Muokkaa

Jaa


New-AzureADGroup

This article provides migration details from New-AzureADGroup command to Microsoft Graph PowerShell.

Summary

Permissions

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Group.ReadWrite.All Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Group.Create Directory.ReadWrite.All, Group.ReadWrite.All

View more details on permissions.

For an app create a group with owners or members while it has the Group.Create permission, the app must have the privileges to read the object type that it wants to assign as the group owner or member. Therefore:

  • The app can assign itself as the group's owner or member.
  • To create the group with users as owners or members, the app must have at least the User.Read.All permission.
  • To create the group with other service principals as owners or members, the app must have at least the Application.Read.All permission.
  • To create the group with either users or service principals as owners or members, the app must have at least the Directory.Read.All permission.

Property Mapping

Azure AD Name Microsoft Graph Name
Description Description
DisplayName DisplayName
MailEnabled MailEnabled
MailNickName MailNickName
SecurityEnabled SecurityEnabled