Question on Azure AD and Graph API Adding service principal to a Azure AD group requires directory permissions. It is difficult to get approval for a directory permissions just to add members to a group. Is there a way to achieve automation of creation of AAD groups and adding service principals onto it without directory permissions ?
https://docs.microsoft.com/en-us/graph/api/group-post-members?view=graph-rest-1.0
From and API standpoint short answer would be no. (because permissions should be honored no matter how you try to achieve it)
As a workaround, you could assign a Group Owner which could help your scenario. So that you don't have to give required directory permissions in general but assign someone as an owner for a specific group.
Although, AFAIK, you could assign a group owner to be a user (not a service principal). I tried this out from the Azure Portal.
