Connect to the Microsoft Graph Security API in Power BI Desktop

Note

The Microsoft Graph Security connector is deprecated as of May 2021 and has been removed from the "Get Data" experience in Power BI Desktop. We recommend that you replace existing connections that use this connector, and refrain from using this connector for new connections. For more information, see the Microsoft Graph Security documentation.

Use the Microsoft Graph Security connector of Power BI Desktop to connect to the Microsoft Graph Security API. You can then build dashboards and reports to gain insights into your security-related alerts and secure scores.

The Microsoft Graph Security API connects multiple security solutions from Microsoft and its partners to make correlation of alerts easier. This combination provides access to rich contextual information and simplifies automation. It empowers organizations to quickly gain insights and act across multiple security products, while reducing cost and complexity.

Prerequisites to use the Microsoft Graph Security connector

To use the Microsoft Graph Security connector, you must explicitly get consent by the Azure Active Directory (Azure AD) global administrator. See Microsoft Graph Security authentication requirements. Consent requires the connector's application ID and name, which is cited here and is available in the Azure portal:

Property Value
Application name MicrosoftGraphSecurityPowerBIConnector
Application ID cab163b7-247d-4cb9-be32-39b6056d4189
Redirect URI https://oauth.powerbi.com/views/oauthredirect.html

To grant consent for the connector, your Azure AD global administrator can use either of these methods:

The user account that signs in to the Microsoft Graph Security connector must be assigned the Azure AD Security Reader role, if the user isn't a member of the Security Administrator role. See Assign Azure AD roles to users.

Using the Microsoft Graph Security connector

Follow these steps to use the connector:

  1. Select Get data > More from the Home ribbon in Power BI Desktop.

  2. Select Online Services from the categories list on the left side of the window.

  3. Select Microsoft Graph Security (Beta).

    Screenshot shows the Get Data dialog with Online Services, then Microsoft Graph Security selected.

  4. In the Microsoft Graph Security window, select the Microsoft Graph API version to query: v1.0 or beta.

    Screenshot shows the Microsoft Graph Security dialog where you can select a version.

  5. Sign in to your Azure Active Directory account when you're prompted. This account needs to have the Security Reader or Security Administrator role, as mentioned in the previous section.

    Screenshot shows the Graph Security Connector Sign in option.

  6. If you're the administrator and you don't yet have consent to the Microsoft Graph Security Power BI connector (application), you see the following dialog. Select Consent on behalf of your organization.

    Screenshot shows the Permission requested page.

  7. When you're signed in, you see the following dialog that indicates that you've been authenticated. Select Connect.

    Screenshot shows the Graph Security Connector with You are currently signed in displayed.

  8. After you connect, the Navigator window displays the alerts, secure scores, and other entities that are available in the Microsoft Graph Security API for the version that you selected in step 4. Select one or more entities to import and use in Power BI Desktop. Then, select Load to get the result view that's shown after step 9.

    Screenshot shows the Navigator dialog.

  9. If you want to use an advanced query with the Microsoft Graph Security API, select Specify custom Microsoft Graph Security URL to filter results. Use this function to issue an OData.Feed query to the Microsoft Graph Security API with the required permissions.

    The following example uses the https://graph.microsoft.com/v1.0/security/alerts?$filter=Severity eq 'High' serviceUri. To see how to build queries to filter, order, or retrieve the most-recent results, refer to OData system query options.

    Screenshot shows the Odata feed for the example.

    When you select Invoke, the OData.Feed function makes a call to the API, which opens Power Query Editor. Filter and refine the set of data that you want to use. Then, you load that data into Power BI Desktop.

Here's the results window for the Microsoft Graph Security entities that we queried for:

Screenshot shows the results windows for the example.

Now you're ready to use the imported data from the Microsoft Graph Security connector in Power BI Desktop. You can create graphics or reports. Or, you can interact with other data that you import from Excel workbooks, databases, or other data sources.

Next steps