(unknown) Precondition failed when trying to create MS Graph Subscription

Question

I am trying to create a subscription to get notified when a user is created or updated. As a webhook endpoint I have created the following Azure Function, which should respect all requirements in the documentation:

public class UsersSubscription(ILogger<UsersSubscription> log)
{
    [Function(nameof(UsersSubscription))]
    public async Task<HttpResponseData> Run([HttpTrigger(AuthorizationLevel.Function, "post")] HttpRequestData req)
    {
        string validationToken;
        string[]? queryParamValues = System.Web.HttpUtility
            .ParseQueryString(req.Url.Query)
            .GetValues(nameof(validationToken));

        if (queryParamValues is {} values && values.Length == 1)
        {
            validationToken = values.Single();
            log.LogInformation("received validation token= {t}", validationToken);
            var response = req.CreateResponse(HttpStatusCode.OK);
            response.Headers.Add("Content-Type", "text/plain; charset=utf-8");
            response.WriteString(validationToken);
            return response;
        }

        log.LogInformation("received event, no token");
        string requestBody = await new StreamReader(req.Body).ReadToEndAsync();
        log.LogInformation("C# HTTP trigger function processed a request. Body= {b}", requestBody);
        var response2 = req.CreateResponse(HttpStatusCode.OK);
        return response2;
    }
}

When I POST

{
  "expirationDateTime": "2024-03-07T15:16:02.8312226Z",
  "changeType": "created,updated",
  "clientState": "lala1",
  "resource": "/users",
  "notificationUrl": "https://mywebhook.azurewebsites.net/api/UsersSubscription?code=api-key-here"
}

$url = "https://graph.microsoft.com/v1.0/subscriptions"
$payload = above json
az rest --method post --url $url --body $payload

I'm getting this error which is not really helpful in debugging:

Precondition Failed({"error":{"code":"ExtensionError","message":"Operation: Create; Exception: [Status Code: PreconditionFailed; Reason: ]","innerError":{"date":"2024-02-26T16:22:52","request-id":"guid-here","client-request-id":"guid-here"}}})

Does someone know how to isolate what specific Pre-Condition is failing? Any insights are appreaciated, thanks!

Answer 1

Ok, found out, posting here so it might be helpful for others. The docs state that the /users resource cannot be subscribed to in a B2C tenant. In my case it wasn't b2c, but its successor Entra External Id, which is marketed as more Entra-like. Apparently, it still shares limitations with its predecessor. Repeating the above steps in my regular tenant, everything worked at once.