Ok.
After reading the Microsoft documentation. Directory.Read.All
is not enough to get group. user
resource do not include groups.
To get groups you need other permissions.
For “Delegated”:
GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All, Directory.AccessAsUser.All
For “Application”:
GroupMember.Read.All, Group.Read.All, Directory.Read.All, Group.ReadWrite.All, Directory.ReadWrite.All
Have a nice day.