In one of my solutions I intended to create a Microsoft Graph subscription to a group calendar events resource from an Azure Function authenticated with app client credentials
Permissions granted to the app principal are Calendars.ReadWrite and Group.ReadWrite.All
So the payload of the call looks like
{
"changeType": "updated",
"resource": "groups/a619f4ce-7538-47c3-8feb-f5df845c5e96/calendar/events",
"expirationDateTime": "2020-03-20T00:00:00Z",
"notificationUrl": "https://4ed2bafd.ngrok.io/api/Webhook"
}
And the error 400 I get is
Exception: Error: Error making HttpClient request in queryable [400] Bad Request ::> {
[18/03/2020 19:19:39] "error": {
[18/03/2020 19:19:39] "code": "InvalidRequest",
[18/03/2020 19:19:39] "message": "Subscription to a group's 'conversations' is not supported with Application-level permissions.",
[18/03/2020 19:19:40] "innerError": {
[18/03/2020 19:19:40] "request-id": "6337f57d-a266-4947-9f3b-289c8d8c9c9e",
[18/03/2020 19:19:40] "date": "2020-03-18T19:19:40"
[18/03/2020 19:19:40] }
[18/03/2020 19:19:40] }
[18/03/2020 19:19:40] }
The same call works well when creating the subscription with the Graph Explorer (so with my signed-in user being part of that group).
I understand, I can't use app-only permissions to get conversations from groups and there are limitations on shared outlook objects, but I could have expected to be able to subscribe to a particular group calendar events (Which, BTW, are not "conversations" as stated in the error message). Is it possible, or should it be done maybe differently ?
Cheers,
Yannick
