To retrieve security alerts for an application available in the Microsoft Azure tenant using the Microsoft Graph Security API, you must register the application in the Microsoft Azure portal and grant security event read and write access to the application.

Before you begin

Role required:
  • Application Developer: Required for registering the application.
  • Tenant Administrator: The Microsoft Azure tenant administrator must grant permissions to the application by making a call to the admin consent endpoint.

Procedure

  1. Log into the Microsoft Azure portal.
  2. Enter App registrations in the Search box.
  3. Click New registration.
  4. Enter a name for your application and the redirect URI, for example http://localhost and click Register.
    The Redirect URI is used while providing admin consent for the application.
  5. In the App registrations page, select the application you have registered, for example Graph Security Demo.
  6. Under Manage, select Certificates & secrets.

    MIicrosoft Azure portal configuration
  7. Select New client secret to create a client secret.
    Copy the client secret and save it as it will not be visible later. In case you forgot the client secret you can generate a new client secret.
    Note: If you forget the client secret, you can generate a new one by following the instructions in steps 4 and 5.
  8. Click View API Permissions in the Overview page.
  9. Add new Application level API permissions for SecurityEvents.ReadWrite.All security events.

    Microsoft Graph Security API configuration: security events
  10. Grant admin consent for the newly added API permissions.
    For more information, see the Microsoft Graph Permissions reference Microsoft Graph permission model.

    Microsoft Graph Security API configuration: grant admin consent
  11. Login as a tenant administrator and provide consent for the application.
    The steps are given below:
    1. Navigate to the following URL: https://login.microsoftonline.com/common/adminconsent?client_id=APPLICATION_ID&state=12345

      Enter the APPLICATION_ID of the application that you have registered.

  12. Click Accept to accept permissions requested by the application created above.
    You can then use the application to read security events. See the Microsoft Graph Security Authorization documentation for more details.