1

I want to update a Subscription of an Azure Event Grid Partner Topic to change the ExpirationDateTime.

To do so I'm using a PowerShell AzureFunction authenticated with an App Registration on GraphAPI. I'm using the Update-MgSubscription function to update the field above.

When I execute the function I get the following error message: "The app id 'appid' is not enabled for event grid subscription." where 'appid' is the id of my App Registration.

I was able to update the field with Graph Explorerbut I couldn't manage to find a specifc permission to do it with the App Registration. I've tried to allow the App in the IAM of the Azure Event Grid Partner Topic with no success.

Any idea?

Cyril Lacroix
  • 55
  • 8
  • To allow an application to execute the Update-MgSubscription you need to send an email to ask-graph-and-grid@service.microsoft.com. I didn't revceived any feedback to my email so far so I'll find another solution to my problem. _"At some point in the sample, you will have an application registered with Azure AD. Email your application ID to mailto:ask-graph-and-grid@service.microsoft.com?subject=Please allow my Azure AD application with ID to send events through Graph API so that the Microsoft Graph API team can add your application ID to allow list to use this new capability."_ – Cyril Lacroix Feb 13 '23 at 14:25
  • I received a feedback from Microsoft, it's not required to register by email anymore. You only need to add the following header to your request: "x-ms-enable-features" = "EventGrid". To do so you have to generate the Rest request yourself with Invoke-RestMethod and handle the authentication with Get-MsalToken. I was not able to make the Create/Update work. At the moment this is a preview feature. – Cyril Lacroix Feb 17 '23 at 09:55

1 Answers1

0

"The app id 'appid' is not enabled for event grid subscription."

This error occurs when the App Registration you're using lacks the required permissions to update the Event Grid subscription. You will need to grant the necessary permissions to your App Registration to resolve this issue.

You mentioned that you tried to allow the App in the Azure Event Grid Partner Topic's IAM before, but it didn't work. This is due to the reason that updating the subscription requires permissions at the Azure Event Grid system level, rather than just the topic level.

To grant the necessary permissions, Check below:

Select your Azure Event Grid System topic and Goto Access Control (IAM) -> Add a role assignment and search for Event Grid contributor role and then assign to the registered application. Now it will manage all the operations for the Event subscriptions.

I created a system topic in my subscription and added a relevant permission as shown below:

System topic:

enter image description here

Role Assignments:

enter image description here

enter image description here

Jahnavi
  • 3,076
  • 1
  • 3
  • 10
  • Hi Jahnavi, Thanks for your feedback. I tested your solution but I'm still getting the same error. I've created a new Event Grid System Topic and added my app registration as Contributor. – Cyril Lacroix Feb 22 '23 at 08:42
  • Do you have owner role for the subscription? Enable Microsoft graph API permissions for reading a directory in App registration. @CyrilLacroix – Jahnavi Feb 22 '23 at 09:33
  • Yes, my account is Owner of the subscription and AAD admin. I've added the Directory.Read.All permission to the app and granted admin consent. I'm still getting the same error. – Cyril Lacroix Feb 23 '23 at 13:08
  • Can you delete the previous app registration and create a new app registration? – Jahnavi Feb 24 '23 at 05:29