Creating a Microsoft Graph webhook subscription to security/alerts fails

Question

When I attempt to create a Microsoft Graph webhook subscription to the security/alerts endpoint, the subscription creation fails with a generic message as shown below. Modifying the resource to 'me/messages' results in a successful webhook subscription created, so this appears to be specific to the security/alerts endpoint. How do I move past this?

The body of the request is as such:

{
  "changeType": "created",
  "notificationUrl": "https://xxxxxxxxx.azurewebsites.net/api/graphnotifications",
  "resource": "security/alerts?$filter=vendorInformation/provider+eq+'ASC'",
  "expirationDateTime": "2018-11-15T11:00:00.0000000Z",
  "clientState": "secretClientValue"
}

Answer 1

Please use 'updated' for 'changeType'. Security/Alerts uses 'updated' for all new or updated alerts.

Answer 2

Wes, you didn't post the URL that you sent that request to. As per the documentation for Security Alerts.

You can use Microsoft Graph webhooks to subscribe to and receive notifications about updates to Microsoft Graph Security entities.

https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview

On that page, it states posting a request and gives a sample like this

POST https://graph.microsoft.com/v1.0/subscriptions
Content-Type: application/json
{
  "changeType": "created,updated",
  "notificationUrl": "https://webhook.azurewebsites.net/notificationClient",
  "resource": "/me/mailfolders('inbox')/messages",
  "expirationDateTime": "2016-03-20T11:00:00.0000000Z",
  "clientState": "SecretClientState"
}

https://developer.microsoft.com/en-us/graph/docs/concepts/webhooks

Are you posting that request body to that url?