darrenjrobinson/Create Azure AD Change Notification Subscription.ps1

## Create Azure AD Change Notification Subscription.ps1
# Notifidcation Configuration
$expiryMaxLength = 3
$expiryHours = ($expiryMaxLength * 24) / 2
$clientStateValue = New-Guid
$notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime()
$utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z

# AAD User and Application Configuration
$graphAutomationClientID = "azureADApplicationClientID"
$graphAutomationSecret = "azureADApplicationSecret"
$graphAutomationTenantID = "azureADTenantID"
$graphAutomationUserUPN = "AzureADUser@yourTenant.onmicrosoft.com"
$graphAutomationUserPWD = "AzureADUserPassword"

# AuthN and get an Access Token
$delegatedToken = (Invoke-RestMethod -uri "https://login.microsoftonline.com/$($graphAutomationTenantID)/oauth2/token" `
        -Method Post `
        -Headers @{"Content-Type" = "application/x-www-form-urlencoded" } `
        -Body "grant_type=password&resource=https://graph.microsoft.com&client_id=$($graphAutomationClientID)&username=$($graphAutomationUserUPN)&password=$($graphAutomationUserPWD)&client_secret=$($graphAutomationSecret)").access_token

# Azure AD Users change notification subscription configuration
$createSubscriptionBody = @{
    changeType         = "updated"
    notificationUrl    = "https://yourAzurePowerShellFunction.azurewebsites.net/api/receivechangenotification?code=Iy8bpuOO....yourAzureFunctionCode.....GQ%3D%3D"
    clientState        = $clientStateValue.Guid
    resource           = "/users"
    expirationDateTime = "$($utcExpiry)"
    latestSupportedTlsVersion = "v1_2"
}

# Create Notification Subscription
$newUsersNotificationSubscription = Invoke-RestMethod -method Post `
    -Uri "https://graph.microsoft.com/v1.0/subscriptions" `
    -body ($createSubscriptionBody | convertTo-json) `
    -Headers @{Authorization = "Bearer $($delegatedToken)"; "content-type" = "application/json"}

$newUsersNotificationSubscription
	# Notifidcation Configuration
	$expiryMaxLength = 3
	$expiryHours = ($expiryMaxLength * 24) / 2
	$clientStateValue = New-Guid
	$notificationExpiry = (get-date).addHours($expiryHours).ToUniversalTime()
	$utcExpiry = get-date $notificationExpiry -Format yyyy-MM-ddThh:mm:ss.0000000Z

	# AAD User and Application Configuration
	$graphAutomationClientID = "azureADApplicationClientID"
	$graphAutomationSecret = "azureADApplicationSecret"
	$graphAutomationTenantID = "azureADTenantID"
	$graphAutomationUserUPN = "AzureADUser@yourTenant.onmicrosoft.com"
	$graphAutomationUserPWD = "AzureADUserPassword"

	# AuthN and get an Access Token
	$delegatedToken = (Invoke-RestMethod -uri "https://login.microsoftonline.com/$($graphAutomationTenantID)/oauth2/token" `
	-Method Post `
	-Headers @{"Content-Type" = "application/x-www-form-urlencoded" } `
	-Body "grant_type=password&resource=https://graph.microsoft.com&client_id=$($graphAutomationClientID)&username=$($graphAutomationUserUPN)&password=$($graphAutomationUserPWD)&client_secret=$($graphAutomationSecret)").access_token

	# Azure AD Users change notification subscription configuration
	$createSubscriptionBody = @{
	changeType = "updated"
	notificationUrl = "https://yourAzurePowerShellFunction.azurewebsites.net/api/receivechangenotification?code=Iy8bpuOO....yourAzureFunctionCode.....GQ%3D%3D"
	clientState = $clientStateValue.Guid
	resource = "/users"
	expirationDateTime = "$($utcExpiry)"
	latestSupportedTlsVersion = "v1_2"
	}

	# Create Notification Subscription
	$newUsersNotificationSubscription = Invoke-RestMethod -method Post `
	-Uri "https://graph.microsoft.com/v1.0/subscriptions" `
	-body ($createSubscriptionBody \| convertTo-json) `
	-Headers @{Authorization = "Bearer $($delegatedToken)"; "content-type" = "application/json"}

	$newUsersNotificationSubscription