Create a SharePoint Team Site via Microsoft Graph

SharePoint Team Sites are the backbone of departmental, project, and committee collaboration in Microsoft 365. Each Team Site is backed by a Microsoft 365 Group that controls membership, mailbox, calendar, Planner plan, and — optionally — a Microsoft Teams team. When IT is asked to "stand up a site for a team," the cleanest path is to create a Group-connected Team Site, because permissions, licensing, and lifecycle policies (retention, expiration, sensitivity labels) then flow through a single object.

Run this recipe when a business unit requests a new collaboration workspace, when provisioning a project site that needs owners and members from day one, or when scripting bulk site creation as part of onboarding a new department or acquisition.

Why the Graph API path?

Creating the Microsoft 365 Group via Graph (POST /groups with groupTypes: ["Unified"]) automatically provisions the SharePoint site at https://<tenant>.sharepoint.com/sites/<mailNickname>. This is faster, more reproducible, and avoids the inconsistent behavior of the classic /sites/add endpoint (which creates site-only, not Group-connected, sites).

• A new Microsoft 365 Group named after the site, with a chosen primary owner.
• An automatically provisioned SharePoint Team Site reachable at https://{tenant}.sharepoint.com/sites/{mailNickname}.
• A default document library, OneNote notebook, Planner plan, and shared mailbox tied to the group.
• Site visibility set to Private (or Public) per the request.
• Audit trail of the creation event in the Microsoft 365 audit log and group creation activity.

Gotchas & warnings

• Verify the owner exists first. Looking up the owner by UPN before creation prevents half-provisioned groups with no owner. A common mistake is assuming a domain (e.g. @contoso.com) that doesn't match the tenant's actual verified domain.
• Name collisions. Always GET /groups?$filter=displayName eq '...' before creating. Duplicate display names are technically allowed but cause user confusion; duplicate mailNickname values will fail outright.
• mailNickname rules. Must be unique across the tenant, no spaces, limited special characters. Leading digits are allowed but some older clients render them poorly — prefer alphabetic prefixes when possible.
• Group creation may be restricted. If your tenant has Group creation restricted to a specific security group (a common governance setting), the service principal or admin running this call must be in that group.
• Sensitivity labels & naming policies. If Azure AD group naming policy is enabled, your displayName and mailNickname may be auto-prefixed/suffixed. Confirm the resulting site URL after creation.
• Provisioning delay. The SharePoint site can take 30–120 seconds to fully provision after the group is created. Do not assume the site URL is immediately reachable.
• Deletion is soft. Deleting the group soft-deletes the site for 30 days. Don't create test sites in production without a cleanup plan.