If your application uses user tokens to create subscriptions to Outlook resources, then you need to update your apps as needed to handle this scenario. This only applies to applications that use user tokens to create subscriptions. Applications that use app tokens to create subscriptions are not affected by this change. Existing applications do not need to do anything to enable this behavior.
We are in the process of deploying a change to the Outlook REST API and the Microsoft Graph that will expire subscriptions to Outlook-related resources (mail, calendar, contacts, tasks) automatically when one of the following events occurs:
- The subscription is for an Intune-managed device that has been marked as non-compliant.
- The password of the user that created the subscription has changed or been reset.
- The account of the user that created the subscription has been disabled in Azure Active Directory.
So when the subscription is removed, the Outlook REST API will send a notification with
changeType set to “SubscriptionRemoved” to signal that the subscription has been removed, and the application will stop receiving any notifications. The notification’s
error value contains more information about why the subscription was removed. For more info, please refer the detailed blog post on this.