![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 85%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,225 questions
As explained in the documentation, the Graph API will return null values for attributes it does not have permissions to read:
When an application queries a relationship that returns a directoryObject type collection, if it doesn't have permission to read a certain resource type, members of that type are returned but with limited information. For example, only the @odata.type property for the object type and the id is returned, while other properties are indicated as
null. With this behavior, applications can request the least privileged permissions they need, rather than rely on the set of Directory.* permissions. For details, see Limited information returned for inaccessible member objects.
If you want the full set of details, you will need to grant additional permissions, depending on the set of members. For best results, you want to cover both user and group objects, and depending on the goal, devices and service principals as well. For more details, refer to the link above: https://learn.microsoft.com/en-us/graph/permissions-overview?tabs=http#limited-information-returned-for-inaccessible-member-objects
