For one of my dashboards, I want to show all the users and their (security) groups.

I can call the Graph API just fine (myorganization/users and myorganization/groups) and query it with the OData query filters, but the problem lies in the expanding.

When I use GET /myorganisation/users&expand=memberOf I get an internal server error. (tried both the 1.0, 1.6 and beta API version)

When I use GET /myorganization/groups&expand=members I get a proper response, but the expanded member's list has a maximum of 20 entries (due to Graph API limits)

This poses a problem as I don't want to get all members and loop through their accounts one by one to get their groups. This will take too long (I'm afraid) and will make my application VERY chatting (for 20 users on the screen this means 21 API calls).

I'd love some guidance on how to do this.

No such API is provided, so it won't work.

GET /myorganisation/users&expand=memberOf

The graph api on MemberOf is for specific user but not for users(if you want to get the memberof for user list by this, you need to get the user list first and request the memberOf one by one).

GET https://graph.microsoft.com/users/{id | userPrincipalName}/memberOf

When I use GET /myorganization/groups&expand=members I get a proper response, but the expanded members list has a maximum of 20 entries (due to Graph Api limits)

For by design issue, you need to follow it or just submit an feature request for improvement on the UserVoice.

Summary: Currently, get the user list and then call the Memberof api is the only way for your requirement. For performance, you don't need to get all user but use top/skip to implement paging(This is good UX for most App Design).