Groups
Provides metadata for Microsoft Exchange Groups, including group names, descriptions, membership, and administrative settings. This is useful for auditing group configurations and collaboration patterns across Exchange Online.
Table Specific Information
Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the Group.Read.All and the Group.ReadWrite.All permissions. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com.
To authorize Groups permissions, an administrator must grant the Groups permissions for your organization at large. This can be done via the
administrator authorization endpoint. Simply have the administrator navigate to the following web page and grant permissions. Then
run the OAuth authorization as normal afterwards.
https://login.microsoftonline.com/common/adminconsent?client_id=[YourClientId]&redirect_uri=http://localhost:33333
Note that if your organization has multiple tenants, you may replace the /common/ in the url with the tenant id to indicate which tenant to grant permissions for.
Select
Retrieve all groups, specify a GroupId (Id), or simply filter by a certain column:
SELECT * FROM Groups WHERE Id = 'Group Id here' SELECT Id, Description, DisplayName FROM Groups WHERE Name = 'test'
Insert
The following are required to create a new Security Group:
INSERT INTO Groups (DisplayName, MailEnabled, MailNickname, SecurityEnabled) VALUES ('Test group', false, 'test', true)
Columns
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The unique identifier for the group, typically a GUID, used to distinguish this group from all others within the directory. |
| deletedDateTime | Datetime | False |
The timestamp indicating when the group was deleted. A null value means the group is still active. |
| allowExternalSenders | Bool | False |
Specifies whether users outside of the organization are permitted to send emails to the group's email address. |
| assignedLicenses | String | False |
A list of licenses that have been explicitly assigned to the group. Each license entry is represented by a comma-separated string of license identifiers. |
| autoSubscribeNewMembers | Bool | False |
Determines if new users added to the group are automatically subscribed to receive messages and notifications. |
| classification | String | False |
The classification label applied to the group, such as 'Confidential' or 'Internal', which helps in managing compliance and visibility. |
| createdDateTime | Datetime | False |
The date and time when the group was initially created in the directory. |
| description | String | False |
A free-text description of the group that provides context about its purpose or membership. |
| displayName | String | False |
The display name of the group, typically shown in user interfaces and address books. |
| groupTypes | String | False |
Indicates the type(s) of the group, such as 'Unified' or 'DynamicMembership'. Values are comma-separated with 1 space after each comma. |
| hasMembersWithLicenseErrors | Bool | False |
Indicates whether any group members are encountering license assignment issues that require administrative attention. |
| isArchived | Bool | False |
Shows whether the group has been archived. Archived groups are read-only and typically used for preserving past collaboration. |
| isSubscribedByMail | Bool | False |
Specifies whether the current user is subscribed to receive email notifications for group messages. |
| licenseProcessingState_state | String | False |
Reflects the current status of license processing for the group, such as 'Processing', 'Completed', or 'Error'. |
| String | False |
The primary SMTP email address assigned to the group, used for sending and receiving emails. | |
| mailEnabled | Bool | False |
Indicates whether the group is configured to send and receive emails. |
| mailNickname | String | False |
The alias or mail nickname for the group, used in email routing and auto-generated addresses. |
| onPremisesLastSyncDateTime | Datetime | False |
The last date and time when this group was synchronized from an on-premises directory service such as Active Directory. |
| onPremisesProvisioningErrors | String | False |
Lists any errors encountered during the on-premises provisioning of the group. Values are comma-separated with 1 space after each comma. |
| onPremisesSecurityIdentifier | String | False |
The security identifier (SID) assigned to the group in an on-premises directory, used for identity and access management. |
| onPremisesSyncEnabled | Bool | False |
Indicates whether this group is currently being synchronized from an on-premises directory. |
| preferredDataLocation | String | False |
The preferred geographic data location (geo) for storing the group's data, typically aligning with compliance requirements. |
| proxyAddresses | String | False |
A collection of email proxy addresses associated with the group, including SMTP aliases. Values are comma-separated with 1 space after each comma. |
| renewedDateTime | Datetime | False |
The timestamp when the group was last renewed. For groups with expiration policies, this date updates automatically. |
| securityEnabled | Bool | False |
Indicates whether the group is a security group that can be used to assign permissions to resources. |
| unseenCount | Int | False |
The number of unread conversations or notifications for the group as viewed by the current user. |
| visibility | String | False |
Controls the group's visibility setting, such as 'Public' or 'Private', determining who can view group content and membership. |