Forum Discussion
Error using get-graphsecurityalert
I'm getting the following error when executing get-graphsecurityalert.
PS C:\get-graphsecurityalert
get-graphsecurityalert : Request to https://graph.microsoft.com/v1.0/security/alerts/?$top=100&$filter= failed with HTTP Status Forbidden Forbidden
At line:1 char:1
+ get-graphsecurityalert
+ ~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : NotSpecified: (:) [Write-Error], WriteErrorException
+ FullyQualifiedErrorId : Microsoft.PowerShell.Commands.WriteErrorException,Get-GraphSecurityAlert
I follow the instructions from the following URL:
https://blog.ciaops.com/2019/04/17/using-interactive-powershell-to-access-the-microsoft-graph/
This is my first attempt to use Microsoft Graph.
Thanks,
-Larry
2 Replies
- Hi Larry,
You are most likely getting a forbidden status code because you may have skipped the step to give your application admin consent when registering your application in Azure Portal.
To make sure your application has the necessary permissions, check Azure Portal to make sure your application has the green check marks next to the "SecurityEvents.ReadWrite.All" permissions stating that the tenant admin has given conset. Additionally, make sure that the user running the PowerShell script is a member of an Azure Active Directory Limited Admin role - either Security Reader or Security Administrator role. If the non-admin user is not in one of the mentioned roles, they cannot access security related data.
Hope this helps,
Edward- Thank you.. is was permission. I incorrectly selected Security.Action instead of Security.Event.Thank you again,-Larry
