As of now, you can only use the subscriptions resource to subscribe to the Legacy Alerts resources in Graph: https://learn.microsoft.com/en-us/graph/api/resources/subscription?view=graph-rest-1.0
The Legacy Alert resource does not include alerts generated for Microsoft Defender for Endpoint: https://learn.microsoft.com/en-us/graph/api/resources/security-api-overview?view=graph-rest-1.0#legacy-alerts
This means that there is currently no functionality to create a Graph subscription for alerts generated from Microsoft Defender for Endpoint. For organizations that want to trigger a workflow from a webhook in response to an MDE alert, this leaves no option for an instant webhook.
1 Comment
+1 for this essential feature. Especially since the legacy API is deprecated and will be decommissioned in April, 2026: https://github.com/microsoftgraph/microsoft-graph-docs-contrib/blob/main/api-reference/v1.0/resources/alert.md. That's just in a couple of months.
There is no option for organizations to get a push notification. And, the rate limits on the Graph API are real, so continuously polling is also an issue (despite being architecturally poorly and delayed in this time and age).
