Sure, as long as it's "plain" cloud-created security group. Here's an example for one such group via the Graph explorer:
If the group is synced from on-premises or it's a mail-enabled security group, you cannot use Graph to update its properties.
This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
I am attempting to make a Graph PATCH call to update the "description" property on a Security group in Azure AD. The following works fine if the group is a Microsoft 365 (Unified) group:
PATCH /v1.0/groups/b6a17a50-9dc2-47f5-b3ec-15e3f0ca5276 HTTP/1.1
Host: graph.microsoft.com
Authorization: Bearer eyJ0.......
Content-Type: application/json
Content-Length: 91
{
"description": "Updated description",
"@odata.type": "microsoft.graph.group"
}
but if the group is a security group, I get the following error:
{
"error": {
"code": "Request_BadRequest",
"message": "Property creationOptions should not be set.",
"details": [
{
"code": "PropertyShouldNotBeSet",
"message": "Property creationOptions should not be set.",
"target": "creationOptions"
}
],
"innerError": {
"date": "2022-07-15T19:05:23",
"request-id": "172e17eb-b75a-471f-8de1-afa17b9d6350",
"client-request-id": "172e17eb-b75a-471f-8de1-afa17b9d6350"
}
}
}
Is it possible to update the description of an Azure AD Security group via Graph API? And if so, how?
Sure, as long as it's "plain" cloud-created security group. Here's an example for one such group via the Graph explorer:
If the group is synced from on-premises or it's a mail-enabled security group, you cannot use Graph to update its properties.
When creating a security group via Graph API, don't set the resourceBehaviourOptions property to "WelcomeEmailDisabled", even if mailEnabled is set to "false". Otherwise, you could experience the "Property creationOptions should not be set." when attempting to change the name or description of the security group at a later time.