Enabling manipulation of Azure Active Directory groups through Web Applications via the Azure Graph SDK

In your application(s) (plural if you're using a web / native application delegating to a Web Services API which is doing the actual work), you'll need to go into their pages in the Azure Active Directory management page. Once there, edit the permissions of the applications to include the following:

Under the delegated-to application:

• Under "Application Permissions", select:
• Read and write domains
• Read and write directory data
• Read directory data
• Under "Delegated Permissions", select:
• Read and write directory data
• Read and write all groups
• Read all groups
• Access the directory as the signed-in user
• Read directory data

Under the top-level application:

• Under "Delegated permissions", select:
• Read and write directory data 
• Read and write all groups 
• Read all groups 
• Access the directory as the signed-in user 
• Read directory data