Forum Discussion
Error using get-graphsecurityalert
I'm getting the following error when executing get-graphsecurityalert. PS C:\get-graphsecurityalert get-graphsecurityalert : Request to https://graph.microsoft.com/v1.0/security/alerts/?$top=1...
Hi Larry,
You are most likely getting a forbidden status code because you may have skipped the step to give your application admin consent when registering your application in Azure Portal.
To make sure your application has the necessary permissions, check Azure Portal to make sure your application has the green check marks next to the "SecurityEvents.ReadWrite.All" permissions stating that the tenant admin has given conset. Additionally, make sure that the user running the PowerShell script is a member of an Azure Active Directory Limited Admin role - either Security Reader or Security Administrator role. If the non-admin user is not in one of the mentioned roles, they cannot access security related data.
Hope this helps,
Edward
You are most likely getting a forbidden status code because you may have skipped the step to give your application admin consent when registering your application in Azure Portal.
To make sure your application has the necessary permissions, check Azure Portal to make sure your application has the green check marks next to the "SecurityEvents.ReadWrite.All" permissions stating that the tenant admin has given conset. Additionally, make sure that the user running the PowerShell script is a member of an Azure Active Directory Limited Admin role - either Security Reader or Security Administrator role. If the non-admin user is not in one of the mentioned roles, they cannot access security related data.
Hope this helps,
Edward
Thank you.. is was permission. I incorrectly selected Security.Action instead of Security.Event.
Thank you again,
-Larry