This month's Microsoft identity platform community call featured how to get change notifications delivered through Azure Event Hubs.

1. Microsoft identity platform
Apr 15, 2021 | 9:00AM PST
Community call
Get Change notification delivered
via Azure Event Hubs
George Juma
Microsoft
Kalyan Krishna
Microsoft

2. Introduction
• First things first
• Please note: We are recording this call so those unable to attend can benefit from the recording.
• This call is designed for developers who implement or are interested in implementing Microsoft identity platform
solutions.
• What kind of topics will we discuss?
• We will address development related topics submitted to us by the community for discussion.
• We build a pipeline of topics for the next few weeks, please submit your feedback and topic suggestions -
https://aka.ms/IDDevCommunityCallSurvey
• View recordings on the Microsoft 365 Developer YouTube channel - https://aka.ms/M365DevYouTube
• Follow us on Twitter @Microsoft365Dev and @azuread
• This is NOT a support channel. Please use Stack Overflow to ask your immediate support related questions.
• When is the next session?
• Community Calls: Monthly – 3rd Thursday of every month
• Next Identity Developer Community Call: May 20th

3. Microsoft identity platform
Apr 15, 2021 | 9:00AM PST
Community call
Get Change notification delivered
via Azure Event Hubs
George Juma
Microsoft
Kalyan Krishna
Microsoft

4. About this session
 Brief introduction to Graph change notification (WebHooks)
 Change notifications delivered via Azure Event hubs

5. Extend Microsoft 365 experiences Build your experience
Documents Conversations Portals Timeline Search
Web
apps
Bots &
agents
Device
& native
Daemon
apps
Workflow
automation
Analytics
apps
Microsoft Graph API
People Chats Files Devices Mail Events
Lists Security Search
Alerts
Microsoft 365

6. Track changes with Webhooks

7. Webhooks
• Allows applications to be notified when data changes in the Microsoft Graph
• Subscribe to particular notifications
• Renew subscriptions for notifications as needed
• Combine notifications with track changes for robust data notifications
• Subscribe to rich change notification to get notifications with resource data

8. Webhooks
• Get notifications for messages, events, contacts, users, groups,
conversations, OneDrive files & alerts endpoints
• Stay up to date and in-sync with data in the Microsoft Graph
• No “polling” at regular intervals required
• Never miss a change
Why
Webhooks

9. The Microsoft Graph uses the webhook mechanism to
deliver change notifications to clients.
A client is a web service that configures its own URL to
receive notifications from Microsoft Graph.
Webhooks
Using
Webhooks

10. Which of the following are you most familiar with
A. Azure Event Hubs
B. Azure Event Grids
C. Azure Storage Queues
D. Web sockets e.g., Socket.io

11. Do you use changenotifications (webhooks) in your app(s) today?
A. Yes, [supported scenario]
B. No

12. Get Change notifications delivered through Azure Event Hubs
Allows Change notifications to be delivered through Azure Event Hubs.
Azure Event Hubs is a popular real-time events ingestion and distribution service built for scale.
You can use Azure Events Hubs instead of traditional webhooks to receive change notifications.
Specifically built to target:
High throughput scenarios
The receiver cannot or does not want to expose a publicly available URL
Temporizing the change notifications (in case your service needs to go offline for maintenance, for
example).
Using Azure Event Hubs to receive change notifications

13. Get Change notifications delivered through Azure Event Hubs
Examples of high throughput scenarios:
Applications subscribing to a large set of resources
Applications subscribing to resources that change with a high frequency
Multi-tenant applications that subscribe to resources across a large set of organizations
This change notifications delivery mode is available for all resources that support Microsoft Graph change
notifications.
Using Azure Event Hubs to receive change notifications

14. Get Change notifications delivered through Azure Event Hubs
Microsoft
Graph
Key Vault
Microsoft Graph
Change Tracking
Event Hub
Your application
Create subscription
Get EventHub connection string
Place notifications in event hub
Retrieve messages from event hub

15. Get Change notifications delivered through Azure Event Hubs
How it works.
You'll need to provision an Azure Event Hub and Azure Storage.
Create a shared access policy with a "Listen" permission and obtain the
connection string. Follow the steps listed in
• Configuring the Azure Event Hub and
• Send events to and receive events from Azure Event Hubs - .NET.
You'll need to provision an Azure Key Vault.
Give access to the Microsoft Graph Change Tracking to your KeyVault entry
Use the Event Hubs SDK will relay the notifications to your application.
You don't need to reply to the notification URL validation. You can ignore the validation message that you receive.

16. Why Key Vault
In order to access the Event Hub securely and to allow for key rotations, Microsoft Graph gets the
connection string to the Event Hub through Azure Key Vault.
So, you need to :
• Create an Azure Key Vault to store secret.
• Add the connection string to the Event Hub as a secret.
• Add an access policy for Microsoft Graph (Microsoft Graph Change Tracking) to access the secret.
After you create the required Azure KeyVault and Azure Event Hubs services, you can go ahead and create
your subscription and start receiving change notifications via Azure Event Hubs.
But wait, the notification URL is constructed differently too..

17. The new NotificationURL
Its set as
EventHub:https://<azurekeyvaultname>.vault.azure.net/secrets/<secretname>?tenantId=<domainname>
with the following values:
azurekeyvaultname - The name you gave to the key vault when you created it. Can be found in the DNS name.
secretname - The name you gave to the secret when you created it. Can be found on the Azure Key Vault Secrets page.
domainname - The name of your tenant; for example, consto.onmicrosoft.com or contoso.com. Because this domain will be used to
access the Azure Key Vault, it is important that it matches the domain used by the Azure subscription that holds the Azure Key Vault. To get
this information, you can go to the overview page of the Azure Key Vault you created and click the subscription. The domain name is
displayed under the Directory field.
{
"changeType": "Updated,Deleted",
"notificationUrl": "EventHub:https://<your keyvault name>.vault.azure.net/secrets/<your secret name>?tenantId=contoso.onmicrosoft.com",
"resource": "users",
"expirationDateTime": "2021-08-15T00:00:00Z",
"clientState": "suresecret1"
}

18. git clone --branch event-hub https://github.com/microsoftgraph/msgraph-training-changenotifications

20. Resources
Use the Microsoft Graph API to get change notifications
Using Azure Event Hubs to receive change notifications
Microsoft Graph Training Module - Using Change Notifications and Track Changes with Microsoft Graph
Azure Event Hubs — A big data streaming platform and event ingestion service

21. Microsoft 365
https://aka.ms/adaptivecardscommunitycall
https://aka.ms/microsoftgraphcall
https://aka.ms/IDDevCommunityCalendar
https://aka.ms/microsoftteamscommunitycall
https://aka.ms/officeaddinscommunitycall
https://aka.ms/PowerAppsMonthlyCall
https://aka.ms/spdev-call
) https://aka.ms/spdev-sig-call
(biweekly https://aka.ms/spdev-spfx-call
https://aka.ms/M365PnP

22. Recording will be available soon on our
Microsoft 365 Developer YouTube channel
https://aka.ms/M365DevYouTube
(subscribe today)
Follow us on Twitter
@Microsoft365Dev and @azuread
Next call: Apr 15th at 9:00am PST
https://aka.ms/IDDevCommunityCalendar
Thank you