unifiedRoleManagementAlert resource type
Namespace: microsoft.graph
Important
APIs under the /beta
version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents the details of a security alert in Privileged Identity Management (PIM) for Microsoft Entra roles. The alert information includes the related alert definition, configuration, and incident collection in the tenant.
Each security alert in PIM for Microsoft Entra roles is of one of several types described in Get security alerts for Microsoft Entra roles. You can list details of the actual incidents of an alert using the incidents relationship. An alert and its related incidents are always of the same type. For example, an alert about too many global administrators in the tenant relates to incidents of the type tooManyGlobalAdminsAssignedToTenantAlertIncident.
Inherits from entity.
For more information about working with security alerts for Microsoft Entra roles using PIM APIs, see Manage security alerts for Microsoft Entra roles using PIM APIs in Microsoft Graph.
Methods
Method | Return type | Description |
---|---|---|
List | unifiedRoleManagementAlert collection | Get a list of the unifiedRoleManagementAlert objects and their properties. |
Get | unifiedRoleManagementAlert | Read the properties and relationships of an unifiedRoleManagementAlert object. |
Update | unifiedRoleManagementAlert | Update the properties of an unifiedRoleManagementAlert object. |
Refresh | None | Refresh incidents on all alerts or on a single alert for Privileged Identity Management (PIM) for Microsoft Entra roles. |
Get long running operation | None | Get the status of the refresh operation if it returned a Location object. |
Properties
Property | Type | Description |
---|---|---|
alertDefinitionId | String | The identifier of an alert definition. Supports $filter (eq , ne ). |
id | String | The identifier of the alert configuration. Inherited from entity. |
incidentCount | Int32 | The number of incidents triggered in the tenant and relating to the alert. Can only be a positive integer. |
isActive | Boolean | false by default. true if the alert is active. |
lastModifiedDateTime | DateTimeOffset | The date time when the alert configuration was updated or new incidents generated. |
lastScannedDateTime | DateTimeOffset | The date time when the tenant was last scanned for incidents that trigger this alert. |
scopeId | String | The identifier of the scope where the alert is related. / is the only supported one for the tenant. Supports $filter (eq , ne ). |
scopeType | String | The type of scope where the alert is created. DirectoryRole is the only currently supported scope type for Microsoft Entra roles. |
Relationships
Relationship | Type | Description |
---|---|---|
alertConfiguration | unifiedRoleManagementAlertConfiguration | The configuration of the alert in PIM for Microsoft Entra roles. Alert configurations are pre-defined and cannot be created or deleted, but some configurations can be modified. Supports $filter for the isEnabled property and $expand . |
alertDefinition | unifiedRoleManagementAlertDefinition | Contains the description, impact, and measures to mitigate or prevent the security alert from being triggered in your tenant. Supports $expand . |
alertIncidents | unifiedRoleManagementAlertIncident collection | Represents the incidents of this type of alert that have been triggered in Privileged Identity Management (PIM) for Microsoft Entra roles in the tenant. Supports $expand . |
The following JSON representation shows the resource type. The following is a JSON representation of the resource.
{
"@odata.type": "#microsoft.graph.unifiedRoleManagementAlert",
"id": "String (identifier)",
"alertDefinitionId": "String",
"scopeId": "String",
"scopeType": "String",
"incidentCount": "Integer",
"isActive": "Boolean",
"lastModifiedDateTime": "String (timestamp)",
"lastScannedDateTime": "String (timestamp)"
}