Defender for Identity alerts not showing when querying the Microsoft Graph Security API

brlgen · ‎Sep 01 2021

Anyone know whether or when MDI alerts will also show up in the Microsoft Graph Security API? They do show up in the unified Microsoft Security portal but when querying the graph API these alerts are not present in the list returned.

Thank you!

seth · ‎Aug 15 2022

@brlgen “Microsoft Defender for Identity alerts are available via the Microsoft Defender for Cloud Apps integration. This means you will get Microsoft Defender for Identity alerts only if you have joined Unified SecOps and connected Microsoft Defender for Identity into Microsoft Defender for Cloud Apps.”

Michael Shalev · ‎Sep 21 2022

Hi @brlgen - You should be calling the new M365 Defender APIs in MS Graph that include both unified Incidents as well as unified Alerts - in addition to returning alerts from all your licensed M365 Defender workloads, the new alerts support a much richer range of Alert Evidence.

Cheers,

Michael

Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Re: Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Re: Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Re: Defender for Identity alerts not showing when querying the Microsoft Graph Security API

Re: Defender for Identity alerts not showing when querying the Microsoft Graph Security API