CODEWITHSUNDEEP
c#.net-coreazure-active-directorymicrosoft-graph-api
NewBieDevRo
NewBieDevRo

Reputation: 497

Make an API call on the group info change in Azure AD

I am trying to get notification(probably alert a third party api on any change) when any users group info changes in Azure Ad.

I read about the subscriptions in Microsoft Graph, but from what I read it is per user.

Is it possible to get the group changes for all the users in a tenancy, either by Microsoft graph or any other method?

Thanks in advance.

Upvotes: 2

Views: 1162

Answers (1)

Philippe Signoret
Philippe Signoret

Reputation: 14336

Using Microsoft Graph change notifications, You can create a subscription (aka webhook) on all groups (i.e. an update subscription on the groups resource). This will include notifications for any group membership changes.

Creating the subscription:

POST https://graph.microsoft.com/v1.0/subscriptions

{
  "changeType": "updated",
  "notificationUrl": "https://www.example.com/notifications",
  "resource": "groups",
  "expirationDateTime": "2019-04-06T14:55:47.082Z"
}

In this example notification, the object with id "4300f326-4062-4daf-9b91-018f82e87361" was added to the group with id4f747e07-50c1-4797-8eba-a2bb7104bfc4:

{
    "value": [
        {
            "changeType": "updated",
            "clientState": null,
            "resource": "Groups/4f747e07-50c1-4797-8eba-a2bb7104bfc4",
            "resourceData": {
                "@odata.type": "#Microsoft.Graph.Group",
                "@odata.id": "Groups/4f747e07-50c1-4797-8eba-a2bb7104bfc4",
                "id": "4f747e07-50c1-4797-8eba-a2bb7104bfc4",
                "organizationId": "1c411c5e-78cc-4e89-af5e-169408a540b8",
                "sequenceNumber": 636899867048350977,
                "members@delta": [
                    {
                        "id": "4300f326-4062-4daf-9b91-018f82e87361"
                    }
                ]
            },
            "subscriptionExpirationDateTime": "2019-04-06T14:55:47.082+00:00",
            "subscriptionId": "448ed5dc-73e9-4c5a-9d4f-94bd7c5dd762",
            "tenantId": "1c411c5e-78cc-4e89-af5e-169408a540b8"
        }
    ]
}

An here, that same user was removed from the group (note the @removed attribute in the item in members@delta):

{
    "value": [
        {
            "changeType": "updated",
            "clientState": null,
            "resource": "Groups/4f747e07-50c1-4797-8eba-a2bb7104bfc4",
            "resourceData": {
                "@odata.type": "#Microsoft.Graph.Group",
                "@odata.id": "Groups/4f747e07-50c1-4797-8eba-a2bb7104bfc4",
                "id": "4f747e07-50c1-4797-8eba-a2bb7104bfc4",
                "organizationId": "1c411c5e-78cc-4e89-af5e-169408a540b8",
                "sequenceNumber": 636899869819085879,
                "members@delta": [
                    {
                        "id": "4300f326-4062-4daf-9b91-018f82e87361",
                        "@removed": "deleted"
                    }
                ]
            },
            "subscriptionExpirationDateTime": "2019-04-06T14:55:47.082+00:00",
            "subscriptionId": "448ed5dc-73e9-4c5a-9d4f-94bd7c5dd762",
            "tenantId": "1c411c5e-78cc-4e89-af5e-169408a540b8"
        }
    ]
}

Upvotes: 3

Related Questions