New-AzureADMSGroup
This article provides migration details from New-AzureADMSGroup command to Microsoft Graph PowerShell.
Summary
- Azure AD Command: New-AzureADMSGroup
- Azure AD Module: AzureAD
- Microsoft Graph Command: New-MgGroup (Community Examples)
- Graph Module: Microsoft.Graph.Groups
- Graph Endpoint: POST /groups
Permissions
| Permission type | Least privileged permissions | Higher privileged permissions |
|---|---|---|
| Delegated (work or school account) | Group.ReadWrite.All | Directory.ReadWrite.All |
| Delegated (personal Microsoft account) | Not supported. | Not supported. |
| Application | Group.Create | Directory.ReadWrite.All, Group.ReadWrite.All |
View more details on permissions.
For an app create a group with owners or members while it has the Group.Create permission, the app must have the privileges to read the object type that it wants to assign as the group owner or member. Therefore:
- The app can assign itself as the group's owner or member.
- To create the group with users as owners or members, the app must have at least the User.Read.All permission.
- To create the group with other service principals as owners or members, the app must have at least the Application.Read.All permission.
- To create the group with either users or service principals as owners or members, the app must have at least the Directory.Read.All permission.
Property Mapping
| Azure AD Name | Microsoft Graph Name |
|---|---|
| Description | Description |
| DisplayName | DisplayName |
| MailEnabled | MailEnabled |
| MailNickName | MailNickName |
| SecurityEnabled | SecurityEnabled |