Authenticating using ConfidentialClient
Hello, Some of our customers are unable to send out automated emails because support for basic authentication with SMTP is being removed. I am looking at finding a solution and it seems the Graph API is the recommended approach. I have manage to create a working example using `PublicClientApplicationBuilder` however, this class displays a pop-up requiring the user to sign in, since we have automated services with no user interaction, this is not a good solution. I have seen some examples using `ConfidentialClientApplicationBuilder` and this seems idea. However, I have reached multiple dead-ends and everytime receive the error: > Confidential Client flows are not available on mobile platforms or on Mac.See https://aka.ms/msal-net-confidential-availability for details. Please would someone be able to help me. Why do I recieve this error? Whatever I do, whatever project I use, WinForm, Console app and Service I always get this error. I am storing my Client, Tenant and Secret in a database table and here is my code: ``` vb Private Async Function GetAppAuthentication() As Task(Of AuthenticationResult) Dim folderAccess = BLL.L2S.SystemApplicationGateway.GetFolderAccess(mBLL_SY.ReadonlyDbContext) If folderAccess Is Nothing Then Return Nothing End If Dim app = ConfidentialClientApplicationBuilder.Create(folderAccess.Client) _ .WithClientSecret(folderAccess.Secret) _ .WithTenantId(folderAccess.Tenant) _ .Build() Dim scopes As String() = {"https://outlook.office365.com/.default"} Dim result As AuthenticationResult = Await app.AcquireTokenForClient(scopes).ExecuteAsync() Return result End Function ``` I am using .Net Framework 4.7.2, we have Windows Services and WinForms apps and both need to send out emails. The error message is very confusing to me because of course it is not a mobile app, and I have even created a UnitTest that seemingly works fine which again is very confusing to me. This is urgent as this is already causing issues for our customers. Thanks in advanc
Fetching user/riskyusers/risk_detections info in incremental approach
Hi All, Using @odata.deltaLink I am able to track changes in Microsoft Graph data for users. DeltaLink we can’t get changes related to SIGNINACTIVITY, AUTHENTICATION_METHODS_USER_REGISTRATION_DETAILS , USER_APP_ROLE_ASSIGNMENT. At present risky_users and risky_detections are not supported by delta queries. Any other approach where we can track changes apart from DeltaLink. Note: Apart from storing in DB and comparing.How to retrieve productName for incidents using Microsoft Graph API?
When using Microsoft Graph Security API, is it possible to get the productName field directly in the incident response (e.g., from /security/incidents endpoint)? Or is it only available at the alert level via /security/incidents/{id}/alerts?Get Custom Details from Sentinel
How do I go about getting the custom details set using https://learn.microsoft.com/en-us/azure/sentinel/surface-custom-details-in-alerts using REST API? I need to do this outside of logic app and using REST API. The incidents API endpoint doesn’t provide this detail and I couldn’t find any API endpoint listed in https://learn.microsoft.com/en-us/rest/api/securityinsights/operation-groups?view=rest-securityinsights-2024-01-01-preview that would allow me get to get the custom details with the values. Is there a sentinel or a graph API endpoint that’ll allow for me to get this information?Microsoft Defender "XDR" endpoint API Access (Powershell Script)
Hi Everyone, We are trying to access different part of Microsoft Defender. More precisely Endpoint after the XDR integration. We want to be able to get the different Permission Role and Device Group created. Also, the list of all advanced feature if they are enabled or not. We want to be able to get information like this The thing is, we try in a lot of way and could not find documentation about this precise request. We try with Graph Api and Rest Api. Always got error 401 (No permission). Could it be that those API are Private API from Microsoft ? https://security.microsoft.com/apiproxy/mtp/rbacManagementApi/rbac/user_roles https://security.microsoft.com/apiproxy/mtp/rbacManagementApi/rbac/machine_groups https://security.microsoft.com/apiproxy/mtp/settings/GetAdvancedFeaturesSetting
MS Graph Authorization issue (Status code 401) - Power Automate Flow for Copilot Studio
Hi Folks, I am trying to develop a MS Power Automate Flow that can post QMS documents information to Copilot Studio bot based on users' question. I am using 'Create text with GPT using Prompt" to extract users' intention about documents from their natural language. Then use HTTP connector to post the results to Copilot Studio bot. I have done all the steps: 1. Registered App in Azure Portal 2. Granted Sites.Selected (Read) permission to my app so that it can read the information from QMS document library in SharePoint. We only want the app permission related to subsite not the whole site. The issue I am facing is that the HTTP action is still showing unauthorized Status code 401. Could you guide me if there is something incomplete or insufficient? Many thanks. After running please see below error: Best regards, perlite77
Connect Swimlane to pull Defender for Cloud Alerts
using Swimlane to ingest our alerts from Defender for cloud, I have setup our Access with the following items: URL: https://graph.microsoft.com/v1.0/security/alerts Token URL: https://login.microsoftonline.com/tenant-ID/oauth2/v2.0/token Client ID: pulled from Registered App Client Secret: Created a New Ceretificates & secrets and added that Value Scope: https://graph.microsoft.com/.default When I run my Action to capture the "List of Alerts", I receive the following error: "reason": "Bad Request", "json_body": { "error": "invalid_request", "error_description": "AADSTS90014: The required field 'scope' is missing from the credential. Ensure that you have all the necessary parameters for the login request...." What parameters and how are those added and to which section? I'm new to API calls and not sure of the process. Appreciate your help, SergeHow to use multiple filter operations in beta Graph API?
I am trying to run the following API: https://graph.microsoft.com/beta/users?$count=true&$filter=signInActivity/lastSignInDateTime le 2022-09-01T00:00:00Z and endsWith(mail,'@alumni.xxx.xxx') and I get the following response: { "error": { "code": "BadRequest", "message": "Filter not supported.", "innerError": { "date": "2022-12-22T19:21:39", "request-id": "d994b51c-xxxx-xxxx-b0d5-97a8923ab5t9", "client-request-id": "d302b51c-xxxx-yyyy-zzzz-12a8035ce9r9" } } } Any idea as to what I'm doing wrong? Thx
Create alert when a login was attempted from certain IP address (or block of addresses)
I'm trying to create an alert when there is a login attempt to certain IP, using the following MG Graph PS command: $newAlert = Invoke-RestMethod -Uri $alertUrl -Method Post -Headers $authHeader -Body $alertBody The response I got is: Invoke-RestMethod: {"error":{"code":"","message":"POST is not supported".... $alertUrl = "https://graph.microsoft.com/v1.0/security/alerts" $AlertBody = { "networkConnections": [{ "destinationAddress": "30.1XX.XX.XX" }], "title": "Login Attempt from Specific IP", "category": "SuspiciousActivity", "description": "Login attempt detected from IP address: 30.1XX.XX.XX", "vendorInformation": { "subProvider": "Sub Prov EFI", "provider": "Prov EFI"}, "assignedTo": "me", "cloudAppStates": [{ "servicePlanId": "00000000-0000-0000-0000-000000000000", "appId": "00000002-0000-0ff1-ce00-000000000000"}] } Assume Headers are OK (they are, verified) Question: What caused the error?. Is that the endpoint URI is not the correct one? or is that this kind of alerts cannot be set using Graph?
