Forum Discussion
Authorization and Microsoft Graph Security API
jyisas There are significant security considerations when using application auth, specifically: this will bypass role based access control (RBAC) enforcement which is defined and enforced at user level, i.e when User/Delegated auth mode is used.
The recommended practice when using app-level auth would be to enforce necessary access control in the app calling the Graph Security API
It's unfortunate that there is no option to use the "Security Operator" role just for the implementation use cases where there is only the requirement to read and update (e.g. close) MS Graph Security API security alerts under a delegated permissions scenario. In that case the only option available seems to require the "Security Admin" role to be assigned. At the same time there are also challenges with monitoring and alerting options if we use app-level auth.