Hello,
We're trying to detect all the changes to the Azure AD User object using the Differential Query functionality.
We do successfully get the DirectoryLinkChange objects for the changes of group membership and Manager links; however, when the user Role is changed (DirectoryRole) we don't receive any changes in the differential query.
Here is a sample query:
https://graph.windows.net/c355353f-8c3a-4f5f-960d-606229417656/directoryObjects?api-version=1.5&deltaLink=
When we try to force the Role membership changes to be returned, we get an error:
https://graph.windows.net/c355353f-8c3a-4f5f-960d-606229417656/directoryObjects?api-version=1.5&$filter=isof('Microsoft.DirectoryServices.User'%20or%20isof('Microsoft.DirectoryServices.DirectoryRole')&deltaLink=Response is
400 - Bad Request
See Response Headers for details.
{"odata.error":{"code":"Request_UnsupportedQuery","message":{"lang":"en","value":"Differential query is not supported for entity type: DirectoryRole"}}}How can we detect the User Role changes via the Differential Query? Falling back to the full-list retrieval is a huge step back for us from the performance standpoint