Groups
Lists all Azure AD groups, including Office 365 and security groups, accessible to the authenticated user.
Table Specific Information
Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the Group.Read.All and the Group.ReadWrite.All permissions. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com. See Azure AD アプリケーションの作成 for more details on creating a custom app.
To authorize Groups permissions, an administrator must grant the Groups permissions for your organization at large. This can be done via the administrator authorization endpoint. Simply have the administrator grant permissions. Then run the OAuth authorization as normal afterwards.
Note that if your organization has multiple tenants, you may replace the /common/ in the url with the tenant Id to indicate which tenant to grant permissions for.
Select
Retrieve all groups, specify a GroupId (Id), or simply filter by a certain column:
SELECT * FROM Groups WHERE Id = '029b15a8-dfd1-460e-83b6-262a75328c13' SELECT Id, Description, DisplayName FROM Groups WHERE Name = 'test'
Insert
The following are required to create a new Security Group:
INSERT INTO Groups (DisplayName, MailEnabled, MailNickname, SecurityEnabled) VALUES ('Test group', false, 'test', true)
Update
To update a group record you need to specify the Id in WHERE clause.
UPDATE Groups SET Description = 'updated description from api' WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
Delete
To delete a group record, you need to specify the Id in WHERE clause.
DELETE FROM Groups WHERE Id = 'bc48eaf7-0dc6-45d1-b17a-5b5397466ee1'
GetDeleted
Retrieve recently deleted groups. Deleted groups remain available for up to 30 days.
GETDELETED FROM Groups
Columns
| Name | Type | ReadOnly | Description |
| id [KEY] | String | False |
The unique identifier for the group within Azure Active Directory. |
| deletedDateTime | Datetime | False |
The date and time when the group was deleted, if applicable. |
| allowExternalSenders | Bool | False |
Indicates whether the group allows emails from external senders. |
| assignedLabels | String | False |
A collection of labels assigned to the group, often used for categorization or compliance. |
| assignedLicenses | String | False |
A list of licenses that have been assigned to the group for service access. |
| autoSubscribeNewMembers | Bool | False |
Indicates whether new members are automatically subscribed to group notifications. |
| classification | String | False |
The classification assigned to the group, typically used for compliance or organizational purposes. |
| createdDateTime | Datetime | False |
The date and time when the group was created in Azure Active Directory. |
| description | String | False |
A brief description or summary of the group, providing context about its purpose or function. |
| displayName | String | False |
The user-friendly name of the group, as shown in the Azure portal and directory. |
| expirationDateTime | Datetime | False |
The date and time when the group is scheduled to expire, if applicable. |
| groupTypes | String | False |
A list of group types, such as 'Unified' or 'Security', that define the group's functionality. |
| hasMembersWithLicenseErrors | Bool | False |
Indicates if any group members have errors related to license assignments. |
| hideFromAddressLists | Bool | False |
Specifies whether the group is hidden from address lists in the directory. |
| hideFromOutlookClients | Bool | False |
Specifies whether the group is hidden from visibility in Outlook clients. |
| isArchived | Bool | False |
Indicates if the group has been archived, meaning it is no longer active but retained for records. |
| isAssignableToRole | Bool | False |
Indicates if the group can be assigned to Azure roles or permissions. |
| isManagementRestricted | Bool | False |
Indicates whether management operations on the group are restricted. |
| isSubscribedByMail | Bool | False |
Indicates if members of the group are subscribed to email notifications. |
| licenseProcessingState | String | False |
The current processing state of the group's licenses, such as 'Enabled' or 'Disabled'. |
| String | False |
The primary email address associated with the group. | |
| mailEnabled | Bool | False |
Indicates if the group is configured to send and receive emails. |
| mailNickname | String | False |
The alias for the group's email address, used as a shorthand identifier. |
| membershipRule | String | False |
The rule that defines the criteria for group membership, typically for dynamic groups. |
| membershipRuleProcessingState | String | False |
The current state of processing the membership rule, such as 'NotStarted' or 'Running'. |
| onPremisesDomainName | String | False |
The domain name associated with the group for on-premises synchronization. |
| onPremisesLastSyncDateTime | Datetime | False |
The date and time when the group was last synced with on-premises Active Directory. |
| onPremisesProvisioningErrors | String | False |
Details about any provisioning errors encountered during on-premises synchronization. |
| onPremisesSamAccountName | String | False |
The Security Account Manager (SAM) account name associated with the group for on-premises Active Directory. |
| onPremisesSecurityIdentifier | String | False |
The security identifier (SID) of the group for on-premises synchronization. |
| onPremisesSyncEnabled | Bool | False |
Indicates if the group is configured for synchronization with on-premises Active Directory. |
| preferredDataLocation | String | False |
The preferred geographic location for the group's data, such as 'US' or 'Europe'. |
| preferredLanguage | String | False |
The default language for the group, used for communications and notifications. |
| proxyAddresses | String | False |
A collection of proxy addresses assigned to the group, used for email routing. |
| renewedDateTime | Datetime | False |
The most recent date and time when the group was renewed, if applicable. |
| securityEnabled | Bool | False |
Indicates if the group is a security-enabled group, allowing it to be used for access control. |
| securityIdentifier | String | False |
The security identifier (SID) of the group in Azure Active Directory. |
| serviceProvisioningErrors | String | False |
Details about any errors encountered during service provisioning for the group. |
| theme | String | False |
The theme associated with the group, often used for branding or categorization. |
| unseenCount | Int | False |
The number of items, such as notifications or messages, that remain unseen by the group. |
| visibility | String | False |
The visibility level of the group, such as 'Public', 'Private', or 'HiddenMembership'. |