![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 12%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EZZ%3C/text%3E%3C/svg%3E)
Microsoft Teams Development
Microsoft Teams: A Microsoft customizable chat-based workspace.Development: The process of researching, productizing, and refining new or existing technologies.
3,230 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(166.4, 5%, 26%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPS%3C/text%3E%3C/svg%3E)
The documentation for the API is inaccurate--we'll fix that as soon as possible. Thanks for bringing this up!
The minimum permission required to list group members is GroupMember.Read.All, and this permission required admin consent. (Note: If your scenario is specifically for groups which are also teams, the permission TeamMember.Read.All might be sufficient, but it still requires admin consent by default, and you'd need to use the API to list team members.)
So the answer is no, there is no way to list team members for all teams or groups, which does not require admin consent by default.
GroupMember.Read.All allows listing all groups' membership, and allows reading the basic properties of all groups. It does not allow reading the properties of a group's member objects, unless the member object happens to be another group.
Suppose we had a group with three member objects: a user "Alice", another group "G2", and a service principal "App A".
With an app which has only been granted GroupMember.Read.All, you would see this:
GET https://graph.microsoft.com/v1.0/groups/{id}/members?$select=id,displayName
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects(id,displayName)",
"value": [
{
"@odata.type": "#microsoft.graph.user",
"id": "8401fd0e-d9d9-4b02-8019-55f0c9707097",
"displayName": null
},
{
"@odata.type": "#microsoft.graph.servicePrincipal",
"id": "5a721aec-a180-45f1-8514-bbe7f5073111",
"displayName": null
},
{
"@odata.type": "#microsoft.graph.group",
"id": "93809827-fbaa-4de3-9670-1df2c7b6d7cc",
"displayName": "G2"
}
]
}
Note that for the user and the service principal, you get the id, but the displayName is null.
If the app had both GroupMember.Read.All and User.ReadBasic.All, here's what you'd see:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects(id,displayName)",
"value": [
{
"@odata.type": "#microsoft.graph.user",
"id": "8401fd0e-d9d9-4b02-8019-55f0c9707097",
"displayName": "Alice"
},
{
"@odata.type": "#microsoft.graph.servicePrincipal",
"id": "5a721aec-a180-45f1-8514-bbe7f5073111",
"displayName": null
},
{
"@odata.type": "#microsoft.graph.group",
"id": "93809827-fbaa-4de3-9670-1df2c7b6d7cc",
"displayName": "G2"
}
]
}
Notice that now you see the display names for both the user and the group, but you still don't see the display name for the service principal.
Finally, if the app had GroupMember.Read.All and User.ReadBasic.All and Application.Read.All (the last one is the minimum permission to read service principals), now you'd get the following:
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#directoryObjects(id,displayName)",
"value": [
{
"@odata.type": "#microsoft.graph.user",
"id": "8401fd0e-d9d9-4b02-8019-55f0c9707097",
"displayName": "Alice"
},
{
"@odata.type": "#microsoft.graph.servicePrincipal",
"id": "5a721aec-a180-45f1-8514-bbe7f5073111",
"displayName": "App A"
},
{
"@odata.type": "#microsoft.graph.group",
"id": "93809827-fbaa-4de3-9670-1df2c7b6d7cc",
"displayName": "G2"
}
]
}
Notice that now you can read the display name of all three member objects.