Sep 01 2021 07:24 AM
Anyone know whether or when MDI alerts will also show up in the Microsoft Graph Security API? They do show up in the unified Microsoft Security portal but when querying the graph API these alerts are not present in the list returned.
Thank you!
Aug 15 2022 01:48 PM
@brlgen “Microsoft Defender for Identity alerts are available via the Microsoft Defender for Cloud Apps integration. This means you will get Microsoft Defender for Identity alerts only if you have joined Unified SecOps and connected Microsoft Defender for Identity into Microsoft Defender for Cloud Apps.”
Sep 21 2022 10:02 PM
Hi @brlgen - You should be calling the new M365 Defender APIs in MS Graph that include both unified Incidents as well as unified Alerts - in addition to returning alerts from all your licensed M365 Defender workloads, the new alerts support a much richer range of Alert Evidence.
Cheers,
Michael