แก้ไข

แชร์ผ่าน


Update groupSetting

Namespace: microsoft.graph

Update the properties of a groupSetting object for tenant-wide group settings or a specific group setting.

This API is available in the following national cloud deployments.

Global service US Government L4 US Government L5 (DOD) China operated by 21Vianet

Permissions

The following tables show the least privileged permission or permissions required to call this API on each supported resource type. Follow best practices to request least privileged permissions. For details about delegated and application permissions, see Permission types. To learn more about these permissions, see the permissions reference.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Directory.ReadWrite.All Not available.
Delegated (personal Microsoft account) Not supported. Not supported.
Application Directory.ReadWrite.All Not available.

The following permissions are required to update the "Consent Policy Settings" directorySetting object.

Permission type Least privileged permissions Higher privileged permissions
Delegated (work or school account) Policy.ReadWrite.Authorization Directory.ReadWrite.All
Delegated (personal Microsoft account) Not supported. Not supported.
Application Policy.ReadWrite.Authorization Directory.ReadWrite.All

Important

In delegated scenarios with work or school accounts, the signed-in user must be assigned a supported Microsoft Entra role or a custom role with a supported role permission. The following least privileged roles are supported for this operation.

  • Read basic properties on setting templates and settings - Microsoft Entra Joined Device Local Administrator, Directory Readers, Global Reader
  • Manage all group/directory settings - Directory Writers
  • Manage global and local settings for groups; manage Group.Unified.Guest and Group.Unified settings - Groups Administrator
  • Update Password Rule Settings - Authentication Policy Administrator
  • Update settings, Read basic properties on setting templates and settings - User Administrator

HTTP request

Update a tenant-wide setting.

PATCH /groupSettings/{groupSettingId}

Update a group-specific setting.

PATCH /groups/{groupId}/settings/{groupSettingId}

Request headers

Name Description
Authorization {token}. Required.
Content-Type application/json

Request body

In the request body, supply the values for relevant fields that should be updated.

Property Type Description
values settingValue collection The updated set of values. You must include the entire collection set. You cannot update a single set of values.

Response

If successful, this method returns a 204 No Content response code.

Examples

Example 1: Update a tenant-wide group setting

In this example, 84af2ca5-c274-41bf-86e4-6e374ec4def6 is the identifier of the tenant-wide groupSetting object.

Request

PATCH https://graph.microsoft.com/v1.0/groupSettings/84af2ca5-c274-41bf-86e4-6e374ec4def6
Content-type: application/json

{
    "values": [
        {
            "name": "AllowToAddGuests",
            "value": "false"
        }
    ]
}

Response

HTTP/1.1 204 No Content

Example 2: Update a specific group setting

In this example, 0167b5af-f3d1-4910-82d2-398747fa381c is the identifier of the group, and fa6df613-159b-4f94-add2-7093f961900b is the identifier of the groupSetting object.

Request

PATCH https://graph.microsoft.com/v1.0/groups/0167b5af-f3d1-4910-82d2-398747fa381c/settings/fa6df613-159b-4f94-add2-7093f961900b
Content-type: application/json

{
  "values": [
    {
      "name": "AllowToAddGuests",
      "value": "true"
    }
  ]
}

Response

HTTP/1.1 204 No Content