Microsoft Graph Security API topics https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/bd-p/SecurityGraphAPI Microsoft Graph Security API topics Wed, 27 Oct 2021 23:28:36 GMT SecurityGraphAPI 2021-10-27T23:28:36Z Security alerts doesn't load lots of alerts https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-alerts-doesn-t-load-lots-of-alerts/m-p/2873207#M324 <P>Helllo,</P><P>&nbsp;</P><P>We have some customers that can not see all his alerts.</P><P>&nbsp;</P><P>In our case, alerts coming from CloudApp security that are active aren't showed in the microsoft graph security alerts query.</P><P>&nbsp;</P><P>Also, the remediated alerts from IPC aren't loaded.</P><P>&nbsp;</P><P>What's going on?</P><P>&nbsp;</P><P>Anyone else is facing this problems?</P><P>&nbsp;</P><P>&nbsp;</P> Fri, 22 Oct 2021 09:45:22 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-alerts-doesn-t-load-lots-of-alerts/m-p/2873207#M324 Jordi Marchán Martínez 2021-10-22T09:45:22Z Filtering alerts based on subscription https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/filtering-alerts-based-on-subscription/m-p/2843493#M322 <P>Hello,</P><P>&nbsp;</P><P>Let's say I have multiple Sentinel instances in the same tenant ID.&nbsp; &nbsp;Would it be&nbsp; possible to filter alerts by subscription.&nbsp; &nbsp;Kind of&nbsp;<SPAN>GET /security/alerts?$filter={SubscriptionID} eq '{subID}'</SPAN></P><P>&nbsp;</P><P><SPAN>Thanks</SPAN></P> Wed, 13 Oct 2021 20:16:56 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/filtering-alerts-based-on-subscription/m-p/2843493#M322 DanyLanglois 2021-10-13T20:16:56Z Defender for Identity alerts not showing when querying the Microsoft Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/defender-for-identity-alerts-not-showing-when-querying-the/m-p/2707675#M321 <P>Anyone know whether or when MDI alerts will also show up in the&nbsp;Microsoft Graph Security API? They do show up in the unified Microsoft Security portal but when querying the graph API these alerts are not present in the list returned.</P><P>&nbsp;</P><P>Thank you!</P> Wed, 01 Sep 2021 14:24:35 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/defender-for-identity-alerts-not-showing-when-querying-the/m-p/2707675#M321 brlgen 2021-09-01T14:24:35Z Bookings API By ID, returns 403 in postman, curl and custom apps, works fine on online API test tool https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/bookings-api-by-id-returns-403-in-postman-curl-and-custom-apps/m-p/2703218#M320 <P>We have deployed our custom app which consumes delegated graph AD app token for <A href="#" target="_self">GET /bookingBusinesses/{id}</A> API in our client environment.&nbsp;</P><P>&nbsp;</P><P>This token works fine with online API test tools like <A href="#" target="_self">reqbin</A>&nbsp;and <A href="#" target="_self">webtools.</A></P><P>However, it fails with 403 forbidden for a console app, deployed Azure API app, azure function, CURL, Postman.&nbsp;</P><P>&nbsp;</P><P>Response Body:</P><P>{"error":{"code":"Forbidden","message":"Forbidden","innerError":{"date":"2021-08-31T13:32:09","request-id":"a10a3885-e96e-43b0-a242-11dff032f17a","client-request-id":"a10a3885-e96e-43b0-a242-11dff032f17a"}}}</P><P>&nbsp;</P><P>We have set up the AD app in different tenants and it is working fine but it does not work in the client's tenant on custom apps and postman.&nbsp;&nbsp;</P><P>&nbsp;</P><P>The same token is working with online tools but not with custom apps and azure functions.</P><P>Is there any restriction that can be set up to block calls from certain clients?&nbsp;</P><P>I have attached the token parsed diff file if that can help.&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 31 Aug 2021 14:37:21 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/bookings-api-by-id-returns-403-in-postman-curl-and-custom-apps/m-p/2703218#M320 PrashantSoniHarman 2021-08-31T14:37:21Z Alternative for power BI https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/alternative-for-power-bi/m-p/2660759#M319 <P>Hi team,</P><P>&nbsp;</P><P>I am taking over some projects and noticed that the Microsoft Graph Security API is not working anymore with Power BI. This was used to get Microsoft Secure Score so what is an alternative to this?</P><P>Another thing I've noticed is that there is no option to export a good report for Microsoft Secure Score in the defender app.</P><P>&nbsp;</P><P>Any comment would be much appreciated.</P><P>&nbsp;</P><P>Kind regards,</P><P>&nbsp;</P> Wed, 18 Aug 2021 14:03:30 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/alternative-for-power-bi/m-p/2660759#M319 JoeBlack500 2021-08-18T14:03:30Z Microsoft Revoke API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-revoke-api/m-p/2615108#M317 <P>Hey <LI-USER uid="62200" login="Microsoft Team"></LI-USER>, I want to really know if there is a way to <STRONG>revoke</STRONG> my access tokens through any APIs of yours. I had big trouble finding it and didn't found one.&nbsp;<BR />I had generated tokens via <STRONG>Oauth</STRONG> and want to know if there are any APIs to check its <STRONG>validity</STRONG> and <STRONG>revoke</STRONG> it if required.<BR />P.S: I generated the tokens through this end-point: POST&nbsp;<SPAN><A href="#" target="_blank" rel="noopener">https://login.microsoftonline.com/common/oauth2/v2.0/token</A></SPAN><BR /><BR /></P> Thu, 05 Aug 2021 12:24:09 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-revoke-api/m-p/2615108#M317 NirmalPatel98 2021-08-05T12:24:09Z Blocking MFA while onboarding iPhone to Endpoint Manager in the same device https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/blocking-mfa-while-onboarding-iphone-to-endpoint-manager-in-the/m-p/2650885#M316 <P class="paragraph-207">Hello!</P> <P class="paragraph-207">One of my customer is onboarding iPhones into Endpoint Manager and have a challenge with the MFA approvals.</P> <P class="paragraph-207">They make use of the Apple DEP process to direct any new or replacement iPhones straight into the Endpoint Manager registration when the phone is powered on.</P> <P class="paragraph-207">The device being onboarded into Endpoint Manager is the same device being used to approve the MFA authentication.</P> <P class="paragraph-207">So, when a new iPhone get to the Endpoint Manager registration portion and the user is asked to sign in, MFA kicks in and send the user the MFA authentication prompt, however the user cannot action the MFA request due to the phone being focused on the Endpoint Manager registration.</P> <P class="paragraph-207">One workaround was Block/ Unblock in Azure AD portal -&gt; MFA , but the default duration of blocking MFA for 90 days is longer.</P> <P class="paragraph-207">&nbsp;</P> <P class="paragraph-207">Any suggestions on workarounds for seamless iPhone onboarding into Endpoint Manager without manual intervention ? Thank you!</P> Mon, 16 Aug 2021 04:04:42 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/blocking-mfa-while-onboarding-iphone-to-endpoint-manager-in-the/m-p/2650885#M316 sarithanair 2021-08-16T04:04:42Z Unable to get alerts using PostMan https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/unable-to-get-alerts-using-postman/m-p/2596808#M315 <P>Hi Team,</P><P>&nbsp;</P><P>I have tried to get alerts using postman. However i am getting a response as "</P><DIV><DIV><SPAN>detail"</SPAN><SPAN>:&nbsp;</SPAN><SPAN>"Invalid&nbsp;input&nbsp;segments&nbsp;length:&nbsp;".</SPAN></DIV><DIV><SPAN>Can you please help&nbsp;</SPAN></DIV></DIV> Sat, 31 Jul 2021 10:50:20 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/unable-to-get-alerts-using-postman/m-p/2596808#M315 DivyaVellanki 2021-07-31T10:50:20Z Microsoft Graph Security API returns an empty result https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-graph-security-api-returns-an-empty-result/m-p/2519588#M314 <P>I wanted to pull security alerts via Microsoft Graph Security API. I tried to pull security alerts from <A href="#" target="_self">Microsoft Graph Explorer</A> and also tried to pull security alerts from a Python application (by following the sample <A href="#" target="_self">here</A>). In both ways, the API always returned the result below. There are some security alerts on my Azure Security Center dashboard. The global admin gave all required permissions (such as read/write security alerts/actions) to the applications already.</P> <P>&nbsp;</P> <DIV> <DIV><EM>{</EM></DIV> <DIV><EM>"@odata.context": "<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/$metadata#security/alerts</A>",</EM></DIV> <DIV><EM>"value": []</EM></DIV> <DIV><EM>}</EM></DIV> <DIV>&nbsp;</DIV> <DIV><SPAN>Anyone faces the same issue? Do you know what is the cause?<BR /><BR />PS. I don't have any issue pulling the security score. It is only security alerts that I failed to pull.</SPAN></DIV> </DIV> Tue, 06 Jul 2021 14:59:29 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-graph-security-api-returns-an-empty-result/m-p/2519588#M314 Sirikarn 2021-07-06T14:59:29Z Login to OneDrive failed https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/login-to-onedrive-failed/m-p/2425553#M309 <P>We got an "access denied" error when login in to the MS Graph API:</P><P>&nbsp;</P><OL class="tree-outline hide-selection-when-blurred source-code object-properties-section"><LI><SPAN>{error: {code: "accessDenied", message: "There has been an error authenticating the request.",…}}</SPAN></LI><OL class="children expanded"><LI><SPAN class="name-and-value"><SPAN class="name">error</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-object value">{code: "accessDenied", message: "There has been an error authenticating the request.",…}</SPAN></SPAN></LI><OL class="children expanded"><LI><SPAN class="name-and-value"><SPAN class="name">code</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-string value">"accessDenied"</SPAN></SPAN></LI><LI><SPAN class="name-and-value"><SPAN class="name">innerError</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-object value">{date: "2021-06-08T08:36:06", request-id: "7fa531ff-0688-46f6-adb2-32c278ee5312",…}</SPAN></SPAN></LI><OL class="children expanded"><LI><SPAN class="name-and-value"><SPAN class="name">client-request-id</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-string value">"175d7a08-080b-c24f-512c-d4930bf9bd47"</SPAN></SPAN></LI><LI><SPAN class="name-and-value"><SPAN class="name">date</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-string value">"2021-06-08T08:36:06"</SPAN></SPAN></LI><LI><SPAN class="name-and-value"><SPAN class="name">request-id</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-string value">"7fa531ff-0688-46f6-adb2-32c278ee5312"</SPAN></SPAN></LI></OL><LI><SPAN class="name-and-value"><SPAN class="name">message</SPAN>:<SPAN>&nbsp;</SPAN><SPAN class="object-value-string value">"There has been an error authenticating the request."</SPAN></SPAN></LI></OL></OL></OL><P>&nbsp;</P><P><SPAN class="name-and-value"><SPAN class="object-value-string value">We are trying to access to following URL:</SPAN></SPAN></P><P><SPAN class="name-and-value"><SPAN class="object-value-string value"><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/me/drive/root</A></SPAN></SPAN></P><P>&nbsp;</P><P><SPAN class="name-and-value"><SPAN class="object-value-string value">The following permissions are configured on the app:</SPAN></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="vansummeren_0-1623141960688.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/287111i8C5FB41195F4D774/image-size/medium?v=v2&amp;px=400" role="button" title="vansummeren_0-1623141960688.png" alt="vansummeren_0-1623141960688.png" /></span></P><P>&nbsp;</P><P>Does anyone have an idea what the issue could be?</P><P>Happy to provide more info if needed!</P><P>&nbsp;</P><P>Thanks!</P><P>&nbsp;</P> Tue, 08 Jun 2021 08:48:40 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/login-to-onedrive-failed/m-p/2425553#M309 vansummeren 2021-06-08T08:48:40Z Receiving notification for deleted non series-master events https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/receiving-notification-for-deleted-non-series-master-events/m-p/2371572#M304 <P>Hello,<BR /><BR /></P><P>Is it possible to have an information about a deleted occurrence in a series, using the Graph API ?<BR />Or is the only solution to retrieve the series-master, fetch all occurrences and find the one who has been deleted by comparing the result with the data stored on our side?<BR /><BR /></P><P>I've subscribed to change notifications and it works great if you get an update on an occurrence, e.g. a changed start time for an occurrence. In that case when you call /instances you correctly get an exception for that specific occurrence.</P><P>On the other hand if you delete an occurrence there is no exception when you call /instances. The corresponding occurrence json object is simply removed from the JSON response in that case. This is not really handy when you get an update. How do you know which occurrence is to be removed? Only way seems to re-import everything. Do you have better suggestions?</P><P><BR />Thank you for your time.</P><P><BR /><BR /></P> Thu, 20 May 2021 12:04:06 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/receiving-notification-for-deleted-non-series-master-events/m-p/2371572#M304 finrodFelagund 2021-05-20T12:04:06Z Purchase office365 licenses using Microsoft Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/purchase-office365-licenses-using-microsoft-graph-api/m-p/2412407#M301 <P>Can I purchase office365 licenses with the Microsoft Graph API?<BR />I haven't seen anything in the documentation and the only thing I found on the internet was this old link to stack overflow that says it's not possible -&nbsp;<A href="#" target="_blank">https://stackoverflow.com/questions/42826726/buy-o365-sku-license-via-graph-api/42846931#42846931</A></P><P>Any help will be great!<BR /><BR /></P> Thu, 03 Jun 2021 13:38:31 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/purchase-office365-licenses-using-microsoft-graph-api/m-p/2412407#M301 jennie53197 2021-06-03T13:38:31Z How to Query with TimeRange Log Analytics https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-query-with-timerange-log-analytics/m-p/2394007#M297 <P>Hello!, im doing a query to log analytics to pass the data to a PowerApps,&nbsp;</P><P>in the Flow i call to the api of sentinel and i get the entities, i get the query (is dynamically never the same query) and i get the time range like this:</P><P>&nbsp;</P><LI-CODE lang="applescript">"additionalData": { "ProcessedBySentinel": "True", "Search Query Results Overall Count": "3", "Query Start Time UTC": "2021-05-27T19:22:07Z", "Query End Time UTC": "2021-05-27T20:22:07Z", "Analytic Rule Name": "Conexiones RDP no comunes", "Analytic Rule Ids": "[\"\"]", "Trigger Threshold": "0", "Trigger Operator": "GreaterThan", "Event Grouping": "SingleAlert", "Query Period": "01:00:00", "Data Sources": "[\"logazsentinel\"]", "Query": " QUERY", "Total Account Entities": "3", "Total IP Entities": "2", "Total Host Entities": "2" }</LI-CODE><P>The data what i need is between this time&nbsp;</P><LI-CODE lang="applescript">"Query Start Time UTC": "2021-05-27T19:22:07Z", "Query End Time UTC": "2021-05-27T20:22:07Z",</LI-CODE><P>&nbsp;and im calling the query like this:</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="madmvx_0-1622155133640.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/284477i69614995DCA65F0B/image-size/medium?v=v2&amp;px=400" role="button" title="madmvx_0-1622155133640.png" alt="madmvx_0-1622155133640.png" /></span></P><P>I check in the documentation and just i can query with the timespan</P><P>the timespan, just get me the results from the current time minus the hours especified like</P><P>is 5:40 PM and i put PT1H30M i get the results from 5:40PM to 4:10PM</P><P>&nbsp;</P><P>so the question i have: is posible to do something like: timespan:&nbsp;</P><LI-CODE lang="applescript">"timespan":"2021-05-27T19:22:07Z" betwenn "2021-05-27T20:22:07Z"</LI-CODE><P>&nbsp;</P><P><LI-USER uid="419776"></LI-USER>&nbsp;</P> Thu, 27 May 2021 22:45:27 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-query-with-timerange-log-analytics/m-p/2394007#M297 madmvx 2021-05-27T22:45:27Z Fetch Events of Sentinel incidents via Api https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/fetch-events-of-sentinel-incidents-via-api/m-p/2352697#M293 <P>Hello, i need to get the data of the Events related to a Incident of Sentinel but i don't find any info in the docs about that</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="image.png" style="width: 413px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/280598i0C8F1FFDA7DC9CCD/image-size/large?v=v2&amp;px=999" role="button" title="image.png" alt="image.png" /></span></P><P>I need in specifict that 2 events of that incident</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="madmvx_0-1620936715592.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/280599i956C46884326B4EF/image-size/medium?v=v2&amp;px=400" role="button" title="madmvx_0-1620936715592.png" alt="madmvx_0-1620936715592.png" /></span></P><P>@<SPAN>Chi_Nguyen</SPAN></P> Thu, 13 May 2021 20:13:49 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/fetch-events-of-sentinel-incidents-via-api/m-p/2352697#M293 madmvx 2021-05-13T20:13:49Z Graph Security sample event data, or sample event generator? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-sample-event-data-or-sample-event-generator/m-p/2344649#M292 <P>I would like to check if anyone aware of sample events, or built in native sample event generator?<BR />I have collected a few sample events in my own test tenant, but need much more to fully test my app.<BR /><BR />I have looked across the various potential sources below, and besides schema, I cant seam to find comprehensive sample event data - or a way in of the integrations below to generate any or random events with dummy data.&nbsp; Any ideas?<BR /><BR />Azure Security Center</P><P>Azure Active Directory Identity Protection*</P><P>Microsoft Cloud App Security</P><P>Microsoft Defender Advanced Threat Protection*</P><P>Azure Advanced Threat Protection*</P><P>Office 365*</P><P>Azure Information Protection</P><P>&nbsp;</P><P>Cheers,<BR /><BR />Jason</P> Tue, 11 May 2021 13:52:45 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-sample-event-data-or-sample-event-generator/m-p/2344649#M292 gomesian 2021-05-11T13:52:45Z 403 Forbidden response from Surfacehub device https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/403-forbidden-response-from-surfacehub-device/m-p/2281079#M290 <P>My mailbox in O365 and when trying to login and trying to see my meetings error with retrieving</P><P>and i just run the graph explore to check my outlook calendar got below error? i can run this on my computer no errors.&nbsp; i accepted the permission but still not working today?&nbsp;&nbsp;</P><P>But this is intermittence.&nbsp;&nbsp;</P><P>&nbsp;</P><P>How do i fix this?</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="GE2.jpg" style="width: 614px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/274564iB1446C176ACF4278/image-size/large?v=v2&amp;px=999" role="button" title="GE2.jpg" alt="GE2.jpg" /></span></P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="GE3.jpg" style="width: 637px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/274565i85F7A54B881DD9C0/image-size/large?v=v2&amp;px=999" role="button" title="GE3.jpg" alt="GE3.jpg" /></span></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="GE4.jpg" style="width: 438px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/274566iB7F9B55AE5E7F7A1/image-size/large?v=v2&amp;px=999" role="button" title="GE4.jpg" alt="GE4.jpg" /></span></P><P>&nbsp;</P> Thu, 22 Apr 2021 02:22:48 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/403-forbidden-response-from-surfacehub-device/m-p/2281079#M290 aussupport 2021-04-22T02:22:48Z Include scope of Information Protection Labels in the response /informationProtection/policy/labels https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/include-scope-of-information-protection-labels-in-the-response/m-p/2274357#M289 <P>In the compliance center we can see the scope of the labels</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HolisticCoder_0-1618489358922.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273034i0838F48B2C4BE5F4/image-size/medium?v=v2&amp;px=400" role="button" title="HolisticCoder_0-1618489358922.png" alt="HolisticCoder_0-1618489358922.png" /></span></P><P>&nbsp;</P><P><BR />This information should be included in the&nbsp;informationProtectionLabel<SPAN>&nbsp;resource we get as response from Graph, our use case is that we want to label M365 groups, but if there are e.g. document specific labels we can't differentiate between them since using only Microsoft Graph.<BR /></SPAN></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="HolisticCoder_1-1618489359074.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/273035iA494CF8D1050913F/image-size/medium?v=v2&amp;px=400" role="button" title="HolisticCoder_1-1618489359074.png" alt="HolisticCoder_1-1618489359074.png" /></span></P><P>(Copy of my post, but in this forum instead)</P> Thu, 15 Apr 2021 12:23:29 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/include-scope-of-information-protection-labels-in-the-response/m-p/2274357#M289 HolisticCoder 2021-04-15T12:23:29Z Error running a playbook using Graph Security connector https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-running-a-playbook-using-graph-security-connector/m-p/2261367#M287 <P>Hi guys,&nbsp;</P><P>&nbsp;</P><P>I am trying to take the O365 Security Centre's alerts via Graph Security connector and want to select only those alerts which were updated in last 5 mins because I am running a recurrence loop of 5 mins as the first step of the flow.</P><P>But while doing this, it's throwing me the error of :</P><DIV><DIV><SPAN>error"</SPAN><SPAN>:</SPAN><SPAN>&nbsp;</SPAN><SPAN>{</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>"code"</SPAN><SPAN>:</SPAN><SPAN>&nbsp;</SPAN><SPAN>"BadRequest"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>"message"</SPAN><SPAN>:</SPAN><SPAN>&nbsp;</SPAN><SPAN>"Invalid&nbsp;filter&nbsp;clause"</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>When I remove the time filter, it works fine, but then it's of no use because I want notifications only&nbsp; for new updated alerts.</SPAN></DIV><DIV><SPAN>This is what I am using to filter :&nbsp;&nbsp;</SPAN>addMinutes(utcNow(),&nbsp;-5)</DIV><DIV><SPAN>Can somebody please help me out in this? Please.</SPAN></DIV></DIV> Thu, 08 Apr 2021 14:46:49 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-running-a-playbook-using-graph-security-connector/m-p/2261367#M287 Yash_Mudaliar 2021-04-08T14:46:49Z Microsoft Grapth Selective Permissions. https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-grapth-selective-permissions/m-p/2254232#M283 <P>Hello Community,</P><P>&nbsp;</P><P>I would like to ask a question about the permissions that we can assign to a Application through the Azure Active Directory.</P><P>Is there a way to supply an Application all the required permissions to OneDrive through MS Graph but for a User's OneDrive and only that User's OneDrive?</P> Mon, 05 Apr 2021 16:11:38 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-grapth-selective-permissions/m-p/2254232#M283 jimas_1966 2021-04-05T16:11:38Z Connecting to multiple tenants/directories https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connecting-to-multiple-tenants-directories/m-p/2247990#M282 <P>I want to create a PowerBI dashboard that contains data from multiple tenants that we have. I am a guest user in them with the Global Admin role available. I understand that I need to create an app in each tenant but I can't figure out how I'm supposed to actually make the connection to each tenant. When I log in I'm doing this to the primary tenants, when I'm in the browser, i can switch directories to get to each Identity Secure score, how can I do something similar in PowerBI?</P> Wed, 31 Mar 2021 22:53:06 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connecting-to-multiple-tenants-directories/m-p/2247990#M282 Dean Gross 2021-03-31T22:53:06Z Enterprise App To Run Logic App Query https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/enterprise-app-to-run-logic-app-query/m-p/2242605#M281 <P>Hello,</P><P>&nbsp;</P><P>I'm wondering if anyone knows how or has had any success in creating an Enterprise App in Azure that can be used to "Run query and list results" using Azure Monitor logs in a Logic App? I can't seem to find the proper API permissions to give it access to run the query.</P> Mon, 29 Mar 2021 14:56:47 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/enterprise-app-to-run-logic-app-query/m-p/2242605#M281 zposz365 2021-03-29T14:56:47Z Excel API data in JSON format from Excel https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/excel-api-data-in-json-format-from-excel/m-p/2158246#M279 <P>Dear All,</P><P>&nbsp;</P><P>We are currently working with Microsoft.Graph for manipulation and computation to read excel file from OneDrive and convert it into object which could be easily used in .Net platform.</P><P>&nbsp;</P><P>While we are able to get entire table rows from excel file into CSV format. However, we are dealing with huge dataset and therefore converting each CSV row into C# table format is resource intensive and time consuming which is impacting our productivity.</P><P>&nbsp;</P><P>I am therefore reaching out to you to request your help in identifying an alternative solution which is similar to Spire.xls/gembox that provides us with a table object which could be directly used for front end which also provide output in 4-5 seconds</P><P>&nbsp;</P><P>We are looking for ways in which we can get it in the JSON format which can be consumed in the front end which is Angular 7 in a quick and efficient way.&nbsp;</P><P>&nbsp;</P><P>There is likely to be fast interactions between the Angular 7 front end and the connected Excel file wherein the connected file would have the computations while the Angular front end would act as the Input data collector.&nbsp;</P><P>&nbsp;</P><P>Any help would be great. it is quite urgent.</P><P>&nbsp;</P><P>Regards</P> Tue, 23 Feb 2021 07:41:28 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/excel-api-data-in-json-format-from-excel/m-p/2158246#M279 arbitram 2021-02-23T07:41:28Z Automation to Pull Security Related info/configurations from Windows 2012 R2 and SQL 2014 SP2 Server https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/automation-to-pull-security-related-info-configurations-from/m-p/2051022#M277 <P>Hi Guys - Looking for a most feasible option to fetch/pull, collect Security Related configuration and settings from Microsoft Windows 2012 R2 and SQL Server 2014 SP2 using an automated mechanism.</P><P>&nbsp;</P><P>Our solution needs to connect to one or multiple windows servers using a local agent (micro services based docker) installed on a VM on-prem, collect the data using API/SSH then upload that data to our cloud controller for analysis/ML models and display the output on a dashboard</P><P>&nbsp;</P><P>These are the three options that we have identified so far for evaluation and looking for some guidance:</P><P>&nbsp;</P><P>1)&nbsp;<A href="#" target="_blank" rel="noopener">https://www.microsoft.com/en-us/download/details.aspx?id=55319</A>&nbsp; - This runs on local machine only (no API available?)</P><P>2)&nbsp;<A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/graph/security-concept-overview </A></P><P>3)&nbsp;<A href="#" target="_blank" rel="noopener">https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/management-apis</A></P><P>&nbsp;</P><P>Can someone here help with pointers which one is most suitable to accomplish the task as outlined above OR suggest a better option.</P><P>&nbsp;</P><P>Thanks in advance!</P> Mon, 11 Jan 2021 23:18:12 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/automation-to-pull-security-related-info-configurations-from/m-p/2051022#M277 Saeed_A480 2021-01-11T23:18:12Z Secure score Graph API compatibility with Secure Score V2 https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/secure-score-graph-api-compatibility-with-secure-score-v2/m-p/1881032#M276 <P>Hello,</P><P>&nbsp;</P><P>As mention here :&nbsp;<A href="#" target="_blank">https://docs.microsoft.com/fr-fr/microsoft-365/security/mtp/microsoft-secure-score-whats-new?view=o365-worldwide</A></P><P>&nbsp;</P><P>There is an incompatibility with Identity Secure Score and Graph API : "</P><DIV><SPAN>In time, Identity Secure Score and the Graph API will adopt the new scoring model.</SPAN> <SPAN>Until then, customers will see differences in the scores reported by Microsoft Secure Score, Identity Secure Score, and the Graph API.</SPAN> <SPAN>We apologize for any inconvenience this causes, and are working to ensure these experiences are more compatible in the future."</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Do you have any release date to fix this ?</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Thanks,</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Benjamin</SPAN></DIV> Thu, 12 Nov 2020 15:18:55 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/secure-score-graph-api-compatibility-with-secure-score-v2/m-p/1881032#M276 Benjamin_Chebrou 2020-11-12T15:18:55Z Graph Security API - Specific service permissions? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-api-specific-service-permissions/m-p/1878682#M275 <P>We have configured our application and granted "SecurityEvents.ReadAll" permissions to be able to pull alerts, and we can see alerts from Sentinel,Security Center, Microsoft 365 Alerts and so forth. From my research it seems the scope for Graph permissions are the following. Is it possible to limit an application to pull <STRONG>ONLY </STRONG>Security Center or Sentinel alerts?</P><P>Permission Entity Supported requests</P><TABLE><TBODY><TR><TD>SecurityActions.Read.All</TD><TD>• <A href="#" target="_blank" rel="noopener">securityActions</A> (preview)</TD><TD>GET</TD></TR><TR><TD>SecurityActions.ReadWrite.All</TD><TD>• <A href="#" target="_blank" rel="noopener">securityActions</A> (preview)</TD><TD>GET, POST</TD></TR><TR><TD>SecurityEvents.Read.All</TD><TD>• <A href="#" target="_blank" rel="noopener">alerts</A><BR />• <A href="#" target="_blank" rel="noopener">secureScores</A><BR />• <A href="#" target="_blank" rel="noopener">secureScoreControlProfiles</A></TD><TD>GET</TD></TR><TR><TD>SecurityEvents.ReadWrite.All</TD><TD>• <A href="#" target="_blank" rel="noopener">alerts</A><BR />• <A href="#" target="_blank" rel="noopener">secureScores</A><BR />• <A href="#" target="_blank" rel="noopener">secureScoreControlProfiles</A></TD><TD>GET, POST, PATCH</TD></TR><TR><TD>ThreatIndicators.ReadWrite.OwnedBy</TD><TD>• <A href="#" target="_blank" rel="noopener">tiIndicator</A> (preview)</TD><TD>GET, POST, PATCH, DELETE</TD></TR></TBODY></TABLE><P>&nbsp;</P><P>PS I know you can filter them out, but I want to limit the applications from being able to pull them in the first place.</P> Wed, 11 Nov 2020 23:22:13 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-api-specific-service-permissions/m-p/1878682#M275 ajiwanand 2020-11-11T23:22:13Z Exporting Security Logs via Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exporting-security-logs-via-graph-api/m-p/1875454#M274 <P>Does Microsoft has defined use cases that support Graph API to export security logs from below Microsoft security solutions</P><P>1. Microsoft Azure Information Protection</P><P>2. Microsoft Office365 DLP</P><P>3. Microsoft O365 Advanced Email Security</P><P>4. Microsoft Active Directory Threat Protection</P><P>5. Microsoft Endpoint DLP</P><P>6. Microsoft CASB</P><P>7. Microsoft defender AV and ATP</P> Wed, 11 Nov 2020 08:40:57 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exporting-security-logs-via-graph-api/m-p/1875454#M274 rasoolirfan 2020-11-11T08:40:57Z Initiative cloud sponsor https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/initiative-cloud-sponsor/m-p/1723679#M270 Eshake initiative now! Tue, 29 Sep 2020 10:38:34 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/initiative-cloud-sponsor/m-p/1723679#M270 motrfiedbiz 2020-09-29T10:38:34Z Exporting Defender AV logs to SIEM via Security Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exporting-defender-av-logs-to-siem-via-security-graph-api/m-p/1668120#M269 <P>Looking for deployment/ integration methods for exporting Microsoft Defender AV logs to 3rd party SIEM via Security Graph API. Does anyone implemented this solution</P> Tue, 15 Sep 2020 11:13:32 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exporting-defender-av-logs-to-siem-via-security-graph-api/m-p/1668120#M269 rasoolirfan 2020-09-15T11:13:32Z Latency and Time line of data returned by Microsoft Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/latency-and-time-line-of-data-returned-by-microsoft-graph/m-p/1570195#M254 <P>Hi All,</P> <P>&nbsp;</P> <P>What is the the latency of data returned by Microsoft Graph Security API i.e.alert, Secure score.</P> <P>&nbsp;</P> <P>We are planning to use below Power BI connector to fetch Security API data in Power BI. What is the frequency of data returned i.e. last 180 days. 90 days etc.&nbsp;</P> <P><A href="#" target="_blank">https://docs.microsoft.com/en-us/power-bi/connect-data/desktop-connect-graph-security</A></P> <P>&nbsp;</P> <P>Appreciate the responses. Thanks !!</P> Thu, 06 Aug 2020 09:27:40 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/latency-and-time-line-of-data-returned-by-microsoft-graph/m-p/1570195#M254 abhsha8891 2020-08-06T09:27:40Z IP Information from Alerts - Results vary from other IP lookup services. https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/ip-information-from-alerts-results-vary-from-other-ip-lookup/m-p/1567061#M253 <P>Hi, when checking alerts on customer environments, I see a few times, if I have an impossible travel alert, that the offending IP address might resolve to one location in the Graph API, but if I check the same IP address in for example IPInfo.io to see who the provider is, the location does not correspond.</P><P>&nbsp;</P><P>Microsoft may show it as US while IPInfo shows it as Sweden, if I check other similar services, they most agree with IPInfo's result.&nbsp;</P><P>&nbsp;</P><P>The offending IP may be a VPN service, and this is why I see these diffferences?&nbsp;</P><P>Anyone else see similar?</P> Wed, 05 Aug 2020 11:29:23 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/ip-information-from-alerts-results-vary-from-other-ip-lookup/m-p/1567061#M253 Tore_Melberg 2020-08-05T11:29:23Z Teams/Graph https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/teams-graph/m-p/1549138#M248 <P>Buena tarde a todos, quisiera saber si existe alguna sentencia, etc que pueda utilizar para enviar invitaciones a partir de un csv, es decir capturar en un csv que tiene la cuenta de correo electronico, fecha y hora de la invitacion y que dispare el proceso de forma masiva,,&nbsp; y que quede agendado en mi teams, que la invitado por su puesto le llegue la invitacion.</P><P>&nbsp;</P><P>Gracias!!</P> Tue, 28 Jul 2020 00:56:59 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/teams-graph/m-p/1549138#M248 haqui15 2020-07-28T00:56:59Z Issue with Microsoft Graph Security Powershell and exporting. https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/issue-with-microsoft-graph-security-powershell-and-exporting/m-p/1519644#M246 <P>Hi everyone,</P> <P>&nbsp;</P> <P>I am on the Power Bi team and working with a customer who is trying to export their Microsoft Graph Security Data into a CSV file. They are able to connect and see the data in Powershell, but when they export to csv it is not showing the information properly.&nbsp;</P> <P>&nbsp;</P> <P>They are using the following blog:</P> <P>- <STRONG><A href="https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/it-pros-can-now-easily-connect-to-microsoft-graph-security-with/ba-p/399308" target="_blank">https://gorovian.000webhostapp.com/?exam=t5/microsoft-security-and/it-pros-can-now-easily-connect-to-microsoft-graph-security-with/ba-p/399308</A></STRONG></P> <P>&nbsp;</P> <P>The Powershell command they use is the following to export -&gt; <STRONG>Get-GraphSecuritySecureScore | Export-Csv -NoTypeInformation .\Securityscores.csv</STRONG></P> <P>&nbsp;</P> <P>Will attach the csv file to show that the data they are getting once they export where it just shows "System.Object"&nbsp; &nbsp;</P> <P>&nbsp;</P> <P>Please let me know if anything else is needed.</P> Mon, 13 Jul 2020 18:56:00 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/issue-with-microsoft-graph-security-powershell-and-exporting/m-p/1519644#M246 doada 2020-07-13T18:56:00Z Licensing when using Microsoft Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/licensing-when-using-microsoft-graph-api/m-p/1463350#M244 <P>Hi, I struggle to find out if there are any limitations on how you can use the alerts you have available in the Graph API.&nbsp;</P><P>&nbsp;</P><P>If I have 300 users, and I have 1 Azure AD Premium P2 license in my tenant, is this ok for me to read the alerts available in Graph for my users?</P><P>&nbsp;</P><P>What is the general guidelines for use of Graph API information and licensing?&nbsp;</P><P>&nbsp;</P><P>Regards</P><P>Tore Melberg</P> Mon, 15 Jun 2020 13:40:57 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/licensing-when-using-microsoft-graph-api/m-p/1463350#M244 Tore_Melberg 2020-06-15T13:40:57Z ID of the Resource that generated the Secure Score Control https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/id-of-the-resource-that-generated-the-secure-score-control/m-p/1451803#M240 <P>How can I identify what resource is the one that generated a specific Control Score?</P><P><BR />For example, consider the payload:</P><LI-CODE lang="json">{ "controlCategory": "Identity", "controlName": "BlockLegacyAuthentication", "description": "Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols.\n\nYou have 6 of 6 users that don't have legacy authentication blocked.", "score": 0, "total": "6", "count": "6" }</LI-CODE><P>How do I know which users have problems?<BR /><BR />Thanks!<BR /><BR /></P> Tue, 09 Jun 2020 18:02:07 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/id-of-the-resource-that-generated-the-secure-score-control/m-p/1451803#M240 igventurelli 2020-06-09T18:02:07Z Graph Security API sandbox (subscription) https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-api-sandbox-subscription/m-p/1451756#M239 <P>How do we create a developer sandbox or utilize sample data for Graph Security development?&nbsp;</P> <P>&nbsp;</P> <P>We have a major need for this but it looks like there is a way to create data for the O365 Graph.</P> Tue, 09 Jun 2020 17:47:17 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-security-api-sandbox-subscription/m-p/1451756#M239 isaacroitman 2020-06-09T17:47:17Z Listing alerts in the Security & Compliance Center in enabling Office 365 Cloud App Security https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/listing-alerts-in-the-security-amp-compliance-center-in-enabling/m-p/1398163#M227 <P>Hi,</P><P>after enabling&nbsp;Office 365 Cloud App Security,&nbsp;/security/alerts returns no alerts in&nbsp;the Security &amp; Compliance Center.</P><P>A blog post&nbsp;<A href="https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888" target="_blank">https://gorovian.000webhostapp.com/?exam=t5/azure-sentinel/ingesting-office-365-alerts-with-graph-security-api/ba-p/984888</A>&nbsp;indicates it is possible, but&nbsp;/security/alerts?$filter=vendorInformation/provider eq 'Office 365 Security and Compliance' returns no values.</P><P>How can I list&nbsp;alerts in the Security &amp; Compliance Center?</P><P>Thanks.</P> Mon, 18 May 2020 03:37:21 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/listing-alerts-in-the-security-amp-compliance-center-in-enabling/m-p/1398163#M227 simayosi 2020-05-18T03:37:21Z Enable others to integrate with our products through the Microsoft Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/enable-others-to-integrate-with-our-products-through-the/m-p/1396883#M226 <P>hi team,</P><P><SPAN>Graph Explorer API methods include, <A href="#" target="_blank" rel="noopener">Get alert</A>,&nbsp;<A href="#" target="_blank" rel="noopener">Update alert</A>,&nbsp;<A href="#" target="_blank" rel="noopener">List alerts</A></SPAN></P><P><SPAN>how do i add new alert (post alert),</SPAN></P><P><SPAN>i need a way to create custom provider so graph security api will show our custom alerts</SPAN></P><P>&nbsp;</P> Sun, 17 May 2020 13:56:28 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/enable-others-to-integrate-with-our-products-through-the/m-p/1396883#M226 haimmag 2020-05-17T13:56:28Z Graph Explorer API to list all service principals in App registration is not working correctly https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-explorer-api-to-list-all-service-principals-in-app/m-p/1395491#M225 <P>Hi Team,</P><P>&nbsp;</P><P>Graph Explorer API to list all service principals in app registration is not listing all service principals in azure ad.</P><P><A href="#" target="_blank">https://docs.microsoft.com/en-us/graph/api/resources/application?view=graph-rest-1.0</A></P><P>&nbsp;</P><P>&nbsp;</P> Sat, 16 May 2020 14:48:31 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-explorer-api-to-list-all-service-principals-in-app/m-p/1395491#M225 Sagar_Lad 2020-05-16T14:48:31Z Subscriptions for Bookings https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/subscriptions-for-bookings/m-p/1360837#M221 <P>I'm trying to create a subscription for the Microsoft Bookings app through Graph but I'm having some issues. First of all, I'm getting an error saying</P><LI-CODE lang="applescript">"message": "Subscription validation request failed. Response must exactly match validationToken query parameter.",</LI-CODE><P>and am not seeing any docs that say I can connect to it through Graph. Does anyone have any knowledge on this?</P> Tue, 05 May 2020 17:07:15 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/subscriptions-for-bookings/m-p/1360837#M221 timparsons 2020-05-05T17:07:15Z Defender ATP - Lookup Hash and Domain https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/defender-atp-lookup-hash-and-domain/m-p/1358103#M219 <P>Defender ATP console is able to show that a hash or a domain has been previously seen on the hosts in the tenant.&nbsp; is there an graph API that could be leveraged to&nbsp; search for hosts with that hash or have seen traffic to a domain.&nbsp;</P> Mon, 04 May 2020 16:13:44 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/defender-atp-lookup-hash-and-domain/m-p/1358103#M219 Vaman-Kini 2020-05-04T16:13:44Z Unable to fetch profile photo https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/unable-to-fetch-profile-photo/m-p/1349446#M218 <P><SPAN>I have an Ionic app where I am using MSAL plugin&nbsp;</SPAN><A href="#" rel="nofollow" target="_blank">https://www.npmjs.com/package/@azure/msal-angular</A><SPAN>&nbsp;to login the user and it is following&nbsp;</SPAN><A href="#" rel="nofollow" target="_blank">https://docs.microsoft.com/en-us/azure/active-directory/develop/v2-oauth2-implicit-grant-flow</A><SPAN>&nbsp;flow to get the Oauth2 token. When I am using that token as Bearer token to access the photo via&nbsp;</SPAN><A href="#" rel="nofollow" target="_blank">https://graph.microsoft.com/v1.0/me/photo/$value</A><SPAN>&nbsp;I am getting the following error in Postman:-</SPAN><BR /><SPAN>{</SPAN><BR /><SPAN>"error": {</SPAN><BR /><SPAN>"code": "InvalidAuthenticationToken",</SPAN><BR /><SPAN>"message": "Access token validation failure. Invalid audience.",</SPAN><BR /><SPAN>"innerError": {</SPAN><BR /><SPAN>"request-id": "45adeff2-479b-48fb-b7af-0fb3f60f7620",</SPAN><BR /><SPAN>"date": "2020-04-24T08:56:29"</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>}</SPAN><BR /><SPAN>And when I am trying to use it via the app, I am getting 401 Unauthorized error.</SPAN></P> Thu, 30 Apr 2020 10:34:23 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/unable-to-fetch-profile-photo/m-p/1349446#M218 SnehalJ1509 2020-04-30T10:34:23Z Universal Print Create Print Job Memtype Properties https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/universal-print-create-print-job-memtype-properties/m-p/1323392#M214 <P><FONT>Hello everyone, I am currently using the <STRONG>Universal Print Create Print Job API</STRONG> and am having a problem with the <STRONG>memType property of PrintDocument</STRONG>. </FONT></P><P>&nbsp;</P><P><FONT>I tried the values like <STRONG>application/pdf</STRONG> and <STRONG>application/msword</STRONG> but the server returned the code 415 and the message "<STRONG>Unsupported document-format:</STRONG> application/pdf"</FONT></P><P>&nbsp;</P><P><FONT>This is document&nbsp;<BR /></FONT></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="hungnq39_0-1587452926571.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/185542i2C1D408680EAFC2C/image-size/medium?v=v2&amp;px=400" role="button" title="hungnq39_0-1587452926571.png" alt="hungnq39_0-1587452926571.png" /></span></P><P>My Dummy Data&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="hungnq39_0-1587453138514.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/185544iB09180E503A8BB4F/image-size/medium?v=v2&amp;px=400" role="button" title="hungnq39_0-1587453138514.png" alt="hungnq39_0-1587453138514.png" /></span></P><P>&nbsp;</P><P>And This is Response after I call API&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="hungnq39_1-1587452999854.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/185543iAE0519CCA07240C9/image-size/medium?v=v2&amp;px=400" role="button" title="hungnq39_1-1587452999854.png" alt="hungnq39_1-1587452999854.png" /></span></P><P>&nbsp;</P><P><FONT><BR />Please tell me which attribute is valid to be able to create printJob</FONT></P> Tue, 21 Apr 2020 07:12:27 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/universal-print-create-print-job-memtype-properties/m-p/1323392#M214 hungnq39 2020-04-21T07:12:27Z Microsoft.SecurityInsights Api Documentation https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-securityinsights-api-documentation/m-p/1317920#M213 <P>Hi,</P><P>&nbsp;</P><P>I'm looking for&nbsp;Microsoft.SecurityInsights Api documentation for fetching incidents and alerts. I think its preview. Any advice would be appreciated.</P><P>&nbsp;</P><P>Best</P><P>Jasmine</P> Sat, 18 Apr 2020 11:45:52 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-securityinsights-api-documentation/m-p/1317920#M213 jojo_the_coder 2020-04-18T11:45:52Z Getting members of local admin group https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-members-of-local-admin-group/m-p/1312241#M211 <P>Hi, is there a way with Microsoft Graph (or any other method) to query every AAD joined device and export the members of the local administrators group?</P><P>Thanks</P> Thu, 16 Apr 2020 10:03:15 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-members-of-local-admin-group/m-p/1312241#M211 neilcarden 2020-04-16T10:03:15Z Retrieve MIP labels that have been assigned to O365 mail messages ? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieve-mip-labels-that-have-been-assigned-to-o365-mail/m-p/1276901#M209 <P>When using the Graph API is it possible to retrieve the MIP label that has been assigned to an O365 mail message. I've been using the Graph Explore to examine the Metadata that is associated with mail messages but can not see any reference to the MIP label that has been assigned to mail messages.</P> Thu, 02 Apr 2020 21:51:19 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieve-mip-labels-that-have-been-assigned-to-o365-mail/m-p/1276901#M209 Storexltd 2020-04-02T21:51:19Z Inaccurate Graph API Results https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/inaccurate-graph-api-results/m-p/1269488#M207 <P>For some odd reason the results that I am getting from the Graph Security API the past two days are inaccurate and I can't for the life of me figure out why.</P><P>&nbsp;</P><P>If I query&nbsp;<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts</A>&nbsp;I am returned 7 old alerts without any obvious relationship, rhyme, or reason for populating my results. These are not the 7 most recent, and we have had more than 7 alerts.</P><P>&nbsp;</P><P>For example, when attempting to append&nbsp;<SPAN>$filter=vendorInformation/provider eq 'Microsoft Defender ATP' I receive:</SPAN></P><P><SPAN>&nbsp;</SPAN></P><DIV><DIV><SPAN>{</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>"@odata.context"</SPAN><SPAN>:&nbsp;</SPAN><SPAN>"<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/$metadata#Security/alerts</A>"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp;&nbsp;&nbsp;&nbsp;</SPAN><SPAN>"value"</SPAN><SPAN>:&nbsp;[]</SPAN></DIV><DIV><SPAN>}</SPAN></DIV><DIV>&nbsp;</DIV><DIV>This issue appears to extend for me across all of the MTP services.</DIV><DIV>&nbsp;</DIV><DIV>I can see the alerts within MDATP, and others like MCAS and ASC for example when navigating directly to those portals or&nbsp;querying their platform specific api's, like</DIV><DIV><A href="#" target="_blank" rel="noopener">https://api-us.securitycenter.windows.com/api/alerts</A>&nbsp;for example.</DIV><DIV>&nbsp;</DIV><DIV>I am getting data returned, it is just not the right data.</DIV><DIV>&nbsp;</DIV><DIV>I am utilizing a Postman App registration with the&nbsp;<SPAN>SecurityEvents.Read.All and&nbsp;SecurityEvents.ReadWrite.All "Granted for MYDOMAIN".</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>I feel like I am missing something here. Any one else having issues? More than happy to share additional details that would be useful.</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>UPDATE 04/01/2020 - I run the exact same queries and am receiving the correct results after letting things sit over night. This leads me to believe that there was something service health related.</SPAN></DIV><DIV>&nbsp;</DIV><DIV><SPAN>Any tips on running things like that down in the future?</SPAN></DIV></DIV> Wed, 01 Apr 2020 14:08:39 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/inaccurate-graph-api-results/m-p/1269488#M207 kylemiller061 2020-04-01T14:08:39Z No funciona el cambio de usuario en el servicio de Power BI https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/no-funciona-el-cambio-de-usuario-en-el-servicio-de-power-bi/m-p/1256649#M204 <P>Buenas tardes,</P><P>He preparado un report en power Bi&nbsp; usando el conector de graph y , cuando lo subo al servicio, creando workspaces independientes y logandome en cada uno con un usuario diferente, al hacer un update de los datos me vuelve en los dos al usuario original</P><P>&nbsp;</P><P>Gracias</P><P>Luis</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 26 Mar 2020 19:00:59 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/no-funciona-el-cambio-de-usuario-en-el-servicio-de-power-bi/m-p/1256649#M204 lvillara 2020-03-26T19:00:59Z Fetch Azure Sentinel Incidents Via API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/fetch-azure-sentinel-incidents-via-api/m-p/1232275#M201 <P>Hi,</P><P>I want to fetch incidents from azure sentinel via api. As Sentinel hasn't API, I have to use Graph api. I need a sample or endpoint.</P><P>Any advice o document suggestion would be appreciated.</P><P>&nbsp;</P><P>Best</P><P>Yasemen</P><P>&nbsp;</P> Tue, 17 Mar 2020 11:06:52 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/fetch-azure-sentinel-incidents-via-api/m-p/1232275#M201 jojo_the_coder 2020-03-17T11:06:52Z change permission https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/change-permission/m-p/1206047#M196 <P>I am not sure if this space is correct to ask my question. I am an administrator of office 365 in an organization , and want to collect Teams presence information of our staff's. I can obtain my own presence info in JSON format using graph explorer (<A href="#" target="_blank">https://developer.microsoft.com/en-us/graph/graph-explorer</A>), though I cannot get my staff's presense infomation. Graph explorer shows Status code 403.</P><P>&nbsp;</P><P>Question - How can I get another person's presence information?</P><P>&nbsp;</P><P>GE shows following error.<BR />{<BR />"error": {<BR />"code": "Forbidden",<BR />"message": "Insufficient user permissions, cannot access this API.",<BR />"innerError": {<BR />"request-id": "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx,<BR />"date": "2020-03-03T08:58:13"<BR />}<BR />}<BR />}</P> Tue, 03 Mar 2020 08:59:53 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/change-permission/m-p/1206047#M196 toshikane 2020-03-03T08:59:53Z Getting Autorization_IdentityNotFound error on calling the Microsoft graph https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-autorization-identitynotfound-error-on-calling-the/m-p/1199653#M195 <P>I am trying to make a call to the Graph through the app registered in PPE environment. After getting the access token, when we try to make an HTTP sendAsync call, it throws an exception. Can you please help me investigate what is going wrong with the request here?</P> <P>&nbsp;</P> <P>Below are the details of the exception</P> <P>"Code: Authorization_IdentityNotFound\r\nMessage: The identity of the calling application could not be established.\r\n\r\nInner error\r\n"}</P> <P>client-request-id: 828b8819-0003-42f8-8f1e-2355adb58e25</P> Fri, 28 Feb 2020 00:03:31 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-autorization-identitynotfound-error-on-calling-the/m-p/1199653#M195 hachandw 2020-02-28T00:03:31Z odata filter for default domain https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/odata-filter-for-default-domain/m-p/1168901#M192 <P>how can I filter using odata the "default domain" for security reasons</P><P>&nbsp;</P><P>e.g. I can do:&nbsp;<A href="#" target="_blank">https://graph.microsoft.com/v1.0/organization?$select=verifiedDomains</A></P><P>&nbsp;</P><P>but I struggle to extract ?$filter=isDefault eq true</P><P>&nbsp;</P><P>&nbsp;</P> Wed, 12 Feb 2020 09:55:53 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/odata-filter-for-default-domain/m-p/1168901#M192 Oliver Funk 2020-02-12T09:55:53Z Is accessing the results in Microsoft.Security/complianceResults possible from the Security Graph? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/is-accessing-the-results-in-microsoft-security-complianceresults/m-p/1151486#M189 <P>So in Azure Policy there are lots of conditions where ASC looks into Microsoft.Security/complianceResults.</P><P>&nbsp;</P><P>I tried to access this data through a web request to the management plane directly:</P><P>&nbsp;</P><P><A href="#" target="_blank">https://management.azure.com/subscriptions/{subscriptionId}/providers/Microsoft.Security/complianceResults?api-version=2017-08-01</A></P><P>&nbsp;</P><P>Which only returns an empty array.</P><P>&nbsp;</P><P>Is there a way to get the right underlying data through the Security Graph instead? I tried looking around&nbsp;<A href="#" target="_blank">https://graph.microsoft.com/v1.0/security/complianceResults</A> but can't see anything like it there.&nbsp;</P> Tue, 04 Feb 2020 23:12:04 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/is-accessing-the-results-in-microsoft-security-complianceresults/m-p/1151486#M189 DanaEpp 2020-02-04T23:12:04Z How to get maximum scores by control Category? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-get-maximum-scores-by-control-category/m-p/1130653#M186 <P>Hi everyone,</P><P>I am starting to use the MS Graph connector from power by and I am trying to reproduce a very simple graph, I can get almost all the data except the maximum score per control category</P><P>In the next picture I can obtent 24/502 but for each category I'm able to obtain the score but not the maximum,&nbsp; for example -&gt; identity (18/223)&nbsp; I can obten the score 18 but not the maximum 223</P><P>&nbsp;</P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="clipboard_image_0.png" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/167429i8786226D82025AAC/image-size/medium?v=v2&amp;px=400" role="button" title="clipboard_image_0.png" alt="clipboard_image_0.png" /></span></P><P>Thanks in advance</P><P>Luis</P><P>&nbsp;</P><P>&nbsp;</P> Sun, 26 Jan 2020 19:59:39 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-get-maximum-scores-by-control-category/m-p/1130653#M186 lvillara 2020-01-26T19:59:39Z Access to ediscovery with Microsoft Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/access-to-ediscovery-with-microsoft-graph-security-api/m-p/1107410#M183 <P>Hi,&nbsp;</P><P>&nbsp;</P><P>We could not find any roadmap about ediscovery graph API access.</P><P><SPAN>How can we access to ediscovery without Microsoft Graph, as far as microsoft flow does not allow it either.. any idea ?&nbsp;</SPAN></P><P>&nbsp;</P><P><SPAN>Best</SPAN></P> Tue, 14 Jan 2020 13:48:17 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/access-to-ediscovery-with-microsoft-graph-security-api/m-p/1107410#M183 BenoitG 2020-01-14T13:48:17Z How do i get sharepoint data into node js using microsoft graph api https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-do-i-get-sharepoint-data-into-node-js-using-microsoft-graph/m-p/1042185#M178 <P>Hi,</P><P>I have followed following link to use microsoft graph API</P><P><A href="#" target="_blank">https://docs.microsoft.com/en-us/graph/tutorials/node</A></P><P>&nbsp;</P><P>I am&nbsp; new to graphAPI,I want to add sharepoint data to that , in link there is calendor data is added but i want to add sharepoint data into that app</P><P>How can&nbsp; i do that?</P><P>Please provide me information in&nbsp; details.</P><P>Guide me how to do that&nbsp;</P><P>&nbsp;</P><P>&nbsp;</P><P>Thanks</P> Mon, 02 Dec 2019 14:10:39 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-do-i-get-sharepoint-data-into-node-js-using-microsoft-graph/m-p/1042185#M178 tejaswini1010 2019-12-02T14:10:39Z Need help on searching a document from Sitepage in Sharepoint using Microsoft Graph https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/need-help-on-searching-a-document-from-sitepage-in-sharepoint/m-p/969384#M175 <DIV class="post-text"><P>I am working on SharePoint Integration where i am able to success using Microsoft Graph Explorer for a Site search using Drive id.</P><P>Here is how i am able search for a Single Site:</P><PRE><SPAN class="pln">https</SPAN><SPAN class="pun">:</SPAN><SPAN class="com">//graph.microsoft.com/v1.0/drives/b!I9A-JY94D0CQp-2TBvsUupBLMUF2SrJHp5VylC7DY8DpCdF-7uQ6NTp6t-MRD8/root/search(q='sharepoint')</SPAN></PRE><P>&nbsp;</P><P>Now i am trying to search in SitePage where we have Documents added. Can anyone please help me the api to be used in Graph Explorer to get the correct result</P><P>I am able to SitePage id using</P><PRE><SPAN class="pln">https</SPAN><SPAN class="pun">:</SPAN><SPAN class="com">//graph.microsoft.com/beta/sites/root/pages?$filter=name eq 'DevHome.aspx'</SPAN></PRE></DIV><DIV class="post-taglist grid gs4 gsy fd-column">&nbsp;</DIV> Thu, 31 Oct 2019 18:57:03 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/need-help-on-searching-a-document-from-sitepage-in-sharepoint/m-p/969384#M175 Abdul Azeez 2019-10-31T18:57:03Z Updating alerts with "Office 365 Security and Compliance" origin https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/updating-alerts-with-quot-office-365-security-and-compliance/m-p/921455#M171 <P>Hi,</P><P>Everytime we want to update an alert from&nbsp;<STRONG>Office 365 Security and Compliance&nbsp;</STRONG>using the graph api&nbsp;it throws a 404 error.<BR /><BR /></P><P>&nbsp;</P> Mon, 21 Oct 2019 08:48:35 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/updating-alerts-with-quot-office-365-security-and-compliance/m-p/921455#M171 Jordi Marchán Martínez 2019-10-21T08:48:35Z Lambda using graph api https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/lambda-using-graph-api/m-p/890501#M169 <P>Hi,</P><P>I try to use graph api in my AWS lambda function, but cannot get any response. Dose Graph API support AWS lambda?</P> Thu, 03 Oct 2019 06:51:23 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/lambda-using-graph-api/m-p/890501#M169 Eric_Zheng 2019-10-03T06:51:23Z Azure advanced thread protection alerts https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/azure-advanced-thread-protection-alerts/m-p/778798#M164 <P>Hi,</P><P>The security alert's api reads alerts from <STRONG>Azure ATP</STRONG>?</P><P>&nbsp;</P><P>&nbsp;</P> Tue, 30 Jul 2019 11:11:10 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/azure-advanced-thread-protection-alerts/m-p/778798#M164 Jordi Marchán Martínez 2019-07-30T11:11:10Z Retrieve alerts for a certain date (range)? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieve-alerts-for-a-certain-date-range/m-p/772895#M161 <P>Is it possible to retrieve alerts for a certain date?</P><P>My script gets a lot of alerts (for example 'Anonymous IP address' alerts), so I want to limit the amount of data.</P><P>I tested the filtering using the Graph Explorer: (<A href="#" target="_blank">https://developer.microsoft.com/en-us/graph/graph-explorer</A>)</P><P>Example 1) <A href="#" target="_blank">https://graph.microsoft.com/v1.0/security/alerts?$filter=Severity</A> eq 'High'</P><P>This is working fine; the returned data is limited to High severity alerts.</P><P>Example 2) I changed #1 to <A href="#" target="_blank">https://graph.microsoft.com/v1.0/security/alerts?$filter=eventDateTime</A> eq '2019-07-20T15:58:31Z'</P><P>In know that there is an item in the example data set that should match, but the query failed (Invalid filter clause).</P><P>So I am looking for another way to get the most recent alert (of just today or date range), for example with something like a sort of 'like' operator: $filter=eventDateTime like '2019-07-23'</P><P>Ofcource I can filter afterwards, but retrieving less data would better to speed up the processing of the alerts.</P><P>Any suggestions?</P><P>Thanks.</P> Thu, 25 Jul 2019 06:45:46 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieve-alerts-for-a-certain-date-range/m-p/772895#M161 Martijn Wenke 2019-07-25T06:45:46Z How to authenticate a script without user interaction? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-authenticate-a-script-without-user-interaction/m-p/754435#M156 <P>Hi,</P><P>&nbsp;</P><P>I want to get started with the Graph API. I am interested in automation, so all the 'Getting Started' documentation is not helpful, because it relies on user interaction during the authentication.</P><P>&nbsp;</P><P>I registered an app and granted it the <EM>User.Read.All</EM> API permission (type:application) and I created a client secret / application password.</P><P>&nbsp;</P><P>Now I'm stuck. Does anybody have a sample Python script that authenticates? And maybe even gets a list of users?</P><P>&nbsp;</P> Mon, 15 Jul 2019 09:41:12 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-authenticate-a-script-without-user-interaction/m-p/754435#M156 Daniel Niccoli 2019-07-15T09:41:12Z Error using get-graphsecurityalert https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-using-get-graphsecurityalert/m-p/750804#M155 <P>I'm getting the following error when executing&nbsp;get-graphsecurityalert.</P><P>&nbsp;</P><P>PS C:\get-graphsecurityalert</P><P><BR /><STRONG>get-graphsecurityalert : Request to <A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts/?$top=100&amp;$filter=</A> failed with HTTP Status Forbidden Forbidden</STRONG><BR />At line:1 char:1<BR />+ get-graphsecurityalert<BR />+ ~~~~~~~~~~~~~~~~~~~~~~<BR />+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException<BR />+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-GraphSecurityAlert</P><P>&nbsp;</P><P>I follow the instructions from the following URL:</P><P><A href="#" target="_blank" rel="noopener">https://blog.ciaops.com/2019/04/17/using-interactive-powershell-to-access-the-microsoft-graph/</A></P><P>&nbsp;</P><P>This is my first attempt to use Microsoft Graph.</P><P>&nbsp;</P><P>Thanks,</P><P>&nbsp;</P><P>-Larry</P><P>&nbsp;</P><P>&nbsp;</P> Thu, 11 Jul 2019 19:54:28 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-using-get-graphsecurityalert/m-p/750804#M155 Larry Jones 2019-07-11T19:54:28Z IPC alerts doesn't update using the api https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/ipc-alerts-doesn-t-update-using-the-api/m-p/733695#M150 <P>Our customers are trying to&nbsp;modify or resolve his alerts from IPC provider but nothing happens, the rest of the providers works fine.<BR />Is there any problem with the IPC's alerts?</P><P>&nbsp;</P><P>The API returns a 404 error.</P> Tue, 02 Jul 2019 11:21:40 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/ipc-alerts-doesn-t-update-using-the-api/m-p/733695#M150 Jordi Marchán Martínez 2019-07-02T11:21:40Z RiskScore The risk score of the user was updated https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/riskscore-the-risk-score-of-the-user-was-updated/m-p/730718#M148 <P>We started recieving this alert with high severity from provider Azure Identity Protection (IPC) yet there is no documentation available about this alerts so our customers are asking us well... basically what the heck is this high severity alert. Can you please provide information about this.</P><P>&nbsp;</P><P>Here's extract of one of the alerts with some hidden values:</P><P>&nbsp;</P><DIV><DIV><SPAN>"azureSubscriptionId"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"riskScore"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"tags"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"activityGroupName"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"assignedTo"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"category"</SPAN><SPAN>: </SPAN><SPAN>"RiskScore"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"closedDateTime"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"comments"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"confidence"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"createdDateTime"</SPAN><SPAN>: </SPAN><SPAN>"2019-06-28T03:18:40Z"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"description"</SPAN><SPAN>: </SPAN><SPAN>"The risk score of the user was updated"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"detectionIds"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"eventDateTime"</SPAN><SPAN>: </SPAN><SPAN>"2019-06-28T03:18:40Z"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"feedback"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"lastModifiedDateTime"</SPAN><SPAN>: </SPAN><SPAN>"2019-06-29T20:56:53.9713689Z"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"recommendedActions"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"severity"</SPAN><SPAN>: </SPAN><SPAN>"high"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"sourceMaterials"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"status"</SPAN><SPAN>: </SPAN><SPAN>"newAlert"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"title"</SPAN><SPAN>: </SPAN><SPAN>"RiskScore"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"vendorInformation"</SPAN><SPAN>: {</SPAN></DIV><DIV><SPAN>"provider"</SPAN><SPAN>: </SPAN><SPAN>"IPC"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"providerVersion"</SPAN><SPAN>: </SPAN><SPAN>"3.0"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"subProvider"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"vendor"</SPAN><SPAN>: </SPAN><SPAN>"Microsoft"</SPAN></DIV><DIV><SPAN>},</SPAN></DIV><DIV><SPAN>"cloudAppStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"fileStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"hostStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"historyStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"malwareStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"networkConnections"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"processes"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"registryKeyStates"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"triggers"</SPAN><SPAN>: [],</SPAN></DIV><DIV><SPAN>"userStates"</SPAN><SPAN>: [</SPAN></DIV><DIV><SPAN>{</SPAN></DIV><DIV><SPAN>"aadUserId"</SPAN><SPAN>: </SPAN><SPAN>"hidden"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"accountName"</SPAN><SPAN>: </SPAN><SPAN>"hidden"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"domainName"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"emailRole"</SPAN><SPAN>: </SPAN><SPAN>"unknown"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"isVpn"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"logonDateTime"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"logonId"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"logonIp"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"logonLocation"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"logonType"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"onPremisesSecurityIdentifier"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"riskScore"</SPAN><SPAN>: </SPAN><SPAN>"0"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"userAccountType"</SPAN><SPAN>: </SPAN><SPAN>null</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>"userPrincipalName"</SPAN><SPAN>: </SPAN><SPAN>"hidden"</SPAN></DIV><DIV><SPAN>}</SPAN></DIV><DIV><SPAN>],</SPAN></DIV><DIV><SPAN>"vulnerabilityStates"</SPAN><SPAN>: []</SPAN></DIV></DIV><P>&nbsp;</P><P>&nbsp;</P> Mon, 01 Jul 2019 06:36:58 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/riskscore-the-risk-score-of-the-user-was-updated/m-p/730718#M148 Christian Rodríguez Giménez 2019-07-01T06:36:58Z Error Creating Microsoft Team with Graph https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-creating-microsoft-team-with-graph/m-p/722569#M147 <P>I am working on some code that started having issues in the last couple weeks. I am able with application permissions to create an Office 365 Group. When I try to run the Graph call to add a Microsoft Team to the group I am getting the following error.</P> <P>&nbsp;</P> <PRE>Failed to execute Aad backend request GetTenantSubscribedSkusRequest. Request Url: https://graph.windows.net/{TENANTID}/subscribedSkus?api-version=1.6, Request Method: GET, Response Status Code: Unauthorized, Response Headers: ocp-aad-diagnostics-server-name: +EOS4aiuOEFJVZdbhjMw16/+oK92lidT3YUz+JU856Q= request-id: 5e6ed525-6b55-49be-841f-cd2d29a91793 client-request-id: cd4049d9-1a5e-4282-b6e9-e74d89ade546 Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Wed, 26 Jun 2019 18:15:53 GMT</PRE> <P>I have found, through testing, that if I create a team using the Graph Explorer on the created group or if I create a team through the Teams UI that my code will start working for 24 hours and then I start getting the same error again. It seems to me like there is something wrong with the setup of application permissions in the Teams Graph API. Any help would be appreciated. Having to have a user manually create a team once every 24 hours to make my code work is not an ideal scenario.</P> Wed, 26 Jun 2019 18:33:40 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/error-creating-microsoft-team-with-graph/m-p/722569#M147 Ryan Schouten 2019-06-26T18:33:40Z /security/alerts not returning data value: [] https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-alerts-not-returning-data-value/m-p/686398#M132 <P>All our customers now return value:[]&nbsp; We had data yesterday. Rechecked many tenants against their Azure AD Identity Protection and they DO have recent alerts. Not returned by graph api</P> Wed, 12 Jun 2019 07:56:14 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-alerts-not-returning-data-value/m-p/686398#M132 Christian Rodríguez Giménez 2019-06-12T07:56:14Z Input Sources Supported by Microsoft Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/input-sources-supported-by-microsoft-graph-security-api/m-p/680113#M131 <P>As currently supported providers are mainly Azure Products and some 3rd Party products like PaloAlto i wanted to know do we have any custom way something like JSON, Alerts from Kusto that can be used to ingest Alerts to Graph Security API and further create workflows on them?</P> Mon, 10 Jun 2019 08:57:33 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/input-sources-supported-by-microsoft-graph-security-api/m-p/680113#M131 RakeshM1500 2019-06-10T08:57:33Z Using Microsoft REST API to create/update security groups https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/using-microsoft-rest-api-to-create-update-security-groups/m-p/667909#M130 <P>Hi all,</P><P>&nbsp;</P><P>I am looking for a way to create security groups with custom extended attributes enabled, using Microsoft Graph REST API.</P><P>I can't find a way to do this using methods described <A href="#" target="_self">here</A> in a similar manner that I can do it using <A href="#" target="_self">powershell</A>.</P><P>Any advice/suggestion?</P> Tue, 04 Jun 2019 15:37:09 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/using-microsoft-rest-api-to-create-update-security-groups/m-p/667909#M130 mcliviu 2019-06-04T15:37:09Z Security Graph API beta securityAction https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-graph-api-beta-securityaction/m-p/665042#M129 <P>Hi guys,</P><P>&nbsp;</P><P>I see the that Microsoft has a new&nbsp;<A href="#" target="_self">Graph API (beta)</A> that handles security actions. what are those security actions? are they vendor specific? what're the available action? should I purchase a product in order to have those actions available?</P><P>&nbsp;</P><P>Thanks,</P> Mon, 03 Jun 2019 14:59:42 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/security-graph-api-beta-securityaction/m-p/665042#M129 oferdit 2019-06-03T14:59:42Z Graph API to invite user works only under "root" https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-api-to-invite-user-works-only-under-quot-root-quot/m-p/655320#M127 <P>I am trying to use Graph API to invite user to a folder that is hosted in SharePoint Online. I am using following API:</P><P>&nbsp;</P><P><SPAN><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/groups/{groupId}/drive/items/{itemId}/invite</A></SPAN></P><P>&nbsp;</P><P>When my folder that I am attempting to share is located under "Root" of document library no problem this works fine, but if my folder is located under "root/General" (because I want to be visible in teams easily API Returns error below. Any ideas?</P><P>&nbsp;</P><DIV><DIV><SPAN>{</SPAN></DIV><DIV><SPAN>&nbsp;"error"</SPAN><SPAN>: {</SPAN><SPAN><SPAN>&nbsp;</SPAN></SPAN></DIV><DIV><DIV><DIV><SPAN>&nbsp;"code"</SPAN><SPAN>: </SPAN><SPAN>"invalidRequest"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp;"message"</SPAN><SPAN>: </SPAN><SPAN>"The request is malformed or incorrect."</SPAN><SPAN>,</SPAN></DIV></DIV></DIV><DIV><SPAN>&nbsp; "innerError"</SPAN><SPAN>: {</SPAN></DIV><DIV><SPAN>&nbsp; &nbsp;"request-id"</SPAN><SPAN>: </SPAN><SPAN>"{id}"</SPAN><SPAN>,</SPAN></DIV><DIV><SPAN>&nbsp; &nbsp;"date"</SPAN><SPAN>: </SPAN><SPAN>"{date}"</SPAN></DIV><DIV><SPAN>&nbsp; }</SPAN></DIV><DIV><SPAN>&nbsp;}</SPAN></DIV><DIV><SPAN>}</SPAN></DIV></DIV> Wed, 29 May 2019 14:30:24 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-api-to-invite-user-works-only-under-quot-root-quot/m-p/655320#M127 Ivan Palikuca 2019-05-29T14:30:24Z PasswordLastChanged or PwdLastSet https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/passwordlastchanged-or-pwdlastset/m-p/547998#M121 <P>I'm trying to get the fields&nbsp;<SPAN>PasswordLastChanged or PwdLastSet so i can notify my users when they have to change their password but i dont know how to get that fields</SPAN></P> Wed, 08 May 2019 12:54:09 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/passwordlastchanged-or-pwdlastset/m-p/547998#M121 Ooster1 2019-05-08T12:54:09Z Issues in getting attachments from SharePoint list/library using Graph api https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/issues-in-getting-attachments-from-sharepoint-list-library-using/m-p/546158#M120 <P>Hi All,</P><P>I unable to get the actual attachement from the SharePoint list/library using the Microsoft graph api,</P><P>I am only getting the response as " Attachement: True" in the response.Please let me know is there any way to get the attachments from SharePoint.</P> Wed, 08 May 2019 11:41:56 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/issues-in-getting-attachments-from-sharepoint-list-library-using/m-p/546158#M120 sarawin kumar k 2019-05-08T11:41:56Z Topic search not working in People API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/topic-search-not-working-in-people-api/m-p/545752#M118 <P>For the past 1 month, the topic search is not working in the People API.</P><P>When a topic is added and the query is provided, an error message is shown below. I have tried it multiple user accounts, multiple topics and as well as with different tenants as well but the issue seems to persist.</P><P>Here is the API query provided and the error response:</P><P><A href="#" target="_blank">https://graph.microsoft.com/v1.0/me/people/?$search="topic</A>: microsoft"<BR />{<BR />"error": {<BR />"code": "ErrorInternalServerError",<BR />"message": "An internal server error occurred. The operation failed.",<BR />"innerError": {<BR />"request-id": "21856e34-e8b5-4caa-afa7-d0c596555c59",<BR />"date": "2019-05-05T10:01:55"<BR />}<BR />}<BR />}</P> Wed, 08 May 2019 09:16:07 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/topic-search-not-working-in-people-api/m-p/545752#M118 madhantce 2019-05-08T09:16:07Z Data SEcurity while using Graph APIs https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/data-security-while-using-graph-apis/m-p/518792#M115 <P>Hello All,</P><P>When we query for data using Microsoft Graph, is the data encrypted during transport? How does Microsoft make sure the data that is being transmitted during a graph api call is secure? Please share any articles / documentation that would help.</P> Thu, 02 May 2019 19:58:40 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/data-security-while-using-graph-apis/m-p/518792#M115 Dheepa Iyer 2019-05-02T19:58:40Z Alert Status column not updating properly for "Resolved" MCAS or IPC alerts https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/alert-status-column-not-updating-properly-for-quot-resolved-quot/m-p/500434#M112 <P>Anyone noticed that the "Alert Status" column for MCAS and IPC (Identity Protection) alerts doesn't properly reflect within the API when resolving alerts in the MCAS or Identity Protection portal? Other products seem to work (WDATP, O365 Security &amp; Compliance), however no matter what I do all my MCAS or IPC alerts come through to the API as "status = newAlert" even when I've resolved them all in the MCAS portal.</P> Mon, 29 Apr 2019 19:14:07 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/alert-status-column-not-updating-properly-for-quot-resolved-quot/m-p/500434#M112 Chris Stelzer 2019-04-29T19:14:07Z Utilizing Graph API to do Planner/Groups stuff without being in Group https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/utilizing-graph-api-to-do-planner-groups-stuff-without-being-in/m-p/392086#M109 <P>Hello,&nbsp;</P><P>&nbsp;</P><P>I am looking to use a global administrator account to do a lot of stuff, but one of those things is to generate planner tasks. The code works, but it will only work if the account is a member of the group.&nbsp;</P><P>&nbsp;</P><P>Is there a way to not do this? Should I add/remove the user via code every time I do it?</P><P>&nbsp;</P><P>What is the latency there?</P> Mon, 01 Apr 2019 18:49:25 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/utilizing-graph-api-to-do-planner-groups-stuff-without-being-in/m-p/392086#M109 Joe Fedorowicz 2019-04-01T18:49:25Z Getting On-boarded as a Provider https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-on-boarded-as-a-provider/m-p/371226#M106 <P><SPAN>Hello,</SPAN></P><DIV>&nbsp;</DIV><DIV>I am representing my company at the upcoming two-day session in Redmond re the Microsoft Graph API.</DIV><DIV>&nbsp;</DIV><DIV>I am trying to flesh out what a provider solution would look like in terms of Python code before the event, putting the pieces together little by little, but it has not all come together yet.</DIV><DIV>&nbsp;</DIV><DIV>My understanding is that my Graph-accessible endpoint as a provider needs to be OData compliant, and as a Python developer, that means<SPAN>&nbsp;</SPAN><STRONG>Pyslet</STRONG><SPAN>&nbsp;</SPAN>to me.&nbsp; I have endeavored to learn the ropes there, and have a minimal server setup complete.</DIV><DIV>&nbsp;</DIV><DIV>Separately, I have downloaded and spun up the<SPAN>&nbsp;</SPAN><STRONG>msgraph-training-pythondjangoapp</STRONG><SPAN>&nbsp;</SPAN>python client app, and attempted to extend it to retrieve emails.&nbsp; I thought I covered all of the bases, but despite being logged in correctly, I am getting this exception when trying to access my emails:</DIV><DIV>&nbsp;</DIV><DIV><DIV><FONT face="monospace, monospace">[15/Mar/2019 19:26:06] "GET /tutorial/emails HTTP/1.1" 500 66273</FONT></DIV><DIV><FONT face="monospace, monospace">{'error': {'code': 'ErrorAccessDenied', 'message': 'Access is denied. Check credentials and try again.', 'innerError': {'request-id': 'a22ab38f-2a89-4e89-88fc-9f2611aed597', 'date': '2019-03-15T19:26:12'}}}</FONT></DIV><DIV><FONT face="monospace, monospace">Internal Server Error: /tutorial/emails</FONT></DIV></DIV><DIV>&nbsp;</DIV><DIV>Please advise on this, and anything else you can give me to help establish a service that retrieves emails and returns them via the Graph.</DIV><DIV>&nbsp;</DIV><DIV>My eventual intent, just so you see where I am going with this, is to splice in my company's APIs to scan the emails and their senders for domain information, then report back on the threat-level as determined by the APIs.&nbsp;&nbsp;</DIV><DIV>&nbsp;</DIV><DIV>Thank you for your time,</DIV><DIV>&nbsp;</DIV><DIV>-Tony</DIV> Fri, 15 Mar 2019 20:18:57 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/getting-on-boarded-as-a-provider/m-p/371226#M106 Deleted 2019-03-15T20:18:57Z Mailflow alerts available in Graph API ? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/mailflow-alerts-available-in-graph-api/m-p/365140#M104 <P>Hi, I was wondering if these alerts are available in the graph api?</P><P><A href="#" target="_blank">https://protection.office.com/#/mailflow/dashboard&nbsp;</A></P><P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="mailflowalerts.png" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/86610i3299E81E2D94E1D5/image-size/large?v=v2&amp;px=999" role="button" title="mailflowalerts.png" alt="mailflowalerts.png" /></span></P><P>&nbsp;</P><P>If I list out alerts in a tenant, I do not see the alerts that are shown on this Dashboard.</P><P>I use this endpoint in Graph:&nbsp;<A href="#" target="_blank">https://Graph.Microsoft.Com/V1.0/Security/Alerts</A></P><P>&nbsp;</P><P>Regards</P><P>Tore Melberg</P><P>&nbsp;</P> Tue, 12 Mar 2019 20:30:14 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/mailflow-alerts-available-in-graph-api/m-p/365140#M104 Tore Melberg 2019-03-12T20:30:14Z Graph API permissions and protecting secrets https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-api-permissions-and-protecting-secrets/m-p/364543#M103 <P>I am looking for some guidance to configure 'least-privileged' permissions for Graph API. I'll be invoking Graph API from Microsoft Flow to provision a new Team and set its properties like Team owners &amp; members.</P><P>&nbsp;</P><P>I have registered an app in Azure AD and app's been assigned 'Application' level 'Groups.ReadWrite.All' &amp; Users.Read.All permissions. These are the minimum set of permissions required.</P><P>&nbsp;</P><P>However, this application secret is going to be visible in Flow which means any user or administrator who has access to Flow can view the secret and build an API or simply use postman to invoke API calls that do operations against all Groups resources.</P><P>&nbsp;</P><P>Has anyone out there implemented a similar setup and could share some advice regarding the security considerations?</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 11 Mar 2019 23:10:32 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/graph-api-permissions-and-protecting-secrets/m-p/364543#M103 Gurdev Singh 2019-03-11T23:10:32Z 401 Unauthorized when accessing /messages api using client credentials grant flow https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/401-unauthorized-when-accessing-messages-api-using-client/m-p/362461#M102 <P>I have a mailbox in on prem exchange server (which is in hybrid mode)<SPAN>&nbsp;</SPAN>abc@onprem.com<SPAN>&nbsp;</SPAN>and i am trying to access this via graph api (/messages). This works perfectly if i do this in graph explorer, but fails when i do via postman.</P><P>Required application permission is given in Azure app registration portal. Implementation/postman uses<SPAN>&nbsp;</SPAN><STRONG>grant_type as client_credentials with certificate</STRONG><SPAN>&nbsp;</SPAN>and this works<SPAN>&nbsp;</SPAN><STRONG>perfectly for cloud users.</STRONG></P><H1>Response of API</H1><PRE>{ 'error': { 'innerError': { 'date': '2019-02-28T14:17:45', 'request-id': '6a85f8c3-4e13-4cf0-84b2-ddc934241afd' }, 'message': '', 'code': 'UnknownError' }}</PRE><H1>IIS Logs</H1><P>&nbsp;</P><P>Added some headers like www-authenticate for logging and found that below is the error in IIS Log for on prem.</P><P>&nbsp;</P><P>2019-03-04 04:05:13 172.31.10.98 GET /api/V2.0/Users('abc@onprem.com')/Messages &amp;CorrelationID=;&amp;cafeReqId=2823c302-3c84-4847-b586-accced4b6dd5; 443 - 20.190.145.177 PostmanRuntime/7.6.0 - 401 0 0 332 Bearer+eyJ0 blah blah.....blah blah.....hSd mail.onprem.com - - - Bearer+client_id="00000002-0000-0ff1-ce00-000000000000",+token_types="app_asserted_user_v1+service_asserted_app_v1",+authorization_uri="<A href="#" target="_blank" rel="noopener">https://login.windows.net/common/oauth2/authorize",+error="invalid_token</A>" 2000001;reason="This+token+profile+'V1S2SAppOnly'+is+not+applicable+for+the+current+protocol.";error_category="invalid_token"</P><P>&nbsp;</P><P>&nbsp;</P><BLOCKQUOTE><OL><LI>What would be reason for this authentication failure ?</LI><LI>Is there something worng with client credentials grant flow (in graph explorer as we sign in and do query auth flow might not be client credentials) ?&nbsp;For graph explorer calls i see cs-username like `S-1-5-21-1392771109-4043059535-3934338706-1147`&nbsp; in IIS Log which doesn't come for postman calls.</LI><LI>We are using self signed certificate on exchange server , can this lead to this issue ? If so wondering how everything is working from graph explorer.</LI></OL><P>&nbsp;</P></BLOCKQUOTE><H1>&nbsp;</H1><P>&nbsp;</P> Thu, 07 Mar 2019 02:33:23 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/401-unauthorized-when-accessing-messages-api-using-client/m-p/362461#M102 Karthik_Hebbar 2019-03-07T02:33:23Z Windows Defender ATP API vs Security Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/windows-defender-atp-api-vs-security-graph-api/m-p/359592#M95 <P>Will these two merge into one?&nbsp; Or for more detailed WDATP information we should code against the WDATP API?</P><P>&nbsp;</P><P>&nbsp;</P> Mon, 04 Mar 2019 01:11:54 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/windows-defender-atp-api-vs-security-graph-api/m-p/359592#M95 FrankG 2019-03-04T01:11:54Z Paging https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/paging/m-p/359591#M94 <P>To perform paging with the Graph API you are supposed to check for the:&nbsp;<FONT>@odata:nextLink</FONT> property in the results.&nbsp; This property will not appear if you set $top=12 or greater.&nbsp; $top=11 or smaller will return the nextLink property.&nbsp; You can test in the Graph Explorer.</P><P>&nbsp;</P><P>This will not return the nextLink property:</P><P><FONT><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts?$top=12&amp;$filter=createdDateTime%20ge%202018-08-02T22:05:00Z</A></FONT></P><P><FONT>This will return the nextLink property:</FONT></P><P><FONT><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts?$top=11&amp;$filter=createdDateTime%20ge%202018-08-02T22:05:00Z</A></FONT></P><P>&nbsp;</P><P>&nbsp;</P> Mon, 04 Mar 2019 01:09:43 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/paging/m-p/359591#M94 FrankG 2019-03-04T01:09:43Z Use the new NextJS sample to integrate with Microsoft Graph Security https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/use-the-new-nextjs-sample-to-integrate-with-microsoft-graph/m-p/354161#M90 <P>We are happy to announce a new <A href="#" target="_blank">NextJS sample</A>, contributed by Olli Vanhoja, Head of Security - <A href="#" target="_blank">ZEIT</A>. Olli is also a member of the judging panel for the ongoing <A href="#" target="_blank">Microsoft Graph Security Hackathon</A>.</P> <P>&nbsp;</P> <P>The NextJS sample is a new addition to the existing set of <A href="#" target="_blank">Microsoft Graph Security samples</A>. Use this sample to build your own integrations with <A href="#" target="_blank">Microsoft Graph Security</A>.</P> <P>&nbsp;</P> <P>This sample uses the <A href="#" target="_blank">Microsoft Graph Security JavaScript SDK</A> to create a server-less <A href="#" target="_blank">Next.js</A> application. The application authenticates with Microsoft Azure Active Directory (AAD) and retrieves security alerts using the Microsoft Graph Security API. This sample is built around the <A href="#" target="_blank">ZEIT Now</A> deployment model, as it utilizes Now builders and deployment routes, but it is portable to any server-less environment.</P> <P>&nbsp;</P> <P>Try the Microsoft Graph Security samples and please share your feedback by <A href="#" target="_blank">filing a GitHub issue</A> or by engaging on the <A href="https://gorovian.000webhostapp.com/?exam=t5/Using-Microsoft-Graph-Security/bd-p/SecurityGraphAPI" target="_blank">Microsoft Graph Security API tech community</A> or <A href="#" target="_blank">StackOverflow</A>.</P> <P>&nbsp;</P> <P>&nbsp;</P> Wed, 20 Feb 2019 19:46:42 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/use-the-new-nextjs-sample-to-integrate-with-microsoft-graph/m-p/354161#M90 Preeti_Krishna 2019-02-20T19:46:42Z Connect to the Microsoft Graph Security API without writing code! https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connect-to-the-microsoft-graph-security-api-without-writing-code/m-p/340039#M89 <P>We are happy to share two new options to connect with the Microsoft Graph Security API without having to write any code.&nbsp;</P> <UL> <LI><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noreferrer">Microsoft Graph Security connectors</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"> for </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noopener noreferrer">Azure Logic Apps</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">, </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noopener noreferrer">Microsoft Flow</A>,</SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"> and </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noopener noreferrer">PowerApps</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">, which greatly simplify the development of automated security workflows. &nbsp;</SPAN></LI> <LI><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A href="#" target="_self">Microsoft Graph Security Power BI connector</A> that enables rapid development of enterprise-wide security reports to gain rich security insights.</SPAN></LI> </UL> <P><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">Try the Microsoft Graph Security connectors and please share your feedback by </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noopener noreferrer">filing a GitHub issue</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"> or by engaging on the </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="https://gorovian.000webhostapp.com/?exam=t5/Using-Microsoft-Graph-Security/bd-p/SecurityGraphAPI" target="_blank" rel="noopener">Microsoft Security Graph API tech community</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"> or </SPAN><SPAN style="box-sizing: border-box; color: #333333; font-family: &amp;quot; segoeui&amp;quot;,&amp;quot;lato&amp;quot;,&amp;quot;helvetica neue&amp;quot;,helvetica,arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;"><A style="background-color: transparent; box-sizing: border-box; color: #146cac; text-decoration: underline;" href="#" target="_blank" rel="noopener noopener noreferrer">StackOverflow</A></SPAN><SPAN style="display: inline !important; float: none; background-color: #ffffff; color: #333333; font-family: 'SegoeUI','Lato','Helvetica Neue',Helvetica,Arial,sans-serif; font-size: 16px; font-style: normal; font-variant: normal; font-weight: 300; letter-spacing: normal; orphans: 2; text-align: left; text-decoration: none; text-indent: 0px; text-transform: none; -webkit-text-stroke-width: 0px; white-space: normal; word-spacing: 0px;">.</SPAN></P> Thu, 14 Feb 2019 23:30:48 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connect-to-the-microsoft-graph-security-api-without-writing-code/m-p/340039#M89 Preeti_Krishna 2019-02-14T23:30:48Z https://graph.microsoft.com/v1.0/security/alerts returns empty value https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/https-graph-microsoft-com-v1-0-security-alerts-returns-empty/m-p/339062#M87 <P>We have a daily job for querying alerts for some tenants, but there is a tenant we can't get alerts through&nbsp;<A href="#" target="_blank">https://graph.microsoft.com/v1.0/security/alerts</A> API since l/8 this year, but we have generated some identity risk events which could be saw in Azure AD Identity Protection.</P> Thu, 14 Feb 2019 02:01:45 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/https-graph-microsoft-com-v1-0-security-alerts-returns-empty/m-p/339062#M87 aaron_yang 2019-02-14T02:01:45Z 403 Forbidden response when requesting Microsoft Security Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/403-forbidden-response-when-requesting-microsoft-security-graph/m-p/333458#M85 <P>Hello, i am developing an app, nodejs, and running into http 403 when calling the&nbsp;<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts</A> endpoint.</P><P>&nbsp;</P><P>I have assigned myself and my app the `security reader` and `security admin` roles.&nbsp; I have delegated api permission to the azure ad app `SecurityEvents.Read.All`.</P><P>&nbsp;</P><P>I can call&nbsp;<A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/security/alerts</A> using the graph explorer no problem, but in my own app, i simply get 403.</P><P>&nbsp;</P><P>I have consented to the popup when it was displayed the first time i signed in and called the graph..</P><P>&nbsp;</P><P>For testing, i cal successfully call other endpoints, like&nbsp;</P><DIV><DIV><SPAN><SPAN><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/me</A> and&nbsp;</SPAN></SPAN><DIV><DIV><SPAN><A href="#" target="_blank" rel="noopener">https://graph.microsoft.com/v1.0/me/messages</A></SPAN></DIV><DIV>&nbsp;</DIV></DIV></DIV></DIV><P>What am i missing.</P> Sun, 10 Feb 2019 01:42:14 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/403-forbidden-response-when-requesting-microsoft-security-graph/m-p/333458#M85 Andrew Huddleston 2019-02-10T01:42:14Z How to get SharePoint online list item attachments links using Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-get-sharepoint-online-list-item-attachments-links-using/m-p/332282#M84 <P><STRONG>For Attachment Items in any list of&nbsp; SharePoint&nbsp;Online ,</STRONG><STRONG>&nbsp;graph explorer can get only Attachments property which contains value “true” or “false”</STRONG></P><P><STRONG>I am unable to get links of the attached images, pdf, etc.</STRONG></P><P><STRONG>Rest API we can easily expand and grab the attached links However ,</STRONG><STRONG>Using Graph Explorer we can not expand Attachments property . Need help that&nbsp;</STRONG><STRONG>How can we attachments links&nbsp; in list of SharePoint&nbsp;online using using Graph API</STRONG></P><P>&nbsp;</P><P><STRONG>#List attachment Link using Graph API&nbsp;</STRONG></P> Thu, 07 Feb 2019 12:45:56 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-get-sharepoint-online-list-item-attachments-links-using/m-p/332282#M84 Deleted 2019-02-07T12:45:56Z Exchange - On-prem - Graph API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exchange-on-prem-graph-api/m-p/303361#M82 <P>Are there any ways to use Graph APIs to talk to an on prem Exchange? I know that they can talk to a cloud only or hybrid setup but is it also possible to be able to use this for an on prem only kind of setup?&nbsp;</P><P>&nbsp;</P><P>If not what is an alternative API that can be used to integrate an application to talk to cloud, hybrid and on prem only deployments?</P><P>&nbsp;</P><P>Will I need to have different implementations that use Graph for the first two and something else like&nbsp;exchange web services API&nbsp;&nbsp;for on prem exchange or is there an easier way?</P> Tue, 18 Dec 2018 14:25:35 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/exchange-on-prem-graph-api/m-p/303361#M82 exchangedev 2018-12-18T14:25:35Z Connection to Teams https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connection-to-teams/m-p/293756#M75 <P>I used the Graph API to retrieved messages from Teams. It works great using the Graph Explorer. My&nbsp;only issue is that is extracting the messages beginning of October of this year and I need to obtain all the messages that are in the Teams channel. What can I do? Thanks in advance for the help.</P> Sat, 01 Dec 2018 15:35:21 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/connection-to-teams/m-p/293756#M75 Otto Knoke 2018-12-01T15:35:21Z WDATP filtering by severity https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/wdatp-filtering-by-severity/m-p/289026#M73 <P>Have another problem with filtering by severity.&nbsp;</P><P>&nbsp;</P><P>This api works (returns records, with some where the severity is 'informational')</P><P>/beta/security/alerts?$filter=vendorInformation/provider+eq+'WDATP'</P><P>&nbsp;</P><P>However, adding another filter by for severity ....</P><P>/beta/security/alerts?$filter=vendorInformation/provider+eq+'WDATP'+and+severity+eq+'informational'</P><P>&nbsp;</P><P>... returns 0 records</P><P>&nbsp;</P><P>If I remove the provider lookup and just do something like this:</P><P>/beta/security/alerts?$filter=severity+eq+'low'</P><P>&nbsp;</P><P>it returns records</P><P>&nbsp;</P><P>But not if switch it to severity eq 'informational'.&nbsp; Tried /beta and /v1.0</P><P>&nbsp;</P><P>Is there an issue with filtering by severity and vendorInformation/provider?</P><P>&nbsp;</P> Mon, 19 Nov 2018 23:12:06 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/wdatp-filtering-by-severity/m-p/289026#M73 Creighton Medley 2018-11-19T23:12:06Z Secure Score Identity https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/secure-score-identity/m-p/286434#M72 <P>Hello,</P><P>Since yesterday the Secure Score identity points does not return all the data, at most we can have 38 points out of 223 of yesterday.<BR />Is there a problem?</P> Wed, 14 Nov 2018 10:06:47 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/secure-score-identity/m-p/286434#M72 Jordi Marchán Martínez 2018-11-14T10:06:47Z Retrieving Office 365 alerts https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieving-office-365-alerts/m-p/283424#M70 <P>We tried to retrieve Office 365 alerts in the Graph Explorer. At this moment we see no results.</P><P>(check attached PDF file)</P><P>&nbsp;</P><P>On this page O365 support was announced: <A href="#" target="_blank">https://developer.microsoft.com/en-us/graph/docs/api-reference/v1.0/resources/security-api-overview</A></P><P>&nbsp;</P><P>Does anyone have any idea when this option is ready? Or is there already a way of testing with the API on combination with O365 alerts?</P> Wed, 07 Nov 2018 15:26:48 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/retrieving-office-365-alerts/m-p/283424#M70 Martijn Wenke 2018-11-07T15:26:48Z Microsoft Graph monthly community call blog and recording are now available https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-graph-monthly-community-call-blog-and-recording-are/m-p/266924#M64 <P><span class="lia-inline-image-display-wrapper lia-image-align-center" image-alt="Post Twitter Image Microsoft Graph_October 2018.jpg" style="width: 400px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/55501iF9E231592C11BDA1/image-size/medium?v=v2&amp;px=400" role="button" title="Post Twitter Image Microsoft Graph_October 2018.jpg" alt="Post Twitter Image Microsoft Graph_October 2018.jpg" /></span></P> <P>&nbsp;</P> <P>The call this month featured a section on the Microsoft Graph Security API presented by&nbsp;<STRONG>Pretti Krishna</STRONG>, Senior PM, showcasing Ignite announcements, general availability of the API and a demo of&nbsp; the capabilities the API can unlock.</P> <P>&nbsp;</P> <P>Also included in this call:</P> <UL> <LI><STRONG>Jeremy Thake</STRONG><SPAN>&nbsp;</SPAN>talked about Microsoft Graph Ignite 2018 announcements</LI> </UL> <DIV class="yj-message-list-item--body yj-message-body"> <DIV class="yj-message-body"> <UL> <LI><STRONG>David<SPAN>&nbsp;</SPAN></STRONG><STRONG>Claux</STRONG>, Outlook Principal PM, presented Adaptive Cards – what they are, why we created them, and how/why they can be used in application.</LI> </UL> <P>&nbsp;</P> <P><A href="#" target="_blank" rel="nofollow noreferrer">View the blog here</A></P> <P><A href="#" target="_blank" rel="nofollow noreferrer">Watch the recording here</A></P> </DIV> </DIV> <DIV class="yj-message-list-item--attachment-container">&nbsp;</DIV> Thu, 04 Oct 2018 15:34:36 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/microsoft-graph-monthly-community-call-blog-and-recording-are/m-p/266924#M64 danawikan 2018-10-04T15:34:36Z Recommend environment for development and testing https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/recommend-environment-for-development-and-testing/m-p/265553#M62 <P>What is recommended environment/configuration to develop and test applications leveraging Graph Security API? I've got Office 365 Enterprise E3 Developer subscription and don't receive any alerts through Graph Security API even when I try to upload Eicar virus sample or login to the O365 portal with the Tor browser. If MCAS or other ATP solutions are required to get security alerts, are there other than 30/60 day trial subscriptions available for developers?</P> Tue, 02 Oct 2018 08:36:29 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/recommend-environment-for-development-and-testing/m-p/265553#M62 Dmitriy Viktorov 2018-10-02T08:36:29Z Administrative Control Of Application Ownership https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/administrative-control-of-application-ownership/m-p/262884#M59 <P>Is there any way for a tenant admin to reclaim a registered application if the individual who registered it has left the company? I understand that more than one person should be designated as the owner. And there are a number of work-arounds available.</P><P>&nbsp;</P><UL><LI>If the AD/Azure AD account has simply been disabled, an admin can re-enable the account, change the password, and log in under those credentials. Since the app continues to function when the owners account has been disabled, I foresee instances where the account has been deleted and its tombstone aged out.</LI><LI>Register a new application under another user's ID and update the project with this new ID/secret (although this requires figuring out what the proper app settings should be).</LI></UL><P>It would be nice if a quick/easy option were available for someone to reassign ownership of orphaned applications (and view a list of applications registered in their tenant).&nbsp;</P> Wed, 26 Sep 2018 15:21:37 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/administrative-control-of-application-ownership/m-p/262884#M59 Lisa Rushworth 2018-09-26T15:21:37Z how to deploy Intelligent security graph, how to integrate with azure identity protection https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-deploy-intelligent-security-graph-how-to-integrate-with/m-p/260162#M58 <P>Please help me with document of integration</P> Fri, 21 Sep 2018 11:02:39 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/how-to-deploy-intelligent-security-graph-how-to-integrate-with/m-p/260162#M58 Ruchi Manuja 2018-09-21T11:02:39Z Is there a bug in filtering by severity? https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/is-there-a-bug-in-filtering-by-severity/m-p/251301#M50 <P>The sample works (using fake data)</P><P><A href="#" target="_blank">https://graph.microsoft.com/beta/security/alerts?filter=Severity</A> eq 'High'&amp;$top=5</P><P>&nbsp;</P><P>But if I use the same call with a bearer token, it returns -&gt;</P><P>{<BR />"@odata.context": "<A href="#" target="_blank">https://graph.microsoft.com/beta/$metadata#Security/alerts</A>",<BR />"value": []<BR />}</P><P>(same for Medium, Low and just in case, tried high, medium and low)</P><P>&nbsp;</P><P>If I make up a severity name, it returns -&gt;</P><P>{<BR />"error": {<BR />"code": "BadRequest",<BR />"message": "Invalid filter clause",<BR />"innerError": {<BR />"request-id": "20fbaaca-8f2c-4c86-9d2c-f990ca3cfe86",<BR />"date": "2018-09-11T15:47:23"<BR />}<BR />}<BR />}</P><P>&nbsp;</P><P>So I'm thinking it is a bug ... does filtering by severity work for anyone else?&nbsp;&nbsp;</P> Tue, 11 Sep 2018 15:49:18 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/is-there-a-bug-in-filtering-by-severity/m-p/251301#M50 Creighton Medley 2018-09-11T15:49:18Z Updating alerts https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/updating-alerts/m-p/240757#M43 <P>Updating an alert we got this error:</P><P>{<BR />"error": {<BR />"code": "",<BR />"message": "An error has occurred.",<BR />"innerError": {<BR />"message": "'System.Collections.Generic.List&lt;IsgWebApi.DataProvider.DataProviderDiagnostic&gt;' does not contain a definition for 'FirstOrDefault'",<BR />"request-id": "149c6676-fe81-40ce-8ff0-d10661d68854",<BR />"date": "2018-08-31T11:09:43"<BR />}<BR />}<BR />}</P><P>&nbsp;</P><P>Maybe it needs to use System.Linq?</P> Fri, 31 Aug 2018 11:13:35 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/updating-alerts/m-p/240757#M43 Jordi Marchán Martínez 2018-08-31T11:13:35Z Final updates to the alerts schema https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/final-updates-to-the-alerts-schema/m-p/240590#M41 <DIV style="direction: ltr; border-width: 100%;"> <DIV style="direction: ltr; margin-top: 0in; margin-left: 0in; width: 11.0312in;"> <DIV style="direction: ltr; margin-top: 0in; margin-left: 0in; width: 11.0312in;"> <DIV style="direction: ltr;"> <TABLE title="" style="direction: ltr; border-collapse: collapse; border: 0pt solid #A3A3A3;" border="0" cellspacing="0" cellpadding="0" summary=""> <TBODY> <TR> <TD style="border-width: 0pt; background-color: #0078d7; vertical-align: top; width: 2.1895in; padding: 2.0pt 3.0pt 2.0pt 3.0pt;"> <P style="margin: 0in; font-family: 'Segoe UI Light'; font-size: 20.0pt; color: white;">Schema update</P> </TD> </TR> <TR> <TD style="border-width: 0pt; background-color: #00188f; vertical-align: top; width: 2.259in; padding: 2.0pt 3.0pt 2.0pt 3.0pt;"> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.5pt; color: white;"><SPAN style="background: #00188F;">Microsoft Graph Security API</SPAN></P> </TD> </TR> </TBODY> </TABLE> </DIV> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">We're introducing significant changes to our data model (aka schema) based on our partnerships</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">with security providers and feedback we received on the Public Preview schema to date, in <BR />preparing for General Availability of the Microsoft Graph Security API.</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">Working with Microsoft and 3rd-party security products (aka 'providers') around the data they can <BR />populate alert with, provided valuable input on additional properties they want to make available <BR />in alerts from their respective products.</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">We reviewed and verified that properties we include in our schema are not proprietary and are <BR />supported by more than one provider, enabling customers to run a single filtered queries across <BR />multiple providers - before adding them to our schema, to ensure customers can maximize the <BR />benefit they realize from their graph-enabled security products.</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">This post will focus on changes to the alert entity: describing new properties and any modifications <BR />to existing properties, starting with the major changes, and continuing to other changes. <BR /><A title="Updated Microsoft Graph Security API schema" href="#" target="_blank"><SPAN style="font-weight: bold;">The online documentation</SPAN></A> already reflects these changes; please view complete schema details there.</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;"><SPAN style="font-weight: bold; text-decoration: underline;">Major changes</SPAN><SPAN style="font-weight: bold;">:</SPAN></P> <UL> <LI><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">The </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">networkConnection</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> complex type now supports:</SPAN></LI> <UL type="circle" style="margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;"> <LI><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">URL-related properties (domains, URLs, registrar information, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">Network Address Translation (aka NAT) related properties (more details below)</SPAN></LI> </UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">New </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">registryKeyState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> complex type - metadata related to creating/modifying registry keys, <BR />a common form of persistence in fileless attacks </SPAN></LI> <UL type="circle" style="margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;"> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">The registryKeyState captures the previous, and new, registry key properties to <BR />enable understanding what changed</SPAN></LI> </UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">cloudApplicationState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> replaces applicationState - supports alerts from Cloud Access Security <BR />Broker (CASB) providers</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">The </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">comments</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> property is now a collection of strings (previously a string) - <BR />(</SPAN><SPAN style="font-style: italic; text-decoration: underline; font-family: 'Segoe UI'; font-size: 11.0pt;">breaking change for update alert</SPAN>)</LI> </UL> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <P style="margin: 0in; font-family: 'Segoe UI'; font-size: 11.0pt;"><SPAN style="font-weight: bold; text-decoration: underline;">Other changes</SPAN><SPAN style="font-weight: bold;">:</SPAN></P> <UL> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">New properties</SPAN> <UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">Confidence</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - provider-generated confidence in the accuracy of the alert/detection</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">UserState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> as two new properties:</SPAN> <UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">isVpn</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - indicates if the logon was done over a VPN (effects logon information: <BR />logonId and logonIp)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">emailRole</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - indicates if the user account was email sender or recipient <BR />(in email-related alerts)</SPAN></LI> </UL> </LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;">&nbsp;<SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">hostState.hostOs</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the Operating system of the related host</SPAN></LI> </UL> </LI> </UL> <P style="margin: 0in; margin-left: .375in; font-family: 'Segoe UI'; font-size: 11.0pt;">&nbsp;</P> <UL> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">Changed properties</SPAN> <UL> <LI><SPAN style="font-weight: bold;">fileHash</SPAN> (new complex type) - replaces dedicated properties for select <BR />file hashes to support a broad variety of file hashes<FONT face="&quot;Segoe UI&quot;"> (</FONT><EM>Appears in alert.fileStates <BR />and in alert.processes</EM>); properties: <UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">type</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - enumeration of file hash types (Sha1, Sha256, MD5, AuthenticodeHash256, <BR />LsHash, CTPH)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">value</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the file hash value</SPAN></LI> </UL> </LI> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">cloudAppState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> (was </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">applicationState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">) - new/changed properties</SPAN> <UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">destinationServiceName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the cloud application/service name (e.g. "Salesforce", <BR />"Box", etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">destinationServiceIp</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the destination IP Address of the connection to cloud <BR />application/service </SPAN></LI> </UL> </LI> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">activityGroupName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - previously a complex type, now the name of the activity group <BR />(attacking entity); </SPAN></LI> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">malwareState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - now incorporates all relevant properties to the malicious file</SPAN> <UL> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">category</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - provider-generated category of the malware (e.g. ransomware, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">family</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - provider-generated family of the malware (e.g. wannacry; there may be <BR />multiple variants of this malware, e.g. wannacry.A, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">wasRunning</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - moved into the complex type; indicates if the malware was executing <BR />when detected, or at rest on disk (e.g. during static scan)</SPAN></LI> </UL> </LI> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">vulnerabilityState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - has a new property</SPAN> <UL> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">wasRunning</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - indicates if the vulnerability was detected at execution time, or at rest <BR />on disk (e.g. during static scan)</SPAN></LI> </UL> </LI> </UL> </LI> </UL> <P><U><STRONG><FONT face="&quot;Segoe UI&quot;">Details of major changes</FONT></STRONG></U></P> <UL> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">networkConnection</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - new and changed properties:</SPAN></LI> <UL type="circle" style="margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;"> <LI><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">applicationName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the name of the application managing the network connection <BR />(e.g. Facebook, SMTP, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[Modified] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">destinationUrl</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - previously named "</SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">uri</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">"; reflect general alignment of <BR />'destination/source' distinction for network communication property</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">direction</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - whether the network communication is inbound or outbound - <BR />impacts the 'source' and 'destination' IP address or URL</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">status</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - whether the network communication was (only) attempted, <BR />successful (completed), blocked, or failed</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">destinationDomain</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the domain of the destination URL (enables filtering <BR />for network connections to different URLs under the same domain)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">localDnsName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the local DNS name resolution as it appears in the <BR />host's local DNS cache (important in cases of </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">hosts</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> file tampering)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">urlParameters</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the segment of the URL after the&nbsp;URI portion (follows "?"). <BR />Segmenting the URL for ease of consumption</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">domainRegisteredDate</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - when the domain was registered (new domains <BR />are often suspect)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">natSourceAddress</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the network connection's (actual) source IP Address, <BR />where Network Address Translation is performed (e.g. proxies, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">natDestinationAddress</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the (actual) destination IP Address, where <BR />Network Address Translation is performed (e.g. proxies, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">natSourcePort</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the network connection's (actual) source port, where <BR />Network Address Translation is performed (e.g. proxies, etc.)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">[New] </SPAN><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">natDestinationPort</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - the (actual) destination port, where Network <BR />Address Translation is performed (e.g. proxies, etc.)</SPAN></LI> </UL> </UL> <UL> <LI><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">registryKeyState</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">- new complex type that specifies 'old' and 'new' properties of a registry key:</SPAN></LI> <UL type="circle" style="margin-left: .375in; direction: ltr; unicode-bidi: embed; margin-top: 0in; margin-bottom: 0in;"> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">process </SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">- Process ID (PID) of the process that modified the registry key (process <BR />details will appear in the alert 'processes' collection)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">operation </SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;">- operation that changed the registry key name and/or value <BR />(add, modify, delete)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">valueType</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - registry key value type (e.g. REG_BINARY, REG_DWORD, etc. - <BR />enumeration)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">hive</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - registry hive (e.g. HKEY_CURRENT_CONFIG, HKEY_CURRENT_USER, etc. - <BR />enumeration)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">key</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - current (i.e. changed) registry key (excludes HIVE)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">valueName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - current (i.e. changed) registry key value name</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">valueData</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - current (i.e. changed) registry key value data (contents)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">oldKey</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - previous (i.e. before changed) registry key (excludes HIVE)</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">oldValueName</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - previous (i.e. before changed) registry key value name</SPAN></LI> <LI style="margin-top: 0; margin-bottom: 0; vertical-align: middle;"><SPAN style="font-weight: bold; font-family: 'Segoe UI'; font-size: 11.0pt;">oldValueData</SPAN><SPAN style="font-family: 'Segoe UI'; font-size: 11.0pt;"> - previous (i.e. before changed) registry key value data (contents)</SPAN></LI> </UL> </UL> </DIV> </DIV> </DIV> Thu, 30 Aug 2018 23:10:29 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/final-updates-to-the-alerts-schema/m-p/240590#M41 Michael Shalev 2018-08-30T23:10:29Z Using Graph Explorer with the Graph Security API https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/using-graph-explorer-with-the-graph-security-api/m-p/239222#M40 <P>We've received several questions about not being able to see existing alerts using the Graph Explorer.</P> <P>The reason for this is that the Graph scopes, or permissions, required to call the Graph Security API - SecurityEvents.Read.All, SecurityEvents.ReadWrite.All - are not selected by default in Graph Explorer.</P> <P>To enable using Graph Explorer, an Azure AD tenant admin must grant these scopes (see figure below)</P> <P>Once this is done (and the signed in user account is assigned a limited administrator <STRONG>SecurityReader</STRONG> or <STRONG>SecurityAdmin</STRONG> Azure AD role) - alerts may be viewed using the Graph Explorer. Enjoy!</P> <P>&nbsp;</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Granting SecurityEvents scopes in GraphExplorer" style="width: 999px;"><img src="https://techcommunity.microsoft.com/t5/image/serverpage/image-id/44385i4C01DA63776FF646/image-size/large?v=v2&amp;px=999" role="button" title="graphexplorer-add_securityevent_scopes.png" alt="Granting SecurityEvents scopes in GraphExplorer" /><span class="lia-inline-image-caption" onclick="event.preventDefault();">Granting SecurityEvents scopes in GraphExplorer</span></span></P> <P>&nbsp;</P> Tue, 28 Aug 2018 22:35:00 GMT https://gorovian.000webhostapp.com/?exam=t5/microsoft-graph-security-api/using-graph-explorer-with-the-graph-security-api/m-p/239222#M40 Michael Shalev 2018-08-28T22:35:00Z