Graph Security API - Specific service permissions?

We have configured our application and granted "SecurityEvents.ReadAll" permissions to be able to pull alerts, and we can see alerts from Sentinel,Security Center, Microsoft 365 Alerts and so forth. From my research it seems the scope for Graph permissions are the following. Is it possible to limit an application to pull ONLY Security Center or Sentinel alerts?

Permission Entity Supported requests

SecurityActions.Read.All	• securityActions (preview)	GET
SecurityActions.ReadWrite.All	• securityActions (preview)	GET, POST
SecurityEvents.Read.All	• alerts • secureScores • secureScoreControlProfiles	GET
SecurityEvents.ReadWrite.All	• alerts • secureScores • secureScoreControlProfiles	GET, POST, PATCH
ThreatIndicators.ReadWrite.OwnedBy	• tiIndicator (preview)	GET, POST, PATCH, DELETE

PS I know you can filter them out, but I want to limit the applications from being able to pull them in the first place.

0 Replies

Check This Out! (CTO!) Guide (February AND March 2024)

by BrandonWilson on April 06, 2024

2773 Views

1 Likes

1 Replies

Zero Trust: Rapid Offboarding with Intune and Microsoft Entra ID

by Jason Cody on February 29, 2024

24366 Views

2 Likes

7 Replies

Microsoft Entra’s top 50 features of 2023

by Shobhit Sahay on January 19, 2024

26952 Views

3 Likes

1 Replies

ConfigMgr CMG Least Privilege Setup Approach

by jonasoh on January 15, 2024

3527 Views

1 Likes

0 Replies

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Graph Security API - Specific service permissions?

Graph Security API - Specific service permissions?