Forum Discussion

vimal_raj1984hotmail's avatar
vimal_raj1984hotmail
MCT
Nov 07, 2025

Your assessment is correct, and your proposed solution is the right one.

Since the Microsoft Graph advanced hunting API (/security/runHuntingQuery) is not yet available in the sovereign cloud for China (operated by 21Vianet), you cannot rely on it exclusively if you need to support tenants in that region.

Therefore, the recommended approach for an application that must support all regions (Global, US Government, and China) is to implement a conditional logic based on the tenant's region.

Recommended Implementation Strategy:

  1. Determine the Tenant's Region: Use the OIDC discovery mechanism described in the first point. The domain of the token_endpoint is your most reliable indicator of the region.
    • login.microsoftonline.com -> Global
    • login.microsoftonline.us -> US Government
    • login.chinacloudapi.cn -> China
  2. Implement Conditional API Logic: In your application's code, use an if/else or switch statement based on the determined region.
    • For Global and US Government Tenants:
      • Use the Microsoft Graph Advanced Hunting API.
      • Request an access token for the appropriate Graph resource (https://graph.microsoft.com or https://graph.microsoft.us ).
      • Make your POST request to the corresponding Graph endpoint: https://graph.microsoft.com/v1.0/security/runHuntingQuery or https://graph.microsoft.us/v1.0/security/runHuntingQuery.
    • For China Tenants:
      • Fall back to the legacy Microsoft Defender XDR Advanced Hunting API.
      • Request an access token for the Defender XDR API resource specific to China. The resource URI is typically the API endpoint itself (https://api.securitycenter.windows.azure.cn ).
      • Make your POST request to the legacy China-specific endpoint: https://api.securitycenter.windows.azure.cn/api/advancedhunting/run.

This hybrid approach ensures your application functions correctly for all customers today while positioning you to easily switch the China tenants to the Graph API once it becomes available there. You would simply update the conditional logic to treat China the same as the global service.

Resources