How to authenticate Graph API to get members of a Microsoft tenant from a PME tenant service

Yu Kang 0 Reputation points Microsoft Employee
2024-06-11T16:28:05.0833333+00:00

Hello,

I have a service that needs to call the Graph API to retrieve the members of a specific group in a Microsoft tenant. Due to security requirements, I need to move the service to a PME tenant.

What is the authentication process to make Graph API calls from a PME tenant? Do I need to request a service principal in the PME tenant and grant it Graph API read permissions?

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,820 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. CarlZhao-MSFT 44,766 Reputation points
    2024-06-12T09:23:17.69+00:00

    Hi @Yu Kang

    Yes, you need to grant GroupMember.Read.All application permission to your service principal in the PME tenant and grant administrator consent for this permission.

    Next, authenticate your service principal using the client credentials flow to obtain an access token, and then use the token as a request header to call the GET /groups/{id}/members API to get the list of members of a specific group.

    Hope this helps.

    If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.