Note
Access to this page requires authorization. You can try signing in or changing directories.
Access to this page requires authorization. You can try changing directories.
Namespace: microsoft.graph
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Check for membership in a list of group IDs, administrative unit IDs, or directory role IDs, for the IDs of the specified
This method is transitive.
This API is available in the following national cloud deployments.
| Global service | US Government L4 | US Government L5 (DOD) | China operated by 21Vianet | 
|---|---|---|---|
| ✅ | ✅ | ✅ | ✅ | 
Permissions
One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.
Memberships for a directory object
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | Directory.Read.All | Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | Directory.Read.All | Directory.ReadWrite.All | 
Note
The Directory.* permissions allow you to retrieve any supported directory object type via this API. To retrieve only a specific type, you can use permissions specific to the resource.
Memberships for the signed-in user
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | User.Read | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | Not supported. | Not supported. | 
Memberships for other users
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | User.ReadBasic.All and GroupMember.Read.All | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | User.ReadBasic.All and GroupMember.Read.All | User.Read.All, Directory.Read.All, User.ReadWrite.All, Directory.ReadWrite.All | 
Memberships for a group
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | GroupMember.Read.All | Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | GroupMember.Read.All | Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All | 
Memberships for a service principal
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | Application.Read.All | Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | Application.Read.All | Directory.Read.All, Application.ReadWrite.All, Directory.ReadWrite.All | 
Memberships for an organizational contact
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | Directory.Read.All | Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | Directory.Read.All | Directory.ReadWrite.All | 
Memberships for a device
| Permission type | Least privileged permissions | Higher privileged permissions | 
|---|---|---|
| Delegated (work or school account) | Device.Read.All | Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | 
| Delegated (personal Microsoft account) | Not supported. | Not supported. | 
| Application | Device.Read.All | Device.ReadWrite.All, Directory.Read.All, Directory.ReadWrite.All | 
HTTP request
Memberships for a directory object.
POST /directoryObjects/{id}/checkMemberObjects
Memberships for the signed-in user.
POST /me/checkMemberObjects
POST /users/{id | userPrincipalName}/checkMemberObjects
Note
Calling the /me endpoint requires a signed-in user and therefore a delegated permission. Application permissions aren't supported when using the /me endpoint.
Memberships for other users.
POST /users/{id | userPrincipalName}/checkMemberObjects
Memberships for a group.
POST /groups/{id}/checkMemberObjects
Memberships for a service principal.
POST /servicePrincipals/{id}/checkMemberObjects
Memberships for an organizational contact.
POST /contacts/{id}/checkMemberObjects
Memberships for a device.
POST /devices/{id}/checkMemberObjects
Request headers
| Name | Description | 
|---|---|
| Authorization | Bearer {token}. Required. Learn more about authentication and authorization. | 
| Content-Type | application/json | 
Request body
In the request body, provide a JSON object with the following parameters.
| Parameter | Type | Description | 
|---|---|---|
| ids | String collection | A collection that contains the object IDs of the groups, directory roles, administrative units, or roleTemplate IDs of directory roles, in which to check membership. Up to 20 objects may be specified. | 
Response
If successful, this method returns a 200 OK response code and a new String collection object in the response body.
Examples
The following is an example of how to call this API.
Request
The following example shows a request.
POST https://graph.microsoft.com/beta/me/checkMemberObjects
Content-type: application/json
{
  "ids": [
    "80a963dd-84af-4eb8-b2a6-781e444d4fb0",
    "62e90394-69f5-4237-9190-012177145e10",
    "86a64f51-3a64-4cc6-a8c8-6b8f000c0f52",
    "ac38546e-ddf3-437a-ac5c-27a94cd7a0f1"
  ]
}
Response
The following example shows the response.
Note: The response object shown here might be shortened for readability.
HTTP/1.1 200 OK
Content-type: application/json
{
  "value": [
    "80a963dd-84af-4eb8-b2a6-781e444d4fb0", 
    "62e90394-69f5-4237-9190-012177145e10"
  ]
}