Hi @Yu Kang
Yes, you need to grant GroupMember.Read.All
application permission to your service principal in the PME tenant and grant administrator consent for this permission.
Next, authenticate your service principal using the client credentials flow to obtain an access token, and then use the token as a request header to call the GET /groups/{id}/members
API to get the list of members of a specific group.
Hope this helps.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.