What do below API calls do?
https://graph.microsoft.com/v1.0/me/memberOf
https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}/memberOf
These API calls gives us the list of groups and directory roles that the user is a direct member of.
JSON response:
{ "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#directoryObjects", "value": [ { "@odata.type": "#microsoft.graph.group", "id": "b0a133d4-3f3d-4990-be22-879151155f19", "deletedDateTime": null, "classification": null, "createdDateTime": null, "creationOptions": [], "description": null, "displayName": null, "expirationDateTime": null, "groupTypes": [], "isAssignableToRole": null, "mail": null, "mailEnabled": null, "mailNickname": null, "membershipRule": null, "membershipRuleProcessingState": null, } }
What is the reason behind seeing null values?
When we make a call to https://graph.microsoft.com/v1.0/me/memberOf or https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}memberOf in certain situations we find null values for few attributes as shown in the above JSON response. In the above response, we only see the value for GroupId and all other attributes are of null values. When an application queries the membership of a container object and does not have permission to read a certain type, members of that type are returned but with limited information. The application receives a 200 response and a collection of objects. Complete information is returned for the object types that the application has permissions to read. For the object types which the application does not have permission to read, only the object type and ID are returned.
Resolution:
When an application queries a relationship that returns a directoryObject type collection, if it does not have permission to read a certain derived type, members of that type are returned but with limited information. To read all the other group information, you would also need to configure at least Directory.Read.All permission in your application.
References:
Limited information returned for inaccessible member objects