Create Azure Active Directory Dynamic Group with Microsoft Graph API using Power Automate(Flow)
As I could not find anything relating to Graph API without using PowerShell, I decided to write a quick post about how to create a HTTP step in Flow to create a dynamic group in Azure AD via API using JSON.
Before you begin — this requires Active Directory OAuth — If you don’t have Client ID and Client Secret, you need to create an Active Directory application and grant permissions to create/edit and update groups in your tenant. Here is a helpful article on how to do that https://docs.microsoft.com/en-us/azure/active-directory/develop/howto-create-service-principal-portal
Explanation
The settings described below
description, displayName, mailNickname(for email, the first part of the domain) — basic group settings
groupType — unified is for Microsoft365 groups and dynamic group for it to actually be dynamic
mailEnabled — if you want to send e-mails to the group
membershipRule — the rule that you add members with. It’s useful to create a dynamic group in AzureAD portal as a test with your required rule, then use a GET request to https://graph.microsoft.com/beta/groups/{ID-of-group} using Graph Explorer and see the syntax as it will return the rule in the correct syntax. It definately helped me a lot.
membershipRuleProcessingState — if you want to continue to process or stop processing the membership rule
securityEnabled — if used also as a security group
visibility — Private or Public — depending on your requirements
“resourceBehaviorOptions” “WelcomeEmailDisabled” and/or “SubscriptionEnabled” — to disable the welcome e-mail that all members get when they join the group. Usually creating a group via API means bulk — so this is important.
All values for resourceBehaviorOptions courtesy of https://techcommunity.microsoft.com/t5/microsoft-365-groups/setting-unified-group-properties-via-api/m-p/88101
- AllowOnlyMembersToPost
- CalendarMemberReadOnly
- ConnectorsEnabled
- HideGroupInOutlook
- NotebookForLearningCommunitiesEnabled
- ReportToOriginator
- SharePointReadonlyForMembers
- SubscriptionEnabled
- SubscribeMembersToCalendarEvents
- SubscribeMembersToCalendarEventsDisabled
- SubscribeNewGroupMembers
- WelcomeEmailDisabled
- WelcomeEmailEnabled
Screenshot of FLOW
JSON Code
{
“description”: “TestDynamic”,
“displayName”: “TestDynamic”,
“groupTypes”: [
“DynamicMembership”,
“Unified”
],
“mail”: “TestDynamic@test.com”,
“mailEnabled”: true,
“membershipRule”: “(user.mail -contains \”test@test.com\”)”,
“membershipRuleProcessingState”: “On”,
“securityEnabled”: true,
“visibility”: “Private”,
“resourceBehaviorOptions”: [
“WelcomeEmailDisabled”
]
}
Hope this helps,