Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
How to resolve role assignment alerts are not received via email when creating an eligible group ownership request for a principal using the Microsoft Graph REST API
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(83.2, 48%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPA%3C/text%3E%3C/svg%3E)
Plaifa Atthapaibul
20
Reputation points
I would like to create an eligible group ownership request for a principal using the Microsoft Graph REST API and receive role assignment alerts via email notification. The role assignment alert is set for each PIM group.
First, I tested three scenarios:
- Adding a PIM role assignment on the Azure Portal.
- Using Microsoft Graph Explorer.
- Running automation from a third-party tool.
In scenarios 1 and 2, I was able to add an eligible assignment and receive the role assignment alert via email notification. However, in scenario 3, while I could add the eligible assignment, the admin did not receive the role assignment alert via email notification.
I attempted to create an eligible group ownership request for a principal using the Microsoft Graph REST API's eligibilityScheduleRequest method, following the instructions from this link. The PrivilegedEligibilitySchedule.ReadWrite.AzureADGroup permission has already been assigned to the API permissions of the third-party app registration. Role assignment alerts are set in the notification settings for each group.
How can I troubleshoot and resolve the issue where the admin does not receive a role assignment alert via email notification when creating an eligible group ownership request for a principal using the Microsoft Graph REST API?
Thank you.
Microsoft Security | Microsoft Graph
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(153.6, 7.000000000000001%, 24%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EC3%3C/text%3E%3C/svg%3E)
Carolyne-3676 1,136 Reputation points2025-02-12T18:17:04.09+00:00 Could you shed more light on which 3rd party tool this is. Typically for troubleshooting, you can start with the following steps:
- Verify that the email notification settings are correctly configured for the third-party tool.
- Check if the third-party tool is properly calling the Microsoft Graph API to create the role assignment. You can do this by monitoring the HTTP requests that the tool is making and checking for any errors.
- Double check permissions if 3rd party tool is eligible. Ensure that the third-party tool has the necessary permissions to call the Microsoft Graph API.
Sign in to comment
Sign in to answer