Hi @isaacroitman, we currently don't have a developer sandbox for Graph Security API, but there's an alternative way. On our alerts documentation page, there are a list of alert providers. You can click on relevant providers to get trials and simulate alerts to set this up in your own environment. 

Let us know if you need any further help with that. 

Not a actual Microsoft initiative (working on the side), but something that may be of interest. Microsoft announced the Powershell Integration with Jupyter Notebooks. I'll be working on a Jupyter Powershell notebook that will do sorta that scenario. It would be to trigger events in the Graph API with notebooks and then using another notebook to query the graph API to generate the reports and visuals that surface the triggered scenario. Not directly a sandbox so you would need to delineate or exempt these events from any SOC operations to respond to it. But I would imagine the notebooks can easily be used to perform red-team/blue team exercises and import relevant modules/tools for your group. Sign-up for a webinar around Jupyter Notebooks and Powershell I am hosting next week here which I show how to query the graph API, but alot of possibilities once you get familiar with building a Jupyter notebook. Here are some links Announcement: https://lnkd.in/gkHqu5E Sign-up for Webinar: https://lnkd.in/gUextfb