Forum Widgets
Latest Discussions
Announcing Public Preview of Graph Security API
We are excited to announce the Public Preview availability of the Microsoft Graph Security API to the developer community! There will be more announcements coming in the next few days and months, so keep watching this Community for updates. Meanwhile, this is where our team will answer your questions and stay updated as we work on finalizing this new Microsoft Graph capability! Get started with our documentation: https://aka.ms/graphsecuritydocs Jump into our Code Samples: C#/ASP.NET (https://aka.ms/graphsecurityaspnet) Python (https://aka.ms/graphsecuritypython) Learn how to stream alerts to your SIEM (https://aka.ms/graphsecuritySIEM) If you are an ISV interested in integrating with the Graph Security API, we would love to hear from you in our Community for Integration Partners.Jeremy DallmanApr 17, 2018Microsoft936Views4likes0CommentsError Creating Microsoft Team with Graph
I am working on some code that started having issues in the last couple weeks. I am able with application permissions to create an Office 365 Group. When I try to run the Graph call to add a Microsoft Team to the group I am getting the following error. Failed to execute Aad backend request GetTenantSubscribedSkusRequest. Request Url: https://graph.windows.net/{TENANTID}/subscribedSkus?api-version=1.6, Request Method: GET, Response Status Code: Unauthorized, Response Headers: ocp-aad-diagnostics-server-name: +EOS4aiuOEFJVZdbhjMw16/+oK92lidT3YUz+JU856Q= request-id: 5e6ed525-6b55-49be-841f-cd2d29a91793 client-request-id: cd4049d9-1a5e-4282-b6e9-e74d89ade546 Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Wed, 26 Jun 2019 18:15:53 GMT I have found, through testing, that if I create a team using the Graph Explorer on the created group or if I create a team through the Teams UI that my code will start working for 24 hours and then I start getting the same error again. It seems to me like there is something wrong with the setup of application permissions in the Teams Graph API. Any help would be appreciated. Having to have a user manually create a team once every 24 hours to make my code work is not an ideal scenario.1.4KViews2likes1CommentConnect to the Microsoft Graph Security API without writing code!
We are happy to share two new options to connect with the Microsoft Graph Security API without having to write any code. Microsoft Graph Security connectors for Azure Logic Apps, Microsoft Flow, and PowerApps, which greatly simplify the development of automated security workflows. Microsoft Graph Security Power BI connector that enables rapid development of enterprise-wide security reports to gain rich security insights. Try the Microsoft Graph Security connectors and please share your feedback by filing a GitHub issue or by engaging on the Microsoft Security Graph API tech community or StackOverflow.Preeti_KrishnaFeb 14, 2019Microsoft2.6KViews2likes3CommentsPurchase office365 licenses using Microsoft Graph API
Can I purchase office365 licenses with the Microsoft Graph API? I haven't seen anything in the documentation and the only thing I found on the internet was this old link to stack overflow that says it's not possible - https://stackoverflow.com/questions/42826726/buy-o365-sku-license-via-graph-api/42846931#42846931 Any help will be great!jennie53197Jun 03, 2021Copper Contributor2.4KViews2likes2CommentsNew JavaScript code sample up on GitHub
Great news for JavaScript Developers! We've created another code sample for the Microsoft Graph Security API. Check it out on GitHub: https://github.com/microsoftgraph/nodejs-security-sample. If you have any questions, let us know here on TechCommunity. Now we need your input on where we focus for our next supported platform. Please take 2 minutes to fill out this quick survey: https://www.surveymonkey.com/r/ZLJQKTV. If there are new resources you would like to see us provide for the Security API developer community, please let us know here on TechCommunity.Edward KovalJun 13, 2018Microsoft658Views2likes0CommentsGet hands-on with the Security API @ MSBuild2018
If you are attending Microsoft BUILD 2018 next week in Seattle, make sure you stop by our two sessions or the Microsoft Graph booth to chat with the team and learn more our new API! Here's where to find us... Add these sessions to your calendar WRK2506 How to Build Security Applications using the Microsoft Graph API This will be our hands-on developer lab session where the Security API engineering team will help you expand your development skills to build a SecOps dashboard using the new Graph Security API. BRK2435 Unlocking security insights with Microsoft Graph API This will be our 45 minute breakout session diving into the purpose and use cases Graph Security API followed by some real world examples of applications leveraging the Security API today to help customers find new value in their security solutions. Visit the team at our Microsoft Graph booth Our engineering team will be staffing the Security booth inside the Microsoft Graph section of the Expo. Please stop by to chat with our team, get questions answered, and learn more about what is coming next in the Graph Security API! We are looking forward to talking with you at BUILD. Please add us to your plans as you plan out the week. If you are unable to attend BUILD this year, we welcome any/all questions you have about the Graph Security API in this community.Jeremy DallmanMay 02, 2018Microsoft1.2KViews2likes0CommentsLicensing when using Microsoft Graph API
Hi, I struggle to find out if there are any limitations on how you can use the alerts you have available in the Graph API. If I have 300 users, and I have 1 Azure AD Premium P2 license in my tenant, is this ok for me to read the alerts available in Graph for my users? What is the general guidelines for use of Graph API information and licensing? Regards Tore MelbergTore_MelbergJun 15, 2020Copper Contributor6.6KViews2likes1CommentStatus and access to eDiscovery results using API
Hi, I'm new to using the Graph API's for eDiscovery and am stuck on a few operations. Once I created a Case, Collection, Review Set, and associated the Collection with the Review Set, the discovery begins automatically. Great, so far! However, periodically I want to check the status on the discovery and review the results once the discovery is done. Anyone know if this is possible and how? Thanks, -HanielHaniel CroitoruMar 26, 2023Learn Expert725Views1like0CommentsIPC Security Alerts userStates data now returning null instead of information
Hello, I've noticed that all new security alerts generated from the IPC provider since 27 September no longer contain full userStates data. Specifically the accountName, domainName and userPrincipalName are all set to null. The only user identifier that is maintained is the aadUserId. Is anyone else seeing this issue? I pull alerts with a GET /v1.0/security/alerts?$filter=vendorinformation/provider eq 'IPC' Example snippet of the issue: New alerts: userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": null, "domainName": null, "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T20:06:19.5816216Z", "logonId": null, "logonIp": "127.83.247.216", "logonLocation": "Location, PT", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": null } ], versus an old alert userStates": [ { "aadUserId": "protecting-the-inno-cent-users", "accountName": "john.doe", "domainName": "example.net", "emailRole": "unknown", "isVpn": null, "logonDateTime": "2022-09-27T18:17:53.5121378Z", "logonId": null, "logonIp": "127.2.185.40", "logonLocation": "Location, CA", "logonType": null, "onPremisesSecurityIdentifier": null, "riskScore": null, "userAccountType": null, "userPrincipalName": "email address removed for privacy reasons" } ], I have a ticket open, but I do not have high hopes of explanation or resolution,netsecops_nerdOct 19, 2022Copper Contributor3.7KViews1like3Comments401 Unauthorized when accessing /messages api using client credentials grant flow
I have a mailbox in on prem exchange server (which is in hybrid mode) abc@onprem.com and i am trying to access this via graph api (/messages). This works perfectly if i do this in graph explorer, but fails when i do via postman. Required application permission is given in Azure app registration portal. Implementation/postman uses grant_type as client_credentials with certificate and this works perfectly for cloud users. Response of API { 'error': { 'innerError': { 'date': '2019-02-28T14:17:45', 'request-id': '6a85f8c3-4e13-4cf0-84b2-ddc934241afd' }, 'message': '', 'code': 'UnknownError' }} IIS Logs Added some headers like www-authenticate for logging and found that below is the error in IIS Log for on prem. 2019-03-04 04:05:13 172.31.10.98 GET /api/V2.0/Users('abc@onprem.com')/Messages &CorrelationID=;&cafeReqId=2823c302-3c84-4847-b586-accced4b6dd5; 443 - 20.190.145.177 PostmanRuntime/7.6.0 - 401 0 0 332 Bearer+eyJ0 blah blah.....blah blah.....hSd mail.onprem.com - - - Bearer+client_id="00000002-0000-0ff1-ce00-000000000000",+token_types="app_asserted_user_v1+service_asserted_app_v1",+authorization_uri="https://login.windows.net/common/oauth2/authorize",+error="invalid_token" 2000001;reason="This+token+profile+'V1S2SAppOnly'+is+not+applicable+for+the+current+protocol.";error_category="invalid_token" What would be reason for this authentication failure ? Is there something worng with client credentials grant flow (in graph explorer as we sign in and do query auth flow might not be client credentials) ? For graph explorer calls i see cs-username like `S-1-5-21-1392771109-4043059535-3934338706-1147` in IIS Log which doesn't come for postman calls. We are using self signed certificate on exchange server , can this lead to this issue ? If so wondering how everything is working from graph explorer.Karthik_HebbarMar 07, 2019Copper Contributor8.4KViews1like2Comments
Resources
Tags
- Graph Security API26 Topics
- apis21 Topics
- development9 Topics
- Alerts8 Topics
- Secure Score2 Topics