I'm trying to get change notifications for users to work with my application connected to Azure AD B2C.
I followed the following tutorial and the subscription is created successfully but I never get any change notification:
https://learn.microsoft.com/en-us/learn/modules/msgraph-changenotifications-trackchanges/1-introduction
After a bit of research I found some statements mentioning that B2C is not supported by Graph API:
https://learn.microsoft.com/en-us/graph/webhooks#azure-ad-resource-limitations
Azure AD B2C tenants are not supported.
Blog entry from 2016
https://learn.microsoft.com/en-us/archive/blogs/aadgraphteam/microsoft-graph-or-azure-ad-graph
Manage users in a B2C tenant (set local accounts, sign in names), Coming soon (preview)
Do not receive notifications about user profile updates
I wonder whether this still holds true especially because Microsoft announced that Azure AD Graph API should not be used anymore:
https://techcommunity.microsoft.com/t5/azure-active-directory-identity/update-your-applications-to-use-microsoft-authentication-library/ba-p/1257363
I ask this question here because Microsoft support redirected me to SO to ask questions about Graph API.
TLDR;
Does Microsoft Graph API support change notifications with Azure AD B2C in 2020?
Microsoft Graph API does not support change notifications with Azure AD B2C as of August 2020. Nor does AAD Graph support change notifications with Azure AD B2C as of August 2020.
You could use Azure Monitor and Event hubs to harvest events from the Audit Logs, such as a Sign Up event.
https://learn.microsoft.com/en-us/azure/active-directory-b2c/azure-monitor
Related
We have a working outlook app using version 1_1 on O365. We are testing this with an exchange on prem only setup but with azure AD hybrid. The graph API functions we need work within this environment thanks to testing on graph api exporer.
When we push the manifest to exchange either via the exchange admin portal or via powershell we receive an error relating to webapplicationinfo being invalid. We have this within versionoverride 1.1 and that within versionoverride 1.0
If I remove the webapplicationinfo section which includes the scope, this will import ok, but when the app performs the function to get the auth token it fails, for which I am sure because the scope wasnt authorised.
No where i can find that says on prem is not supported. I find a lot of reference to 2016 CU3 but nothing specific to on prem. Can someone assist?
Exchange 2016 Cumulative Update 3 (CU3), released in September 2016 for Exchange on-premises servers, adds support for REST API integration with Microsoft 365. If your app uses v1.0 of the Mail, Calendar, or Contacts API, you will now also find a seamless authentication and application experience in hybrid deployments, regardless of whether the mailbox is on-premises or in the cloud, provided that the deployment meets specific requirements.
See Use REST APIs to access mailboxes in Exchange hybrid deployments (preview) for more information.
I have created Azure AD B2C Tenant and i have 3 members (users) contain in the Azure AD B2C Tenant, but my objective is to show the existing users in the tenent.
I have used the graph.microsoft.com and all the other methods to retrieve the existing users ( including Microsoft tutorials) but i cant retrieve and see the existing users.
Any help would be fine to figure out the way to do it , thanks in advance for your support.
It is a bit ambiguous but it is clear from the Azure AD B2C documentation that "you must use the Azure AD Graph API to manage users in an Azure AD B2C directory".
I have also experienced issues which getting a few properties, including any extension properties, for users in an Azure AD B2C directory using the Microsoft Graph API.
Does Microsoft Graph already have functionalities for Azure AD B2C User CRUD?
I found these related SO questions:
Which Graph API should be used with Azure AD B2C
Correct Graph API to manage Azure AD B2C
But both have answers that are dated 2017, so I am wondering if there are already updates from Microsoft that I am not aware of. I still have not find in my searches.
Below are the links I have found so far that seems to be conflicting each other (some of the links were also mentioned in the other questions).
In (D), it seems to offer options for User CRUD but I am not sure if it is just for Azure AD and not for Azure AD B2C.
Any help is appreciated. Thanks!
A. Azure AD B2C: Use the Azure AD Graph API (Date: 08/07/2017)
https://learn.microsoft.com/en-us/azure/active-directory-b2c/active-directory-b2c-devquickstarts-graph-dotnet
It says: You must use the Azure AD Graph API to manage users in an Azure AD B2C directory. This is different from the Microsoft Graph API. Learn more here.
B. Operations on users | Graph API reference (Last Updated: 2/12/2018)
https://msdn.microsoft.com/en-us/library/azure/ad/graph/api/users-operations
It says: We strongly recommend that you use Microsoft Graph instead of Azure AD Graph API to access Azure Active Directory resources. Our development efforts are now concentrated on Microsoft Graph and no further enhancements are planned for Azure AD Graph API. There are a very limited number of scenarios for which Azure AD Graph API might still be appropriate; for more information, see the Microsoft Graph or the Azure AD Graph blog post in the Office Dev Center.
C. Microsoft Graph or Azure AD Graph (Date: July 8, 2016)
https://blogs.msdn.microsoft.com/aadgraphteam/2016/07/08/microsoft-graph-or-azure-ad-graph/
It says: In general, we recommend the use of Microsoft Graph over Azure AD Graph, as Microsoft Graph is where we are investing for Microsoft cloud services.
But then, it says at the bottom:
AAD Graph Capability | Status in Microsoft Graph (March 23, 2018)
12. Manage users in a B2C tenant (set local accounts, sign in names) | Coming soon (preview)
D. Microsoft Graph: User resource type
https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/user
It list options to Create, Update and Delete user.
It is a bit ambiguous but I believe it is clear from the Azure AD B2C documentation that "you must use the Azure AD Graph API to manage users in an Azure AD B2C directory".
For example, according to the Microsoft Graph API documentation, you can't create a local account in an Azure AD B2C directory with a sign-in name.
I have also experienced issues which getting and setting a few properties, including any extension properties, for users in an Azure AD B2C directory using the Microsoft Graph API.
Is there a way to use the Outlook User photo REST API using Azure AD & OAuth or do we have to use the Azure AD v2 authentication endpoint way to retrieve photos?
Is there any other way to retrieve user photos from Outlook.com so I can use it in my web app?
I am using Azure AD to authenticate users at the moment and want to use the Azure portal only, not the Microsoft Application Registration portal.
Thanks.
The difference between Azure portal and Microsoft Application Registration portal is that Microsoft Application Registration portal supports Azure AD V2.0 endpoint.
The Azure AD v2.0 endpoint supports both Microsoft accounts and Azure Active Directory accounts.
So, it depends on which users' photo you want to acquire. If you want the app only support the users from Azure AD tenant, it is well to select Azure portal to register the app.
And here is the Microsoft Graph REST API about get the photo in user's mailbox on Exchange Online for your reference(Get photo):
GET https://graph.microsoft.com/v1.0/me/photo/$value
I have a test office 365 install to run some sample queries against Microsoft Graph.
Part of the authentication flow outlined here, describes getting the tenant ID from Azure AD. To get your tenant ID you have to go through manage.windowsazure.com according to the guidance provided.
So, is it that to build these MS graph apps, you have to provision an Azure Subscription?
No. You don't have to provision an Azure Subscription. The the tenant ID from Azure AD is referenced because I guess 'behind scenes' office 365 is on Azure, its authentication based on Azure AD, etc.
You can create application in https://portal.azure.com, even if you don't have azure ad subscription.