Microsoft Entra Suite Tech Accelerator
Aug 14 2024, 07:00 AM - 09:30 AM (PDT)
Microsoft Tech Community

IdentityInfo not available via /api/advancedqueries

Copper Contributor

Hello,

I created a query in the advanced hunting interface from security.microsoft.com.

It accesses the tables DeviceInfo and IdentityInfo and gets out the eMail of the last logged in User.

Now I wanted to create a script to load this data in a nightly job in a database like I already do with other data from the API.

But querying the IdentityInfo fails, because the table is not visible via the advancedqueries-API !

I boiled it down to just query the table (target is redacted by me) :

Query =  'IdentityInfo ' gives: 

https://api.securitycenter.microsoft.com:443 "POST /api/advancedqueries/run HTTP/1.1" 400 213

{"error":{"code":"BadRequest","message":"\'\' operator: Failed to resolve table or column or scalar expression named \'IdentityInfo\'. Fix semantic errors in your query","target":"xxxxxxxxxx"}}'

 

I thought the advanced-queries API should support all the Hunting queries.

Even here the table IdentityInfo is regarded as an example :

Best practices for leveraging Microsoft 365 Defender API's - Episode One - Microsoft Tech Community

 

2 Replies
Hello
I was having the exact same problem before i went on leave. first days of this week, i was able to successfully execute queries towards this table via API, but since yesterday, i'm stuck again. Is there any way we can check if any given GRAPH app has access rights to this table?