Notifications for changes in user data in Azure AD

Question

I created a subscription in Azure AD for receiving notification when a user is deleted. But I'm not receiving any notifications when I delete or update a user. I got 201 code, so every thing is ok. I've been waiting for more than 24 hours !

{
    "@odata.context": "https://graph.microsoft.com/v1.0/$metadata#subscriptions/$entity",
    "id": "5bfc6bc2-a4bd-4e03-b420-7f5f72158dab",
    "resource": "users",
    "applicationId": "4547857b-a6ce-424f-8f71-d1f0c8050c59",
    "changeType": "updated,deleted",
    "clientState": null,
    "notificationUrl": "https://8ffa2519154d.ngrok.io/azure/notifications",
    "expirationDateTime": "2020-09-16T11:05:00Z",
    "creatorId": "78f2eabd-f0a5-4350-b541-ef9edb47ae80",
    "latestSupportedTlsVersion": "v1_2"
}

Answer 1

A colleague of mine pointed out today that the "delete" change notification is not triggered until users go in and "Permanently delete" the deleted users.

Answer 2

If you want to set up notifications for changes in user data, please refer to the following steps.

1. Create a webhook. I sue Azure function node httptrigger as webhook

a. define INotification.ts to receive notification data

export interface INotificationResourceData {
  id: string;
  "@odata.type": string;
  "@odata.id": string;
  "@odata.etag": string;
}

export interface INotification {
  subscriptionId: string;
  subscriptionExpirationDateTime: string;
  tenantId: string;
  changeType: string;
  clientState: string;
  resource: string;
  resourceData: INotificationResourceData;
}

export interface INotificationsPayload {
  value: INotification[];
}

b. function code

import { AzureFunction, Context, HttpRequest } from "@azure/functions";
import { INotificationsPayload } from "../entities/INotification";

const httpTrigger: AzureFunction = async function (
  context: Context,
  req: HttpRequest
): Promise<void> {
  context.log("HTTP trigger function processed a request.");
  // Validate the subscription creation
  if (req.query.validationToken) {
    context.log("Validating new subscription...");
    context.log("Validation token:");
    context.log(req.query.validationToken);
    context.res = {
      headers: {
        "Content-Type": "text/plain",
      },
      body: req.query.validationToken,
    };
  } else {
    context.log("Received new notification from Microsoft Graph...");
    context.log("Notifications: ");
    const payload = req.body as INotificationsPayload;
    payload.value.forEach((n, i) => {
      const resourceData = JSON.stringify(n.resourceData);
      context.log(` Notification #${i} `);
      context.log(`----------------------------------------------------------`);
      context.log(`Subscription Id    : ${n.subscriptionId}`);
      context.log(`Expiration         : ${n.subscriptionExpirationDateTime}`);
      context.log(`Change Type        : ${n.changeType}`);
      context.log(`Client State       : ${n.clientState}`);
      context.log(`Resource           : ${n.resource}`);
      context.log(`Resource Data      : ${resourceData}`);
      context.log(`----------------------------------------------------------`);
    });
    context.res = { body: "" };
  }
};

export default httpTrigger;

2. Create a subscription. For example create subscrpition fro user resource

Post  https://graph.microsoft.com/v1.0/subscriptions

Body:
{
   "changeType": "updated,deleted",
   "notificationUrl": "https://2f148f1102ab.ngrok.io/api/Webhook",
   "resource": "/users",
   "expirationDateTime":"2020-09-17T10:27:03.4541718Z",
   "clientState": "secretClientValue",
   "latestSupportedTlsVersion": "v1_2"
}

when we create a subscription, it will validate the notification endpoint via sending a post request to our webhook. Response:

3. Test

Update user with Microsoft graph

Patch https://graph.microsoft.com/v1.0/users/2632566d-711d-4f07-a595-afd426361b2c
Body
{
  
  "country":"US"
}

After successfully updating, I receive the notification as below

For further details about it, please refer to here and here