https://blogs.office.com/2017/04/06/whats-new-in-office-365-groups-for-april-2017/
Hidden membership—If you want group membership to be confidential (for example, if the members are students), you can hide the Office 365 group members from users who aren’t members of the group.
https://technet.microsoft.com/en-us/library/mt219359(v=exchg.160).aspx
New-UnifiedGroup -HiddenGroupMembershipEnabled
Using this exchange online powershell to create O365 group with hidden membership?
Will graph API support it?
Thanks!
This is supported in Microsoft Graph, but the documentation is in the process of being updated for this capability.
To create a group with hidden membership, POST /groups and set "visibility" to "HiddenMembership". Owners and admins can add/remove/list members, but no one else can.
To enable an app (daemon app - no signed-in users) to read the members of a hidden membership group, you need to grant the app the Member.Read.Hidden permission as documented here.
Hope this helps,
Related
I want to manage group membership for a single group in an automated way. My AD administrator has created an app & service principal, but is hesitant to give it GroupMember.ReadWrite.All permission. This permission seems to give ability to manage membership for all groups.
Is there a way to limit permissions or scope to manage membership to a single AD security group?
I think currently this is not possible because, Most of the Graph permissions are tenant-wide, without a way to restrict them in scope.
such as the app access policies we have in Exchange Online: Application access policies
Hope this is Helpful.
When creating a private channel in Microsoft Teams team, do we always have to assign members individually. Can I instead use an AAD group to back my private channel membership?
I understand that the team itself is backed by an AAD group. And that only the members of the team could actually be assigned to a private channel within that team. If I create an AAD group such that it only has member who are also members of the team, can I use that to back my private channel membership?
Currently I don't find a way to add a group to a private channel or I am overlooking things.
Copying answer from comments for better understanding.
You can create a team using Group. Could you please check this API? Currently you can create team from group but there is no API available to create a channel backed by group.
I am developing an app in Microsoft Teams using the App Studio. Towards the end of the proccess, in the section Domains and Permissions, you are allowed to give resource-specific consent permissions such as File.Read.Group. I was wondering where I would use these permissions (Microsoft Graph, Azure AD Graph, ...) to programmatically access an API. As a side question, does anybody know which permission allows the app to manage group members?
Thank you!
Here is a good read on that permissions settings page, those consent permissions are not actually a part of azure ad app registrations as of this articles writing. so that means while they are sort of graph permissions, you would use them against the graph api. They are for specific teams based resource specific permissions.
https://blog.thoughtstuff.co.uk/2020/01/microsoft-teams-has-a-new-more-granular-and-resource-specific-permissions-model-for-apps-what-is-resource-specific-consent-rsc-and-how-do-i-use-it/
the official documentation on the matter: https://learn.microsoft.com/en-us/microsoftteams/platform/graph-api/rsc/resource-specific-consent
as per the microsoft link i don't see a resource specific permission to "edit" groups members.
Anyone please help on how to get all the Office-365 roles and users for example who has got which roles (Azure, O365, SharePoint, etc other workloads …) Using MS Graph endpoint.
Unable able to find MSGraph endpoint to get the roles assigned to a user or a group of users.
Appreciate your help in advance.
You can use List members to retrieve a list of the users that are assigned to the directory role. Similarly, List directoryRoles can be used to get a list of the directory roles that are activated in the tenant.
Please refer to Administrator roles for Microsoft 365 services to determine the roles for which API content is available.
Is there anywhere an OAuth/oidc identity provider (cloud or on-premises) that supports sth. like company groups? I want to group the users in company groups. Every company group should have an company administrator user. The company administrator user should only see the users of his company.
Yes, I've tried miniOrange (Cloud/On-Premise based) who support this Super admin feature and it has worked very well for me. there may be some other Identity Providers in the market like OneLogin, KeyCloak etc. who support this usecase.
In this use case, designating administrators can help you manage your Company Groups and only certain types of administrators can add / remove other admins, post updates, and edit your Company Groups.