubscribedByMail property to false. Disabling the signed-in user from receive email conversations. Supported for only Microsoft 365 groups.
resetUnseenCount None Reset the unseenCount to 0 of all the posts that the signed-in user has not seen since their last visit. Supported for only Microsoft 365 groups.

Properties

Property Type Description
allowExternalSenders Boolean Indicates if people external to the organization can send messages to the group. Default value is false.

Returned only on $select.
assignedLabels assignedLabel collection The list of sensitivity label pairs (label ID, label name) associated with an Microsoft 365 group.

Returned only on $select. Read-only.
assignedLicenses assignedLicense collection The licenses that are assigned to the group.

Returned only on $select. Read-only.
autoSubscribeNewMembers Boolean Indicates if new members added to the group will be auto-subscribed to receive email notifications. You can set this property in a PATCH request for the group; do not set it in the initial POST request that creates the group. Default value is false.

Returned only on $select.
classification String Describes a classification for the group (such as low, medium or high business impact). Valid values for this property are defined by creating a ClassificationList setting value, based on the template definition.

Returned by default.
createdDateTime DateTimeOffset Timestamp of when the group was created. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'.

Returned by default. Read-only.
deletedDateTime DateTimeOffset For some Azure Active Directory objects (user, group, application), if the object is deleted, it is first logically deleted, and this property is updated with the date and time when the object was deleted. Otherwise this property is null. If the object is restored, this property is updated to null.
description String An optional description for the group.

Returned by default.
displayName String The display name for the group. This property is required when a group is created and cannot be cleared during updates.

Returned by default. Supports $filter and $orderby.
expirationDateTime DateTimeOffset Timestamp of when the group is set to expire. The value cannot be modified and is automatically populated when the group is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'.

Returned by default. Read-only.
groupTypes String collection Specifies the group type and its membership.

If the collection contains Unified, the group is a Microsoft 365 group; otherwise, it's either a security group or distribution group. For details, see groups overview.

If the collection includes DynamicMembership, the group has dynamic membership; otherwise, membership is static.

Returned by default. Supports $filter.
hasMembersWithLicenseErrors Boolean Indicates whether there are members in this group that have license errors from its group-based license assignment.

This property is never returned on a GET operation. You can use it as a $filter argument to get groups that have members with license errors (that is, filter for this property being true). See an example.
hideFromAddressLists Boolean True if the group is not displayed in certain parts of the Outlook UI: the Address Book, address lists for selecting message recipients, and the Browse Groups dialog for searching groups; otherwise, false. Default value is false.

Returned only on $select.
hideFromOutlookClients Boolean True if the group is not displayed in Outlook clients, such as Outlook for Windows and Outlook on the web; otherwise, false. Default value is false.

Returned only on $select.
id String The unique identifier for the group.

Returned by default. Inherited from directoryObject. Key. Not nullable. Read-only.
isSubscribedByMail Boolean Indicates whether the signed-in user is subscribed to receive email conversations. Default value is true.

Returned only on $select.
licenseProcessingState String Indicates status of the group license assignment to all members of the group. Default value is false. Read-only. Possible values: QueuedForProcessing, ProcessingInProgress, and ProcessingComplete.

Returned only on $select. Read-only.
mail String The SMTP address for the group, for example, "serviceadmins@contoso.onmicrosoft.com".

Returned by default. Read-only. Supports $filter.
mailEnabled Boolean Specifies whether the group is mail-enabled.

Returned by default.
mailNickname String The mail alias for the group, unique in the organization. This property must be specified when a group is created.

Returned by default. Supports $filter.
membershipRule String The rule that determines members for this group if the group is a dynamic group (groupTypes contains DynamicMembership). For more information about the syntax of the membership rule, see Membership Rules syntax.

Returned by default.
membershipRuleProcessingState String Indicates whether the dynamic membership processing is on or paused. Possible values are "On" or "Paused".

Returned by default.
onPremisesDomainName String Contains the on-premises domain FQDN, also called dnsDomainName synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.

Returned by default. Read-only.
onPremisesLastSyncDateTime DateTimeOffset Indicates the last time at which the group was synced with the on-premises directory.The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'.

Returned by default. Read-only. Supports $filter.
onPremisesNetBiosName String Contains the on-premises netBios name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.

Returned by default. Read-only.
onPremisesProvisioningErrors onPremisesProvisioningError collection Errors when using Microsoft synchronization product during provisioning.

Returned by default.
onPremisesSamAccountName String Contains the on-premises SAM account name synchronized from the on-premises directory. The property is only populated for customers who are synchronizing their on-premises directory to Azure Active Directory via Azure AD Connect.

Returned by default. Read-only.
onPremisesSecurityIdentifier String Contains the on-premises security identifier (SID) for the group that was synchronized from on-premises to the cloud.

Returned by default. Read-only.
onPremisesSyncEnabled Boolean true if this group is synced from an on-premises directory; false if this group was originally synced from an on-premises directory but is no longer synced; null if this object has never been synced from an on-premises directory (default).

Returned by default. Read-only. Supports $filter.
preferredDataLocation String The preferred data location for the group. For more information, see OneDrive Online Multi-Geo.

Returned by default.
preferredLanguage String The preferred language for an Microsoft 365 group. Should follow ISO 639-1 Code; for example "en-US".

Returned by default.
proxyAddresses String collection Email addresses for the group that direct to the same group mailbox. For example: ["SMTP: bob@contoso.com", "smtp: bob@sales.contoso.com"]. The any operator is required to filter expressions on multi-valued properties.

Returned by default. Read-only. Not nullable. Supports $filter.
renewedDateTime DateTimeOffset Timestamp of when the group was last renewed. This cannot be modified directly and is only updated via the renew service action. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 would look like this: '2014-01-01T00:00:00Z'.

Returned by default. Read-only.
securityEnabled Boolean Specifies whether the group is a security group.

Returned by default. Supports $filter.
securityIdentifier String Security identifier of the group, used in Windows scenarios.

Returned by default.
theme String Specifies an Microsoft 365 group's color theme. Possible values are Teal, Purple, Green, Blue, Pink, Orange or Red.

Returned by default.
unseenCount Int32 Count of conversations that have received new posts since the signed-in user last visited the group.

Returned only on $select.
visibility String Specifies the visibility of a Microsoft 365 group. Possible values are: Private, Public, or Hiddenmembership; blank values are treated as public. See group visibility options to learn more.
Visibility can be set only when a group is created; it is not editable.
Visibility is supported only for unified groups; it is not supported for security groups.

Returned by default.

Group visibility options

Here's what each visibility property value means:

Value Description
Public Anyone can join the group without needing owner permission.
Anyone can view the contents of the group.
Private Owner permission is needed to join the group.
Non-members cannot view the contents of the group.
Hiddenmembership Owner permission is needed to join the group.
Non-members cannot view the contents of the group.
Non-members cannot see the members of the group.
Administrators (global, company, user, and helpdesk) can view the membership of the group.
The group appears in the global address book (GAL).

Relationships

Relationship Type Description
acceptedSenders directoryObject collection The list of users or groups that are allowed to create post's or calendar events in this group. If this list is non-empty then only users or groups listed here are allowed to post.
calendar calendar The group's calendar. Read-only.
calendarView event collection The calendar view for the calendar. Read-only.
conversations conversation collection The group's conversations.
createdOnBehalfOf directoryObject The user (or application) that created the group. NOTE: This is not set if the user is an administrator. Read-only.
drive drive The group's default drive. Read-only.
drives drive collection The group's drives. Read-only.
events event collection The group's calendar events.
extensions extension collection The collection of open extensions defined for the group. Read-only. Nullable.
groupLifecyclePolicies groupLifecyclePolicy collection The collection of lifecycle policies for this group. Read-only. Nullable.
memberOf directoryObject collection Groups that this group is a member of. HTTP Methods: GET (supported for all groups). Read-only. Nullable.
members directoryObject collection Users and groups that are members of this group. HTTP Methods: GET (supported for all groups), POST (supported for Microsoft 365 groups, security groups and mail-enabled security groups), DELETE (supported for Microsoft 365 groups and security groups) Nullable.
membersWithLicenseErrors User collection A list of group members with license errors from this group-based license assignment. Read-only.
onenote Onenote Read-only.
owners directoryObject collection The owners of the group. The owners are a set of non-admin users who are allowed to modify this object. Limited to 100 owners. HTTP Methods: GET (supported for all groups), POST (supported for Microsoft 365 groups, security groups and mail-enabled security groups), DELETE (supported for Microsoft 365 groups and security groups). Nullable.
photo profilePhoto The group's profile photo
photos profilePhoto collection The profile photos owned by the group. Read-only. Nullable.
planner plannerGroup Entry-point to Planner resource that might exist for a Unified Group.
rejectedSenders directoryObject collection The list of users or groups that are not allowed to create posts or calendar events in this group. Nullable
settings groupSetting collection Read-only. Nullable.
sites site collection The list of SharePoint sites in this group. Access the default site with /sites/root.
threads conversationThread collection The group's conversation threads. Nullable.

JSON representation

The following is a JSON representation of the resource.

{
  "allowExternalSenders": false,
  "assignedLicenses": [{"@odata.type": "microsoft.graph.assignedLicense"}],
  "autoSubscribeNewMembers": true,
  "classification": "string",
  "createdDateTime": "String (timestamp)",
  "description": "string",
  "displayName": "string",
  "groupTypes": ["string"],
  "hasMembersWithLicenseErrors": "Boolean",
  "hideFromAddressLists": false,
  "hideFromOutlookClients": false,
  "id": "string (identifier)",
  "isSubscribedByMail": true,
  "licenseProcessingState": "string",
  "mail": "string",
  "mailEnabled": true,
  "mailNickname": "string",
  "onPremisesLastSyncDateTime": "String (timestamp)",
  "onPremisesProvisioningErrors": [{"@odata.type": "microsoft.graph.onPremisesProvisioningError"}],
  "onPremisesSecurityIdentifier": "string",
  "onPremisesSyncEnabled": true,
  "preferredDataLocation": "string",
  "proxyAddresses": ["string"],
  "renewedDateTime": "String (timestamp)",
  "securityEnabled": true,
  "securityIdentifier": "String",
  "unseenCount": 1024,
  "visibility": "string",
  "acceptedSenders": [ { "@odata.type": "microsoft.graph.directoryObject"} ],
  "calendar": { "@odata.type": "microsoft.graph.calendar" },
  "calendarView": [{ "@odata.type": "microsoft.graph.event" }],
  "conversations": [ { "@odata.type": "microsoft.graph.conversation" }],
  "createdOnBehalfOf": { "@odata.type": "microsoft.graph.directoryObject" },
  "drive": { "@odata.type": "microsoft.graph.drive" },
  "events": [ { "@odata.type": "microsoft.graph.event" }],
  "memberOf": [ { "@odata.type": "microsoft.graph.directoryObject" } ],
  "members": [ { "@odata.type": "microsoft.graph.directoryObject" } ],
  "membersWithLicenseErrors": [{"@odata.type": "microsoft.graph.user"}],
  "owners": [ { "@odata.type": "microsoft.graph.directoryObject" } ],
  "photo": { "@odata.type": "microsoft.graph.profilePhoto" },
  "rejectedSenders": [ { "@odata.type": "microsoft.graph.directoryObject" } ],
  "sites": [ { "@odata.type": "microsoft.graph.site" } ],
  "threads": [ { "@odata.type": "microsoft.graph.conversationThread" }]
}

See also