Groups
Includes metadata about Microsoft 365 Groups, such as group names, descriptions, email aliases, and visibility settings.
Table Specific Information
Groups require Administrator permissions. To work with them, you must create your own custom OAuth App and set the appropriate OAuthClientId and OAuthClientSecret. In this app, you must configure it to request the Group.Read.All and the Group.ReadWrite.All permissions. This can be done at https://apps.dev.microsoft.com, or in the App Registrations panel at http://portal.azure.com. See Creating an Entra ID (Azure AD) Application for more details on creating a custom app.
To authorize Groups permissions, an administrator must grant the Groups permissions for your organization at large. This can be done via the
administrator authorization endpoint. Simply have the administrator navigate to the following web page and grant permissions. Then
run the OAuth authorization as normal afterwards.
https://login.microsoftonline.com/common/adminconsent?client_id=[YourClientId]&redirect_uri=http://localhost:33333
Note that if your organization has multiple tenants, you may replace the /common/ in the url with the tenant id to indicate which tenant to grant permissions for.
Select
Retrieve all groups, specify a GroupId (Id), or simply filter by a certain column:
SELECT * FROM Groups WHERE Id = 'Group Id here' SELECT Id, Description, DisplayName FROM Groups WHERE DisplayName = 'test'
Insert
The following are required to create a new Security Group:
INSERT INTO Groups (DisplayName, MailEnabled, MailNickname, SecurityEnabled) VALUES ('Test group', false, 'test', true)
Columns
| Name | Type | ReadOnly | References | Description |
| id [KEY] | String | True |
Globally Unique Identifier (GUID) for the Microsoft 365 group. | |
| Etag | String | False |
Entity tag value used for optimistic concurrency checks on the group record. | |
| deletedDateTime | Datetime | False |
Date and time when the group was soft deleted. Null if the group is active. | |
| allowExternalSenders | Bool | False |
Indicates whether people outside the organization can send email to the group. | |
| assignedLabels | String | False |
Sensitivity labels currently applied to the group, stored in JSON format. | |
| assignedLicenses | String | False |
List of Azure Active Directory license SKUs that have been assigned to the group. | |
| autoSubscribeNewMembers | Bool | False |
Indicates whether any new member added to the group is automatically subscribed to receive email conversations. | |
| classification | String | False |
Data classification label, such as Public or Confidential, that the organization has applied to the group. | |
| createdDateTime | Datetime | False |
Timestamp indicating when the group was created. | |
| description | String | False |
Optional text describing the group's purpose or intended use. | |
| displayName | String | False |
Friendly display name for the group as shown in address books. | |
| expirationDateTime | Datetime | False |
Date and time when the group expires and is deleted if it is not renewed. | |
| groupTypes | String | False |
Collection that defines the group type. Accepted values are Unified for Microsoft 365 groups, DynamicMembership for dynamic groups. | |
| hasMembersWithLicenseErrors | Bool | False |
Indicates whether any group members have license assignment errors. | |
| hideFromAddressLists | Bool | False |
Indicates whether the group is hidden from the global address list. | |
| hideFromOutlookClients | Bool | False |
Indicates whether the group does not appear in Outlook clients. | |
| isArchived | Bool | False |
Indicates whether the group has been archived in Microsoft Teams. | |
| isSubscribedByMail | Bool | False |
Indicates whether the current user is subscribed to receive email for this group. | |
| licenseProcessingState_state | String | False |
Current status of processing group-based license assignments, such as InProgress or Completed. | |
| String | False |
Primary SMTP address of the group. | ||
| mailEnabled | Bool | False |
Indicates whether the group is configured to receive mail. Combined with securityEnabled determines group category. | |
| mailNickname | String | False |
Alias for the group that is unique within the organization and forms the local part of its email address. | |
| membershipRule | String | False |
Rule expression that defines the dynamic group membership, written in Azure Active Directory rule syntax. | |
| membershipRuleProcessingState | String | False |
Processing state of the dynamic membership rule, such as On or Paused. | |
| onPremisesDomainName | String | False |
Domain name where the corresponding on-premises group is located. | |
| onPremisesLastSyncDateTime | Datetime | False |
Timestamp when the group was last synchronized from the on-premises directory. | |
| onPremisesNetBiosName | String | False |
NetBIOS name of the on-premises domain for the group. | |
| onPremisesProvisioningErrors | String | False |
Collection of errors encountered during on-premises synchronization provisioning. | |
| onPremisesSamAccountName | String | False |
Security Account Manager (SAM) account name of the on-premises group. | |
| onPremisesSecurityIdentifier | String | False |
On-premises security identifier (SID) that maps to the cloud group. | |
| onPremisesSyncEnabled | Bool | False |
Indicates whether the group continues to be synchronized from the on-premises directory. | |
| preferredDataLocation | String | False |
Azure geography where the group's SharePoint and OneDrive data is stored. | |
| preferredLanguage | String | False |
Default language tag, for example en-US, used in group communications. | |
| proxyAddresses | String | False |
Set of proxy email addresses assigned to the group, such as SMTP:[email protected], sip:[email protected]. | |
| renewedDateTime | Datetime | False |
Timestamp when the group was last renewed through lifecycle policy. | |
| securityEnabled | Bool | False |
Indicates whether the group is security-enabled. When true and mailEnabled is also true, the group is a mail-enabled security group. | |
| securityIdentifier | String | False |
SID assigned to the group in Azure Active Directory. | |
| theme | String | False |
Custom theme identifier applied to the group in SharePoint or Teams. | |
| unseenCount | Int | False |
Number of group posts that the current user has not yet read. | |
| visibility | String | False |
Defines who can see the group. Possible values are Private, Public, HiddenMembership, or empty (interpreted as Public). |