You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Check for membership in a specified list of group IDs, and return from that list those groups (identified by IDs) of which the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md) is a member. This function is transitive.
17
+
Check for membership in a specified list of [group](../resources/group.md) IDs, and return from that list the IDs of groups where a specified object is a member. The specified object can be of one of the following types:
You can check up to a maximum of 20 groups per request. This function supports all groups provisioned in Microsoft Entra ID. Because Microsoft 365 groups cannot contain other groups, membership in a Microsoft 365 group is always direct.
20
28
@@ -26,47 +34,68 @@ One of the following permissions is required to call this API. To learn more, in
26
34
27
35
### Group memberships for a directory object
28
36
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
29
-
| Permission type | Permissions (from least to most privileged) |
> The *Directory.\** permissions allow you to retrieve any supported directory object type via this API. To retrieve only a specific type, you can use permissions specific to the resource.
34
45
35
46
### Group memberships for the signed-in user
47
+
36
48
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
37
-
|Permission type| Permissions (from least to most privileged) |
38
-
|:-|:-|
39
-
|Delegated (work or school account)|User.Read, User.ReadBasic.All, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
40
-
|Delegated (personal Microsoft account)|Not supported.|
|Delegated (work or school account)|User.Read|User.ReadBasic.All and GroupMember.Read.All, User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All |
52
+
|Delegated (personal Microsoft account)|Not supported.|Not supported.|
53
+
|Application|Not supported.|Not supported.|
42
54
43
55
### Group memberships for other users
56
+
44
57
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
45
-
|Permission type| Permissions (from least to most privileged) |
46
-
|:-|:-|
47
-
|Delegated (work or school account)|User.ReadBasic.All, User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
48
-
|Delegated (personal Microsoft account)|Not supported.|
|Delegated (work or school account)|User.ReadBasic.All and GroupMember.Read.All|User.Read.All and GroupMember.Read.All, User.ReadBasic.All and Group.Read.All, User.Read.All and Group.Read.All, Directory.Read.All |
61
+
|Delegated (personal Microsoft account)|Not supported.|Not supported.|
62
+
|Application|User.ReadBasic.All and GroupMember.Read.All|User.Read.All and GroupMember.Read.All, User.Read.All and Group.Read.All, Directory.Read.All|
50
63
51
64
### Group memberships for a group
65
+
52
66
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
53
-
|Permission type| Permissions (from least to most privileged) |
54
-
|:-|:-|
55
-
|Delegated (work or school account)|GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All |
56
-
|Delegated (personal Microsoft account)|Not supported.|
Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified [user](../resources/user.md), [group](../resources/group.md), [service principal](../resources/serviceprincipal.md), [organizational contact](../resources/orgcontact.md), [device](../resources/device.md), or [directory object](../resources/directoryobject.md). This method is transitive.
18
+
Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified
> The *Directory.\** permissions allow you to retrieve any supported directory object type via this API. To retrieve only a specific type, you can use permissions specific to the resource.
33
44
34
45
### Memberships for the signed-in user
35
46
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
36
-
|Permission type| Permissions (from least to most privileged) |
|Delegated (work or school account)|User.ReadBasic.All and GroupMember.Read.All|User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All |
58
+
|Delegated (personal Microsoft account)|Not supported.|Not supported.|
59
+
|Application|User.ReadBasic.All and GroupMember.Read.All|User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All|
49
60
50
61
### Memberships for a group
51
62
<!-- { "blockType": "ignored" } // Note: Removing this line will result in the permissions autogeneration tool overwriting the table. -->
52
-
|Permission type| Permissions (from least to most privileged) |
0 commit comments