Sometimes something very obvious lies on the surface and you don't catch it with your eyes. That's story of my life.
Honestly, I spent some time figuring out why I am getting the same failure on that request, tested in Graph API and CLI using the similar commands. Started from the beginning again, and on 3 or probably 4 time rereading the same article what I shared above, 'Eureka' happened :)
I did my test by using "Try it":
Parameters which I passed in my request:
Body:
{
"Properties": {
"RoleDefinitionId": "/subscriptions/XXXXXXXXX/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c",
"PrincipalId": "XXXXXXXXX",
"RequestType": "AdminAssign",
"justification": "I know this user",
"ScheduleInfo": {
"StartDateTime": "2022-11-09T21:31:27.91Z",
"Expiration": {
"Type": "AfterDuration", // Values: AfterDuration, AfterDateTime, NoExpiration
"EndDateTime": null,
"Duration": "P30D" // Use ISO 8601 format
}
}
}
}
My own mistake was what I was using GUID in the "regular" GUID format, like '0f51b19f-32b2-4475-b30a-81dd88a4cc42', and this request expects GUID as only numeric parameter, like '00000000-0000-0000-0000-000000000000'. I tried to find ready to use only GUID numeric generator, checked VS guid generator, PowerShell. So far, couldn't find and just manually edited characters => numeric values ;(
Sincerely,
Olga Os