Unable to add emailIDs in AzureAD roles notifications using graph API - Powershell

Question

Hi Team,

we are trying to add notificationrule to existing AD role assignments and resource role assignments.

Connect-MgGraph -AccessToken $token  
$id = Get-MgPolicyRoleManagementPolicyAssignment -Filter "scopeId eq '/' and scopeType eq 'DirectoryRole' and roleDefinitionId eq '62e90394-69f5-4237-9190-012177145e10'" -ExpandProperty "policy(`$expand=rules)"   
  
$uri = "https://graph.microsoft.com/v1.0/policies/roleManagementPolicies/$($id.PolicyId)/rules/Expiration_EndUser_Assignment"  
$method = "PATCH"  
$body = '{  
  "notificationType": "Email",  
  "recipientType": "Admin",  
  "notificationLevel": "All",  
  "isDefaultRecipientsEnabled": "true",  
  "notificationRecipients": [  
    "xxxx@ythoutlook.onmicrosoft.com"  
  ]  
}'  
$response = Invoke-WebRequest -Headers $Header -Uri $uri -Method $method -UseBasicParsing -Body $body  

but the API always throwing Invoke-WebRequest : The remote server returned an error: (400) Bad Request.

How to set below notifications using REST API with powershell???

1. Send notifications when members are assigned as active to this role: | Role assignment alert
2. Send notifications when eligible members activate this role: | Role activation alert

for both AD roles and Azure resource roles??

Answer 1

The 400 bad request error might be due validation failure as mentioned in the documentation:

For reference: https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-1.0&tabs=powershell#notification-endpoint-validation

Here is the sample for setting up the change notification: https://learn.microsoft.com/en-us/graph/api/subscription-post-subscriptions?view=graph-rest-1.0&tabs=powershell#request

Hope this helps.