Microsoft Graph Security API | Microsoft Community Hub

Forum Widgets

Latest Discussions

Graph API - Difference in Calendar events between users
Hi All, I have a .NET 3.1 WebApp running an Application Permission Graph API instance. I have noticed some discrepancies when using the .Calendar.CalendarView and .Events extensions. I have found that some events, that should be returned, aren't returned by the API. This is my C# code that I use: ICalendarCalendarViewCollectionPage response = await _graphClient.Users[userId].Calendar.CalendarView .Request(new List { new QueryOption("startDateTime", startDate.ToString("yyyy-MM-ddTHH:mm:ssZ")), new QueryOption("endDateTime", endDate.ToString("yyyy-MM-ddTHH:mm:ssZ")) }) .Header("Prefer", "outlook.timezone=\"Europe/London\"") .GetAsync(); Where startDate is a Monday, and endDate is a Sunday. The UserId is definitely correct as it does return some correct events. For example, I and another colleague are booked onto a Recurring Teams Meeting. Neither of us are the organiser but the organiser does exist in the tenant. When I call the code block above, the meeting IS CORRECTLY returned from that call in the response. But if I switched the UserId to my Colleague's UserId, it won't return that meeting from the API. The meeting DOES show on both of our calendars on Outlook Old & New. I use the old version of outlook, and he uses the new version of outlook. I'd also like to note that some recurring meetings do show up on the faulty user's Calendar View, just certain ones do not, so I'm pretty sure that the fact that the event is recurring doesn't matter. Does anyone have any insight into this? Thanks
Solved
Benjamano
Copper Contributor
Sep 12, 2025
development
59Views
0likes
2Comments
Authenticating using ConfidentialClient
Hello, Some of our customers are unable to send out automated emails because support for basic authentication with SMTP is being removed. I am looking at finding a solution and it seems the Graph API is the recommended approach. I have manage to create a working example using `PublicClientApplicationBuilder` however, this class displays a pop-up requiring the user to sign in, since we have automated services with no user interaction, this is not a good solution. I have seen some examples using `ConfidentialClientApplicationBuilder` and this seems idea. However, I have reached multiple dead-ends and everytime receive the error: > Confidential Client flows are not available on mobile platforms or on Mac.See https://aka.ms/msal-net-confidential-availability for details. Please would someone be able to help me. Why do I recieve this error? Whatever I do, whatever project I use, WinForm, Console app and Service I always get this error. I am storing my Client, Tenant and Secret in a database table and here is my code: ``` vb Private Async Function GetAppAuthentication() As Task(Of AuthenticationResult) Dim folderAccess = BLL.L2S.SystemApplicationGateway.GetFolderAccess(mBLL_SY.ReadonlyDbContext) If folderAccess Is Nothing Then Return Nothing End If Dim app = ConfidentialClientApplicationBuilder.Create(folderAccess.Client) _ .WithClientSecret(folderAccess.Secret) _ .WithTenantId(folderAccess.Tenant) _ .Build() Dim scopes As String() = {"https://outlook.office365.com/.default"} Dim result As AuthenticationResult = Await app.AcquireTokenForClient(scopes).ExecuteAsync() Return result End Function ``` I am using .Net Framework 4.7.2, we have Windows Services and WinForms apps and both need to send out emails. The error message is very confusing to me because of course it is not a mobile app, and I have even created a UnitTest that seemingly works fine which again is very confusing to me. This is urgent as this is already causing issues for our customers. Thanks in advanc
LukeOB1
Copper Contributor
Aug 28, 2025
apis
Graph Security API
25Views
0likes
0Comments
Fetching user/riskyusers/risk_detections info in incremental approach
Hi All, Using @odata.deltaLink I am able to track changes in Microsoft Graph data for users. DeltaLink we can’t get changes related to SIGNINACTIVITY, AUTHENTICATION_METHODS_USER_REGISTRATION_DETAILS , USER_APP_ROLE_ASSIGNMENT. At present risky_users and risky_detections are not supported by delta queries. Any other approach where we can track changes apart from DeltaLink. Note: Apart from storing in DB and comparing.
esanya2280
Copper Contributor
May 26, 2025
Graph Security API
54Views
1like
0Comments
How to retrieve productName for incidents using Microsoft Graph API?
When using Microsoft Graph Security API, is it possible to get the productName field directly in the incident response (e.g., from /security/incidents endpoint)? Or is it only available at the alert level via /security/incidents/{id}/alerts?
esanya2280
Copper Contributor
Apr 13, 2025
Graph Security API
43Views
0likes
0Comments
Get Custom Details from Sentinel
How do I go about getting the custom details set using https://learn.microsoft.com/en-us/azure/sentinel/surface-custom-details-in-alerts using REST API? I need to do this outside of logic app and using REST API. The incidents API endpoint doesn’t provide this detail and I couldn’t find any API endpoint listed in https://learn.microsoft.com/en-us/rest/api/securityinsights/operation-groups?view=rest-securityinsights-2024-01-01-preview that would allow me get to get the custom details with the values. Is there a sentinel or a graph API endpoint that’ll allow for me to get this information?
Bharath_M
Copper Contributor
Mar 14, 2025
apis
Graph Security API
149Views
0likes
1Comment
Microsoft Defender "XDR" endpoint API Access (Powershell Script)
Hi Everyone, We are trying to access different part of Microsoft Defender. More precisely Endpoint after the XDR integration. We want to be able to get the different Permission Role and Device Group created. Also, the list of all advanced feature if they are enabled or not. We want to be able to get information like this The thing is, we try in a lot of way and could not find documentation about this precise request. We try with Graph Api and Rest Api. Always got error 401 (No permission). Could it be that those API are Private API from Microsoft ? https://security.microsoft.com/apiproxy/mtp/rbacManagementApi/rbac/user_roles https://security.microsoft.com/apiproxy/mtp/rbacManagementApi/rbac/machine_groups https://security.microsoft.com/apiproxy/mtp/settings/GetAdvancedFeaturesSetting
samuel2120
Copper Contributor
Oct 28, 2024
apis
Graph Security API
625Views
0likes
2Comments
Alerts V2 Subscription
I want to start get notified to Alerts v2 through Microsoft Graph Change notification. But subscription is not supported, any idea how can I do it? or ETA for support?
RcRonco
Copper Contributor
Mar 31, 2024
alerts
Graph Security API
467Views
0likes
0Comments
Major Delay with /alerts endpoint
Hey folks, I've been seeing some significant delays with the /alerts API endpoint. Ball park range of 2-5 hours. For example, there is an alert in Azure Sentinel that fires at ~13:00 UTC (based on TimeGenerated field). Our internal process that polls for new events from /alerts every ~2-3minutes doesn't pick up this new alert until ~17:00 UTC. I know there is the /alerts_v2 endpoint, and we're working on upgrading our processes to use that - but for the time being, I'm trying to find a solution / answer to this particular endpoint. Anyone experience this or have any insights?
skisec
Copper Contributor
Mar 26, 2024
alerts
apis
development
444Views
0likes
0Comments
MS Graph Authorization issue (Status code 401) - Power Automate Flow for Copilot Studio
Hi Folks, I am trying to develop a MS Power Automate Flow that can post QMS documents information to Copilot Studio bot based on users' question. I am using 'Create text with GPT using Prompt" to extract users' intention about documents from their natural language. Then use HTTP connector to post the results to Copilot Studio bot. I have done all the steps: 1. Registered App in Azure Portal 2. Granted Sites.Selected (Read) permission to my app so that it can read the information from QMS document library in SharePoint. We only want the app permission related to subsite not the whole site. The issue I am facing is that the HTTP action is still showing unauthorized Status code 401. Could you guide me if there is something incomplete or insufficient? Many thanks. After running please see below error: Best regards, perlite77
perlite77
Copper Contributor
Mar 24, 2024
apis
development
Graph Security API
591Views
0likes
0Comments
Connect Swimlane to pull Defender for Cloud Alerts
using Swimlane to ingest our alerts from Defender for cloud, I have setup our Access with the following items: URL: https://graph.microsoft.com/v1.0/security/alerts Token URL: https://login.microsoftonline.com/tenant-ID/oauth2/v2.0/token Client ID: pulled from Registered App Client Secret: Created a New Ceretificates & secrets and added that Value Scope: https://graph.microsoft.com/.default When I run my Action to capture the "List of Alerts", I receive the following error: "reason": "Bad Request", "json_body": { "error": "invalid_request", "error_description": "AADSTS90014: The required field 'scope' is missing from the credential. Ensure that you have all the necessary parameters for the login request...." What parameters and how are those added and to which section? I'm new to API calls and not sure of the process. Appreciate your help, Serge
SergioT1228
Brass Contributor
Mar 14, 2024
alerts
apis
Graph Security API
405Views
0likes
0Comments

Resources

Tags

Graph Security API30 Topics
apis23 Topics
development10 Topics
alerts8 Topics
Secure Score2 Topics