This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(198.4, 46%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESE%3C/text%3E%3C/svg%3E)
I am attempting to make a Graph PATCH call to update the "description" property on a Security group in Azure AD. The following works fine if the group is a Microsoft 365 (Unified) group:
PATCH /v1.0/groups/b6a17a50-9dc2-47f5-b3ec-15e3f0ca5276 HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer eyJ0.......
Content-Type: application/json
Content-Length: 91
{
"description": "Updated description",
"@odata.type": "microsoft.graph.group"
}
but if the group is a security group, I get the following error:
{
"error": {
"code": "Request_BadRequest",
"message": "Property creationOptions should not be set.",
"details": [
{
"code": "PropertyShouldNotBeSet",
"message": "Property creationOptions should not be set.",
"target": "creationOptions"
}
],
"innerError": {
"date": "2022-07-15T19:05:23",
"request-id": "172e17eb-b75a-471f-8de1-afa17b9d6350",
"client-request-id": "172e17eb-b75a-471f-8de1-afa17b9d6350"
}
}
}
Is it possible to update the description of an Azure AD Security group via Graph API? And if so, how?
Sure, as long as it's "plain" cloud-created security group. Here's an example for one such group via the Graph explorer:
If the group is synced from on-premises or it's a mail-enabled security group, you cannot use Graph to update its properties.
OK, you pointed me in the right direction. Here is how I created a security group, which I can't update the description. It was created in Azure AD directory via Graph API. Property mailEnabled=false. However, I was setting resourceBehaviorOptions": ["WelcomeEmailDisabled"] since I was setting the same thing for Unified groups. Removing this resolved the issue.
POST /v1.0/groups HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer ey...
Content-Type: application/json
Content-Length: 552
{
"resourceBehaviorOptions": [
"WelcomeEmailDisabled"
],
"description": "My Description",
"displayName": "Test Security Group",
"groupTypes": [],
"mailEnabled": false,
"mailNickname": "GroupReadWriteTestsSecurity_ShayneOwner",
"securityEnabled": true,
"@odata.type": "microsoft.graph.group",
"owners@odata.bind": [
"https://graph.microsoft.com/v1.0/users/2e49c4f1-243a-4e4c-a7a9-e42ab3f0c449"
]
}
When creating a security group via Graph API, don't set the resourceBehaviourOptions property to "WelcomeEmailDisabled", even if mailEnabled is set to "false". Otherwise, you could experience the "Property creationOptions should not be set." when attempting to change the name or description of the security group at a later time.