The Microsoft Graph Security API is now generally available
Published Sep 25 2018 05:00 AM 32.3K Views

Today, we are pleased to announce general availability of the Microsoft Graph Security API, which empowers customers to streamline security operations and better defend their digital estate against increasing cyber threats.


As the number of security solutions and volume of security data grows, the ability to quickly extract value becomes more difficult. Integrating each new solution with existing security tools and workflows means added cost, time, and complexity. As a result, opportunities to correlate alerts and context to improve threat protection and response are often unrealized. By connecting an ecosystem of security solutions, the Microsoft Graph Security API provides a standard interface and uniform schema to integrate security alerts, unlock contextual information, and simplify security automation.


In addition to general availability, we also announced an expanded set of alerts providers, new capabilities, and more resources for developers:


  • Organizations can now use the Microsoft Graph Security API to easily access alerts from the following security solutions:
    • Azure Active Directory Identity Protection
    • Azure Information Protection
    • Azure Security Center
    • Microsoft Cloud App Security
    • Microsoft Intune
    • Windows Defender ATP
    • Office 365 ATP and Azure ATP (coming soon)
  • In addition to getting alerts, the Microsoft Graph Security API can now also be used to update alerts. Alerts can be tagged with additional context or threat intelligence to inform response and remediation, comments and feedback can be captured for visibility to other workflows, and alert status and assignments can be kept in sync. 
  • Support for streaming alerts to SIEM solutions, like Splunk and IBM QRadar, through Azure Monitor has expanded to include additional Microsoft security products.
  • Microsoft Secure Score is now available in beta as part of Microsoft Graph Security – helping customers proactively manage security risk by providing visibility into their security posture and guidance on how to improve it. 
  • Building integrated applications is easier than ever with the following new and updated resources:


Enabling a partner ecosystem

We are committed to working closely with the security ecosystem to make it simpler for our customers to integrate a variety of security solutions in their enterprise. Today, we are also announcing the following new integration partners:


  • Lookout adds mobile device security telemetry into the Microsoft Graph for unique threat detection, protection, visibility and control of iOS and Android devices
  • Illumio Adaptive Security Platform uses the Graph Security API to surface unauthorized network connection attempts, enabling customers to make better security decisions.
  • Demisto integrates with Security Graph API to enable alert ingestion across sources, rich and correlated threat context, and automated incident response at scale.
  • Symantec alerts are accessible from the Graph Security API, delivering insights from its Cloud Workload Protection solution to improve management of cloud security risks.
  • Contrast Security integrates with the Graph Security API to unlock highly relevant security intelligence from inside the application layer to manage overall cyber risk.
  • Softeng provides customers with alerts information delivered by Microsoft Graph Security, empowering its clients with a personalized and unified view of their security risks.


In addition, Palo Alto Networks and Anomali have built upon the integrations that were showcased at the RSA Conference this Spring to make the following integrations publicly available:

  • The Palo Alto Networks provider allows applications to access alerts and contextual information from the Application Framework using the Graph Security API.
  • Anomali integrates with the Graph Security API to correlate alerts from Microsoft Graph with threat intelligence, providing earlier detection and response to cyber threats.


Get started today:

If you’re attending Microsoft Ignite 2018, you can learn more about the security API by attending one of our sessions:


  • Tuesday, September 25
    • 1:40pm-2pm: THR2014 - Partner showcase: Empowering security ecosystem partners using Microsoft Graph Security API
  • Wednesday, September 26
    • 10:15am-11am: BRK2012 - Harnessing the power of the Intelligent Security Graph
    • 2:15pm-2:35pm: THR2015 - Partner showcase: Empowering security ecosystem partners using Microsoft Graph Security API
  •  Thursday, September 27
    • 12:45pm-1:30pm: BRK3022 - Unlocking security insights with the Microsoft Graph Security API
    • 4pm-5:15pm: WRK3006 - How to build security applications using the Microsoft Graph Security API
  •  Friday, September 28
    • 9am-10:15am: WRK3006R - How to build security applications using the Microsoft Graph Security API (Repeat)


There will be a hands-on lab - HOL3001: How to build security applications using the Microsoft Graph Security API during the week for self-paced learning.


You can also stop by our demo station in the Microsoft Security area in the Modern Workplace section on the expo floor to learn about the API and see partner integration demos.


Finally, you can join the conversation in the Microsoft Graph Security API TechCommunity and follow the discussion on Stack Overflow.

Version history
Last update:
‎May 11 2021 02:03 PM
Updated by: