Forum Widgets
Latest Discussions
Announcing Public Preview of Graph Security API
We are excited to announce the Public Preview availability of the Microsoft Graph Security API to the developer community! There will be more announcements coming in the next few days and months, so keep watching this Community for updates. Meanwhile, this is where our team will answer your questions and stay updated as we work on finalizing this new Microsoft Graph capability! Get started with our documentation: https://aka.ms/graphsecuritydocs Jump into our Code Samples: C#/ASP.NET (https://aka.ms/graphsecurityaspnet) Python (https://aka.ms/graphsecuritypython) Learn how to stream alerts to your SIEM (https://aka.ms/graphsecuritySIEM) If you are an ISV interested in integrating with the Graph Security API, we would love to hear from you in our Community for Integration Partners.Error Creating Microsoft Team with Graph
I am working on some code that started having issues in the last couple weeks. I am able with application permissions to create an Office 365 Group. When I try to run the Graph call to add a Microsoft Team to the group I am getting the following error. Failed to execute Aad backend request GetTenantSubscribedSkusRequest. Request Url: https://graph.windows.net/{TENANTID}/subscribedSkus?api-version=1.6, Request Method: GET, Response Status Code: Unauthorized, Response Headers: ocp-aad-diagnostics-server-name: +EOS4aiuOEFJVZdbhjMw16/+oK92lidT3YUz+JU856Q= request-id: 5e6ed525-6b55-49be-841f-cd2d29a91793 client-request-id: cd4049d9-1a5e-4282-b6e9-e74d89ade546 Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Wed, 26 Jun 2019 18:15:53 GMT I have found, through testing, that if I create a team using the Graph Explorer on the created group or if I create a team through the Teams UI that my code will start working for 24 hours and then I start getting the same error again. It seems to me like there is something wrong with the setup of application permissions in the Teams Graph API. Any help would be appreciated. Having to have a user manually create a team once every 24 hours to make my code work is not an ideal scenario.Connect to the Microsoft Graph Security API without writing code!
We are happy to share two new options to connect with the Microsoft Graph Security API without having to write any code. Microsoft Graph Security connectors for Azure Logic Apps, Microsoft Flow, and PowerApps, which greatly simplify the development of automated security workflows. Microsoft Graph Security Power BI connector that enables rapid development of enterprise-wide security reports to gain rich security insights. Try the Microsoft Graph Security connectors and please share your feedback by filing a GitHub issue or by engaging on the Microsoft Security Graph API tech community or StackOverflow.
Purchase office365 licenses using Microsoft Graph API
Can I purchase office365 licenses with the Microsoft Graph API? I haven't seen anything in the documentation and the only thing I found on the internet was this old link to stack overflow that says it's not possible - https://stackoverflow.com/questions/42826726/buy-o365-sku-license-via-graph-api/42846931#42846931 Any help will be great!
New JavaScript code sample up on GitHub
Great news for JavaScript Developers! We've created another code sample for the Microsoft Graph Security API. Check it out on GitHub: https://github.com/microsoftgraph/nodejs-security-sample. If you have any questions, let us know here on TechCommunity. Now we need your input on where we focus for our next supported platform. Please take 2 minutes to fill out this quick survey: https://www.surveymonkey.com/r/ZLJQKTV. If there are new resources you would like to see us provide for the Security API developer community, please let us know here on TechCommunity.Get hands-on with the Security API @ MSBuild2018
If you are attending Microsoft BUILD 2018 next week in Seattle, make sure you stop by our two sessions or the Microsoft Graph booth to chat with the team and learn more our new API! Here's where to find us... Add these sessions to your calendar WRK2506 How to Build Security Applications using the Microsoft Graph API This will be our hands-on developer lab session where the Security API engineering team will help you expand your development skills to build a SecOps dashboard using the new Graph Security API. BRK2435 Unlocking security insights with Microsoft Graph API This will be our 45 minute breakout session diving into the purpose and use cases Graph Security API followed by some real world examples of applications leveraging the Security API today to help customers find new value in their security solutions. Visit the team at our Microsoft Graph booth Our engineering team will be staffing the Security booth inside the Microsoft Graph section of the Expo. Please stop by to chat with our team, get questions answered, and learn more about what is coming next in the Graph Security API! We are looking forward to talking with you at BUILD. Please add us to your plans as you plan out the week. If you are unable to attend BUILD this year, we welcome any/all questions you have about the Graph Security API in this community.
Licensing when using Microsoft Graph API
Hi, I struggle to find out if there are any limitations on how you can use the alerts you have available in the Graph API. If I have 300 users, and I have 1 Azure AD Premium P2 license in my tenant, is this ok for me to read the alerts available in Graph for my users? What is the general guidelines for use of Graph API information and licensing? Regards Tore Melberg
Fetching user/riskyusers/risk_detections info in incremental approach
Hi All, Using @odata.deltaLink I am able to track changes in Microsoft Graph data for users. DeltaLink we can’t get changes related to SIGNINACTIVITY, AUTHENTICATION_METHODS_USER_REGISTRATION_DETAILS , USER_APP_ROLE_ASSIGNMENT. At present risky_users and risky_detections are not supported by delta queries. Any other approach where we can track changes apart from DeltaLink. Note: Apart from storing in DB and comparing.Status and access to eDiscovery results using API
Hi, I'm new to using the Graph API's for eDiscovery and am stuck on a few operations. Once I created a Case, Collection, Review Set, and associated the Collection with the Review Set, the discovery begins automatically. Great, so far! However, periodically I want to check the status on the discovery and review the results once the discovery is done. Anyone know if this is possible and how? Thanks, -HanielIPC Security Alerts userStates data now returning null instead of information
Hello, I've noticed that all new security alerts generated from the IPC provider since 27 September no longer contain full userStates data. Specifically the accountName, domainName and userPrincipalName are all set to null. The only user identifier that is maintained is the aadUserId. Is anyone else seeing this issue? I pull alerts with a GET /v1.0/security/alerts?$filter=vendorinformation/provider eq 'IPC' Example snippet of the issue: New alerts: userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": null, "domainName": null, "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T20:06:19.5816216Z", "logonId": null, "logonIp": "127.83.247.216", "logonLocation": "Location, PT", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": null } ], versus an old alert userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": "john.doe", "domainName": "example.net", "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T18:17:53.5121378Z", "logonId": null, "logonIp": "127.2.185.40", "logonLocation": "Location, CA", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": "email address removed for privacy reasons" } ], I have a ticket open, but I do not have high hopes of explanation or resolution,
