With Microsoft offering Microsoft 365 Groups in their online offering, we as SharePoint administrators, have had to adjust with new ways of administrating the platform from the traditional on-premises environments we have been used to for so many years. Normally, if you were a Site Collection Administrator, you had access to all the sites in that site collection. However, even if you’re a Global Administrator in Microsoft 365, you don’t have access to private Microsoft 365 Group content. To access metadata about a private Microsoft 365 Group, we need to use a combination of the Microsoft Graph, and Azure Apps to give us permission to the APIs.
Firstly, in order to allow our REST API call to the Graph to have higher privileges, we need to authenticate against our Azure app. I explained how to authenticate with Microsoft Graph using Power Automate in a previous post.
The first call I make is actually using a REST API call to Azure AD Graph. I don’t have the ID of the Microsoft 365 Group, but I have the name of the Group, which I will use to get the ID. I use Odata to filter my REST API request to select the Group by writing displayName%20eq%20’GroupName’. It is important if your Group has special characters that you encode the name. For example, if GroupName had a space in the middle of the words, it would be Group%20Name.
The returned data will give you the Group ID, email and description among other metadata. In order to find the owners of the group, we need to make a call to the Microsoft Graph using the Group ID. The Group ID is also known as the objectId in the returned JSON.
You are not stuck with just having to get the owners of the group. Once you have the Group ID you can also get the visibility of a group, the time it was created, and you can delete the group or add people to the group. For more information on what you can do with Groups within Microsoft Graph, you can view the Microsoft documentation here.