Azure permissions for Security

This article lists the permissions for the Azure resource providers in the Security category. You can use these permissions in your own Azure custom roles to provide granular access control to resources in Azure. Permission strings have the following format: {Company}.{ProviderName}/{resourceType}/{action}

Microsoft.AppComplianceAutomation

Azure service: App Compliance Automation Tool for Microsoft 365

Action Description
Microsoft.AppComplianceAutomation/onboard/action Onboard given subscriptions to Microsoft.AppComplianceAutomation provider.
Microsoft.AppComplianceAutomation/triggerEvaluation/action Trigger quick evaluation for the given subscriptions.
Microsoft.AppComplianceAutomation/listInUseStorageAccounts/action List the storage accounts which are in use by related reports
Microsoft.AppComplianceAutomation/checkNameAvailability/action action checkNameAvailability
Microsoft.AppComplianceAutomation/getCollectionCount/action Get the count of reports.
Microsoft.AppComplianceAutomation/getOverviewStatus/action Get the resource overview status.
Microsoft.AppComplianceAutomation/register/action Register the subscription for Microsoft.AppComplianceAutomation
Microsoft.AppComplianceAutomation/unregister/action Unregister the subscription for Microsoft.AppComplianceAutomation
Microsoft.AppComplianceAutomation/locations/operationStatuses/read read operationStatuses
Microsoft.AppComplianceAutomation/locations/operationStatuses/write write operationStatuses
Microsoft.AppComplianceAutomation/operations/read read operations
Microsoft.AppComplianceAutomation/reports/read Get the AppComplianceAutomation report list for the tenant.
Microsoft.AppComplianceAutomation/reports/read Get the AppComplianceAutomation report and its properties.
Microsoft.AppComplianceAutomation/reports/write Create a new AppComplianceAutomation report or update an exiting AppComplianceAutomation report.
Microsoft.AppComplianceAutomation/reports/delete Delete an AppComplianceAutomation report.
Microsoft.AppComplianceAutomation/reports/write Update an exiting AppComplianceAutomation report.
Microsoft.AppComplianceAutomation/reports/checkNameAvailability/action Checks the report's nested resource name availability, e.g: Webhooks, Evidences, Snapshots.
Microsoft.AppComplianceAutomation/reports/fix/action Fix the AppComplianceAutomation report error. e.g: App Compliance Automation Tool service unregistered, automation removed.
Microsoft.AppComplianceAutomation/reports/getScopingQuestions/action Fix the AppComplianceAutomation report error. e.g: App Compliance Automation Tool service unregistered, automation removed.
Microsoft.AppComplianceAutomation/reports/syncCertRecord/action Synchronize attestation record from app compliance.
Microsoft.AppComplianceAutomation/reports/verify/action Verify the AppComplianceAutomation report health status.
Microsoft.AppComplianceAutomation/reports/evidences/read Returns a paginated list of evidences for a specified report.
Microsoft.AppComplianceAutomation/reports/evidences/read Get the evidence metadata
Microsoft.AppComplianceAutomation/reports/evidences/write Create or Update an evidence a specified report
Microsoft.AppComplianceAutomation/reports/evidences/delete Delete an existent evidence from a specified report
Microsoft.AppComplianceAutomation/reports/evidences/download/action Download evidence file.
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/read Returns a list format of the singleton scopingConfiguration for a specified report.
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/read Get the AppComplianceAutomation scoping configuration of the specific report.
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/write Get the AppComplianceAutomation scoping configuration of the specific report.
Microsoft.AppComplianceAutomation/reports/scopingConfigurations/delete Clean the AppComplianceAutomation scoping configuration of the specific report.
Microsoft.AppComplianceAutomation/reports/snapshots/read Get the AppComplianceAutomation snapshot list.
Microsoft.AppComplianceAutomation/reports/snapshots/read Get the AppComplianceAutomation snapshot and its properties.
Microsoft.AppComplianceAutomation/reports/snapshots/download/action Download compliance needs from snapshot, like: Compliance Report, Resource List.
Microsoft.AppComplianceAutomation/reports/webhooks/read Get the AppComplianceAutomation webhook list.
Microsoft.AppComplianceAutomation/reports/webhooks/read Get the AppComplianceAutomation webhook and its properties.
Microsoft.AppComplianceAutomation/reports/webhooks/write Create a new AppComplianceAutomation webhook or update an exiting AppComplianceAutomation webhook.
Microsoft.AppComplianceAutomation/reports/webhooks/delete Delete an AppComplianceAutomation webhook.
Microsoft.AppComplianceAutomation/reports/webhooks/write Update an exiting AppComplianceAutomation webhook.

Microsoft.DataProtection

Azure service: Data Protection

Action Description
Microsoft.DataProtection/register/action Registers subscription for given Resource Provider
Microsoft.DataProtection/unregister/action Unregisters subscription for given Resource Provider
Microsoft.DataProtection/backupVaults/write Create BackupVault operation creates an Azure resource of type 'Backup Vault'
Microsoft.DataProtection/backupVaults/write Update BackupVault operation updates an Azure resource of type 'Backup Vault'
Microsoft.DataProtection/backupVaults/read The Get Backup Vault operation gets an object representing the Azure resource of type 'Backup Vault'
Microsoft.DataProtection/backupVaults/read Gets list of Backup Vaults in a Subscription
Microsoft.DataProtection/backupVaults/read Gets list of Backup Vaults in a Resource Group
Microsoft.DataProtection/backupVaults/delete The Delete Vault operation deletes the specified Azure resource of type 'Backup Vault'
Microsoft.DataProtection/backupVaults/validateForBackup/action Validates for backup of Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/write Creates a Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/validateForModifyBackup/action Validates for modification of Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/delete Deletes the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/read Returns details of the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/read Returns all Backup Instances
Microsoft.DataProtection/backupVaults/backupInstances/backup/action Performs Backup on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/sync/action Sync operation retries last failed operation on backup instance to bring it to a valid state.
Microsoft.DataProtection/backupVaults/backupInstances/restore/action Triggers restore on the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/validateRestore/action Validates for Restore of the Backup Instance
Microsoft.DataProtection/backupVaults/backupInstances/stopProtection/action Stop Protection operation stops both backup and retention schedules of backup instance. Existing data will be retained forever.
Microsoft.DataProtection/backupVaults/backupInstances/suspendBackups/action Suspend Backups operation stops only backups of backup instance. Retention activities will continue and hence data will be ratained as per policy.
Microsoft.DataProtection/backupVaults/backupInstances/resumeProtection/action Resume protection of a ProtectionStopped BI.
Microsoft.DataProtection/backupVaults/backupInstances/resumeBackups/action Resume Backups for a BackupsSuspended BI.
Microsoft.DataProtection/backupVaults/backupInstances/findRestorableTimeRanges/action Finds Restorable Time Ranges
Microsoft.DataProtection/backupVaults/backupInstances/operationResults/read Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Returns details of the Recovery Point
Microsoft.DataProtection/backupVaults/backupInstances/recoveryPoints/read Returns all Recovery Points
Microsoft.DataProtection/backupVaults/backupJobs/read Get Jobs list
Microsoft.DataProtection/backupVaults/backupJobs/enableProgress/action Get Job details
Microsoft.DataProtection/backupVaults/backupPolicies/write Creates Backup Policy
Microsoft.DataProtection/backupVaults/backupPolicies/delete Deletes the Backup Policy
Microsoft.DataProtection/backupVaults/backupPolicies/read Returns details of the Backup Policy
Microsoft.DataProtection/backupVaults/backupPolicies/read Returns all Backup Policies
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read Get the list of ResourceGuard proxies for a resource
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/read Get ResourceGuard proxy operation gets an object representing the Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/write Create ResourceGuard proxy operation creates an Azure resource of type 'ResourceGuard Proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/delete The Delete ResourceGuard proxy operation deletes the specified Azure resource of type 'ResourceGuard proxy'
Microsoft.DataProtection/backupVaults/backupResourceGuardProxies/unlockDelete/action Unlock delete ResourceGuard proxy operation unlocks the next delete critical operation
Microsoft.DataProtection/backupVaults/deletedBackupInstances/undelete/action Perform undelete of soft-deleted Backup Instance. Backup Instance moves from SoftDeleted to ProtectionStopped state.
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read Get soft-deleted Backup Instance in a Backup Vault by name
Microsoft.DataProtection/backupVaults/deletedBackupInstances/read List soft-deleted Backup Instances in a Backup Vault.
Microsoft.DataProtection/backupVaults/operationResults/read Gets Operation Result of a Patch Operation for a Backup Vault
Microsoft.DataProtection/backupVaults/operationStatus/read Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/locations/checkNameAvailability/action Checks if the requested BackupVault Name is Available
Microsoft.DataProtection/locations/getBackupStatus/action Check Backup Status for Recovery Services Vaults
Microsoft.DataProtection/locations/checkFeatureSupport/action Validates if a feature is supported
Microsoft.DataProtection/locations/operationResults/read Returns Backup Operation Result for Backup Vault.
Microsoft.DataProtection/locations/operationStatus/read Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/operations/read Operation returns the list of Operations for a Resource Provider
Microsoft.DataProtection/subscriptions/providers/resourceGuards/read Gets list of ResourceGuards in a Subscription
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchSecondaryRecoveryPoints/action Returns recovery points from secondary region for cross region restore enabled Backup Vaults.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/crossRegionRestore/action Triggers cross region restore operation on given backup instance.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/validateCrossRegionRestore/action Performs validations for cross region restore operation.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJobs/action List cross region restore jobs of backup instance from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/fetchCrossRegionRestoreJob/action Get cross region restore job details from secondary region.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/locations/operationStatus/read Returns Backup Operation Status for Backup Vault.
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write Create ResourceGuard operation creates an Azure resource of type 'ResourceGuard'
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read The Get ResourceGuard operation gets an object representing the Azure resource of type 'ResourceGuard'
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/delete The Delete ResourceGuard operation deletes the specified Azure resource of type 'ResourceGuard'
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/read Gets list of ResourceGuards in a Resource Group
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/write Update ResouceGuard operation updates an Azure resource of type 'ResourceGuard'
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read Gets ResourceGuard operation request info
Microsoft.DataProtection/subscriptions/resourceGroups/providers/resourceGuards/{operationName}/read Gets ResourceGuard default operation request info

Microsoft.KeyVault

Safeguard and maintain control of keys and other secrets.

Azure service: Key Vault

Action Description
Microsoft.KeyVault/register/action Registers a subscription
Microsoft.KeyVault/unregister/action Unregisters a subscription
Microsoft.KeyVault/checkNameAvailability/read Checks that a key vault name is valid and is not in use
Microsoft.KeyVault/deletedManagedHsms/read View the properties of a deleted managed hsm
Microsoft.KeyVault/deletedVaults/read View the properties of soft deleted key vaults
Microsoft.KeyVault/hsmPools/read View the properties of an HSM pool
Microsoft.KeyVault/hsmPools/write Create a new HSM pool of update the properties of an existing HSM pool
Microsoft.KeyVault/hsmPools/delete Delete an HSM pool
Microsoft.KeyVault/hsmPools/joinVault/action Join a key vault to an HSM pool
Microsoft.KeyVault/locations/deleteVirtualNetworkOrSubnets/action Notifies Microsoft.KeyVault that a virtual network or subnet is being deleted
Microsoft.KeyVault/locations/notifyNetworkSecurityPerimeterUpdatesAvailable/action Check if the configuration of the Network Security Perimeter needs updating.
Microsoft.KeyVault/locations/deletedManagedHsms/read View the properties of a deleted managed hsm
Microsoft.KeyVault/locations/deletedManagedHsms/purge/action Purge a soft deleted managed hsm
Microsoft.KeyVault/locations/deletedManagedHsms/delete Purge a soft deleted managed hsm
Microsoft.KeyVault/locations/deletedVaults/read View the properties of a soft deleted key vault
Microsoft.KeyVault/locations/deletedVaults/purge/action Purge a soft deleted key vault
Microsoft.KeyVault/locations/managedHsmOperationResults/read Check the result of a long run operation
Microsoft.KeyVault/locations/operationResults/read Check the result of a long run operation
Microsoft.KeyVault/managedHSMs/read View the properties of a Managed HSM
Microsoft.KeyVault/managedHSMs/write Create a new Managed HSM or update the properties of an existing Managed HSM
Microsoft.KeyVault/managedHSMs/delete Delete a Managed HSM
Microsoft.KeyVault/managedHSMs/PrivateEndpointConnectionsApproval/action Approve or reject a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/keys/read List the keys in a specified managed hsm, or read the current version of a specified key.
Microsoft.KeyVault/managedHSMs/keys/write Creates the first version of a new key if it does not exist. If it already exists, then the existing key is returned without any modification. This API does not create subsequent versions, and does not update existing keys.
Microsoft.KeyVault/managedHSMs/keys/versions/read List the versions of a specified key, or read the specified version of a key.
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/read View the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/write Change the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/delete Delete a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnectionProxies/validate/action Validate a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/read View the state of a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/write Change the state of a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateEndpointConnections/delete Delete a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/managedHSMs/privateLinkResources/read Get the available private link resources for the specified instance of Managed HSM.
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Read Gets the diagnostic setting for the resource
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/diagnosticSettings/Write Creates or updates the diagnostic setting for the resource
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/logDefinitions/read Gets the available logs for a Managed HSM
Microsoft.KeyVault/managedHSMs/providers/Microsoft.Insights/metricDefinitions/read Gets the available metrics for a key vault
Microsoft.KeyVault/operations/read Lists operations available on Microsoft.KeyVault resource provider
Microsoft.KeyVault/vaults/read View the properties of a key vault
Microsoft.KeyVault/vaults/write Creates a new key vault or updates the properties of an existing key vault. Certain properties may require more permissions.
Microsoft.KeyVault/vaults/delete Deletes a key vault
Microsoft.KeyVault/vaults/deploy/action Enables access to secrets in a key vault when deploying Azure resources
Microsoft.KeyVault/vaults/PrivateEndpointConnectionsApproval/action Approve or reject a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/joinPerimeter/action Action to join the Network Security Perimeter, used by linked access checks by NRP.
Microsoft.KeyVault/vaults/accessPolicies/write Updates an existing access policy by merging or replacing, or adds a new access policy to the key vault.
Microsoft.KeyVault/vaults/eventGridFilters/read Notifies Microsoft.KeyVault that an EventGrid Subscription for Key Vault is being viewed
Microsoft.KeyVault/vaults/eventGridFilters/write Notifies Microsoft.KeyVault that a new EventGrid Subscription for Key Vault is being created
Microsoft.KeyVault/vaults/eventGridFilters/delete Notifies Microsoft.KeyVault that an EventGrid Subscription for Key Vault is being deleted
Microsoft.KeyVault/vaults/keys/read List the keys in a specified vault, or read the current version of a specified key.
Microsoft.KeyVault/vaults/keys/write Creates the first version of a new key if it does not exist. If it already exists, then the existing key is returned without any modification. This API does not create subsequent versions, and does not update existing keys.
Microsoft.KeyVault/vaults/keys/versions/read List the versions of a specified key, or read the specified version of a key.
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/delete Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider.
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/read Delete an association proxy to a Network Security Perimeter resource of Microsoft.Network provider.
Microsoft.KeyVault/vaults/networkSecurityPerimeterAssociationProxies/write Change the state of an association to a Network Security Perimeter resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/networkSecurityPerimeterConfigurations/read Read the Network Security Perimeter configuration stored in a vault.
Microsoft.KeyVault/vaults/networkSecurityPerimeterConfigurations/reconcile/action Reconcile the Network Security Perimeter configuration stored in a vault with NRP's (Microsoft.Network Resource Provider) copy.
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/read View the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/write Change the state of a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/delete Delete a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnectionProxies/validate/action Validate a connection proxy to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnections/read View the state of a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnections/write Change the state of a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateEndpointConnections/delete Delete a connection to a Private Endpoint resource of Microsoft.Network provider
Microsoft.KeyVault/vaults/privateLinkResources/read Get the available private link resources for the specified instance of Key Vault
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Read Gets the diagnostic setting for the resource
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/diagnosticSettings/Write Creates or updates the diagnostic setting for the resource
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/logDefinitions/read Gets the available logs for a key vault
Microsoft.KeyVault/vaults/providers/Microsoft.Insights/metricDefinitions/read Gets the available metrics for a key vault
Microsoft.KeyVault/vaults/secrets/read View the properties of a secret, but not its value.
Microsoft.KeyVault/vaults/secrets/write Creates a new secret or updates the value of an existing secret.
DataAction Description
Microsoft.KeyVault/vaults/certificatecas/delete Delete Certificate Issuer
Microsoft.KeyVault/vaults/certificatecas/read Read Certificate Issuer
Microsoft.KeyVault/vaults/certificatecas/write Write Certificate Issuer
Microsoft.KeyVault/vaults/certificatecontacts/write Manage Certificate Contact
Microsoft.KeyVault/vaults/certificates/delete Deletes a certificate. All versions are deleted.
Microsoft.KeyVault/vaults/certificates/read List certificates in a specified key vault, or get information about a certificate.
Microsoft.KeyVault/vaults/certificates/backup/action Creates the backup file of a certificate. The file can used to restore the certificate in a Key Vault of same subscription. Restrictions may apply.
Microsoft.KeyVault/vaults/certificates/purge/action Purges a certificate, making it unrecoverable.
Microsoft.KeyVault/vaults/certificates/update/action Updates the specified attributes associated with the given certificate.
Microsoft.KeyVault/vaults/certificates/create/action Creates a new certificate. If the certificate does not exist, the first version is created. Otherwise, a new version is created.
Microsoft.KeyVault/vaults/certificates/import/action Imports an existing valid certificate containing a private key.
The certificate to be imported can be in either PFX or PEM format.
If the certificate does not exist in Key Vault, the first version is created with specified content.
Otherwise, a new version is created with specified content.
Microsoft.KeyVault/vaults/certificates/recover/action Recovers the deleted certificate. The operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval.
Microsoft.KeyVault/vaults/certificates/restore/action Restores a certificate and all its versions from a backup file generated by Key Vault.
Microsoft.KeyVault/vaults/keyrotationpolicies/read Retrieves the rotation policy of a given key.
Microsoft.KeyVault/vaults/keyrotationpolicies/write Updates the rotation policy of a given key.
Microsoft.KeyVault/vaults/keys/read List keys in the specified vault, or read properties and public material of a key.
For asymmetric keys, this operation exposes public key and includes ability to perform public key algorithms such as encrypt and verify signature.
Private keys and symmetric keys are never exposed.
Microsoft.KeyVault/vaults/keys/update/action Updates the specified attributes associated with the given key.
Microsoft.KeyVault/vaults/keys/create/action Creates a new key. If the key does not exist, the first version is created. Otherwise, a new version is created with the specified value.
Microsoft.KeyVault/vaults/keys/import/action Imports an externally created key. If the key does not exist, the first version is created with the imported material. Otherwise, a new version is created with the imported material.
Microsoft.KeyVault/vaults/keys/recover/action Recovers the deleted key. The operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval.
Microsoft.KeyVault/vaults/keys/restore/action Restores a key and all its versions from a backup file generated by Key Vault.
Microsoft.KeyVault/vaults/keys/delete Deletes a key. All versions are deleted.
Microsoft.KeyVault/vaults/keys/backup/action Creates the backup file of a key. The file can used to restore the key in a Key Vault of same subscription. Restrictions may apply.
Microsoft.KeyVault/vaults/keys/purge/action Purges a key, making it unrecoverable.
Microsoft.KeyVault/vaults/keys/encrypt/action Encrypts plaintext with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access.
Microsoft.KeyVault/vaults/keys/decrypt/action Decrypts ciphertext with a key.
Microsoft.KeyVault/vaults/keys/wrap/action Wraps a symmetric key with a Key Vault key. Note that if the Key Vault key is asymmetric, this operation can be performed by principals with read access.
Microsoft.KeyVault/vaults/keys/unwrap/action Unwraps a symmetric key with a Key Vault key.
Microsoft.KeyVault/vaults/keys/sign/action Signs a message digest (hash) with a key.
Microsoft.KeyVault/vaults/keys/verify/action Verifies the signature of a message digest (hash) with a key. Note that if the key is asymmetric, this operation can be performed by principals with read access.
Microsoft.KeyVault/vaults/keys/release/action Release a key using public part of KEK from attestation token.
Microsoft.KeyVault/vaults/keys/rotate/action Creates a new version of an existing key (with the same parameters).
Microsoft.KeyVault/vaults/secrets/delete Deletes a secret. All versions are deleted.
Microsoft.KeyVault/vaults/secrets/backup/action Creates the backup file of a secret. The file can used to restore the secret in a Key Vault of same subscription. Restrictions may apply.
Microsoft.KeyVault/vaults/secrets/purge/action Purges a secret, making it unrecoverable.
Microsoft.KeyVault/vaults/secrets/update/action Updates the specified attributes associated with the given secret.
Microsoft.KeyVault/vaults/secrets/recover/action Recovers the deleted secret. The operation performs the reversal of the Delete operation. The operation is applicable in vaults enabled for soft-delete, and must be issued during the retention interval.
Microsoft.KeyVault/vaults/secrets/restore/action Restores a secret and all its versions from a backup file generated by Key Vault.
Microsoft.KeyVault/vaults/secrets/readMetadata/action List or view the properties of a secret, but not its value.
Microsoft.KeyVault/vaults/secrets/getSecret/action Gets the value of a secret.
Microsoft.KeyVault/vaults/secrets/setSecret/action Sets the value of a secret. If the secret does not exist, the first version is created. Otherwise, a new version is created with the specified value.
Microsoft.KeyVault/vaults/storageaccounts/read Read definition of managed storage accounts.
Microsoft.KeyVault/vaults/storageaccounts/set/action Creates or updates the definition of a managed storage account.
Microsoft.KeyVault/vaults/storageaccounts/delete Delete the definition of a managed storage account.
Microsoft.KeyVault/vaults/storageaccounts/backup/action Creates a backup file of the definition of a managed storage account and its SAS (Shared Access Signature).
Microsoft.KeyVault/vaults/storageaccounts/purge/action Purge the soft-deleted definition of a managed storage account or SAS (Shared Access Signature).
Microsoft.KeyVault/vaults/storageaccounts/regeneratekey/action Regenerate the access key of a managed storage account.
Microsoft.KeyVault/vaults/storageaccounts/recover/action Recover the soft-deleted definition of a managed storage account or SAS (Shared Access Signature).
Microsoft.KeyVault/vaults/storageaccounts/restore/action Restores the definition of a managed storage account and its SAS (Shared Access Signature) from a backup file generated by Key Vault.
Microsoft.KeyVault/vaults/storageaccounts/sas/set/action Creates or updates the SAS (Shared Access Signature) definition for a managed storage account.
Microsoft.KeyVault/vaults/storageaccounts/sas/delete Delete the SAS (Shared Access Signature) definition for a managed storage account.
Microsoft.KeyVault/vaults/storageaccounts/sas/read Read the SAS (Shared Access Signature) definition for a managed storage account.

Microsoft.Security

Protect your enterprise from advanced threats across hybrid cloud workloads.

Azure service: Security Center

Action Description
Microsoft.Security/register/action Registers the subscription for Azure Security Center
Microsoft.Security/unregister/action Unregisters the subscription from Azure Security Center
Microsoft.Security/aggregations/action Gets aggregations
Microsoft.Security/adaptiveNetworkHardenings/read Gets Adaptive Network Hardening recommendations of an Azure protected resource
Microsoft.Security/adaptiveNetworkHardenings/enforce/action Enforces the given traffic hardening rules by creating matching security rules on the given Network Security Group(s)
Microsoft.Security/advancedThreatProtectionSettings/read Gets the Advanced Threat Protection Settings for the resource
Microsoft.Security/advancedThreatProtectionSettings/write Updates the Advanced Threat Protection Settings for the resource
Microsoft.Security/aggregations/read Gets aggregations
Microsoft.Security/alerts/read Gets all available security alerts
Microsoft.Security/alertsSuppressionRules/read Gets all available security alert suppression rule
Microsoft.Security/alertsSuppressionRules/write Creates a new security alert suppression rule or update an existing rule
Microsoft.Security/alertsSuppressionRules/delete Delete a security alert suppression rule
Microsoft.Security/apiCollections/read Get Api Collections
Microsoft.Security/apiCollections/write Create Api Collections
Microsoft.Security/apiCollections/delete Delete Api Collections
Microsoft.Security/applicationWhitelistings/read Gets the application allowlistings
Microsoft.Security/applicationWhitelistings/write Creates a new application allowlisting or updates an existing one
Microsoft.Security/assessmentMetadata/read Get available security assessment metadata on your subscription
Microsoft.Security/assessmentMetadata/write Create or update a security assessment metadata
Microsoft.Security/assessments/read Get security assessments on your subscription
Microsoft.Security/assessments/write Create or update security assessments on your subscription
Microsoft.Security/assessments/governanceAssignments/read Get governance assignments for security assessments
Microsoft.Security/assessments/governanceAssignments/write Create or update governance assignments for security assessments
Microsoft.Security/assessments/subAssessments/read Get security sub assessments on your subscription
Microsoft.Security/assessments/subAssessments/write Create or update security sub assessments on your subscription
Microsoft.Security/assignments/read Get the security assignment
Microsoft.Security/assignments/write Create or update the security assignment
Microsoft.Security/assignments/delete Deletes the security assignment
Microsoft.Security/automations/read Gets the automations for the scope
Microsoft.Security/automations/write Creates or updates the automation for the scope
Microsoft.Security/automations/delete Deletes the automation for the scope
Microsoft.Security/automations/validate/action Validates the automation model for the scope
Microsoft.Security/autoProvisioningSettings/read Get security auto provisioning setting for the subscription
Microsoft.Security/autoProvisioningSettings/write Create or update security auto provisioning setting for the subscription
Microsoft.Security/complianceResults/read Gets the compliance results for the resource
Microsoft.Security/customRecommendations/read Get the custom recommendations
Microsoft.Security/customRecommendations/write Create or update the custom recommendation
Microsoft.Security/customRecommendations/delete Deletes the custom recommendation
Microsoft.Security/datascanners/read Gets the datascanners for the scope
Microsoft.Security/datascanners/write Creates or updates the datascanners for the scope
Microsoft.Security/datascanners/delete Deletes the datascanners for the scope
Microsoft.Security/defenderforstoragesettings/read Gets the defenderforstoragesettings for the scope
Microsoft.Security/defenderforstoragesettings/write Creates or updates the defenderforstoragesettings for the scope
Microsoft.Security/defenderforstoragesettings/delete Deletes the defenderforstoragesettings for the scope
Microsoft.Security/deviceSecurityGroups/write Creates or updates IoT device security groups
Microsoft.Security/deviceSecurityGroups/delete Deletes IoT device security groups
Microsoft.Security/deviceSecurityGroups/read Gets IoT device security groups
Microsoft.Security/externalSecuritySolutions/read Gets the external security solutions
Microsoft.Security/governanceRules/read Get governance rules for managing security posture
Microsoft.Security/governanceRules/write Create or update governance rules for managing security posture
Microsoft.Security/informationProtectionPolicies/read Gets the information protection policies for the resource
Microsoft.Security/informationProtectionPolicies/write Updates the information protection policies for the resource
Microsoft.Security/integration/read Get integration on your scope
Microsoft.Security/integration/write Create or update integration on your scope
Microsoft.Security/integration/delete Deleate or update integration on your scope
Microsoft.Security/iotDefenderSettings/read Gets IoT Defender Settings
Microsoft.Security/iotDefenderSettings/write Create or updates IoT Defender Settings
Microsoft.Security/iotDefenderSettings/delete Deletes IoT Defender Settings
Microsoft.Security/iotDefenderSettings/PackageDownloads/action Gets downloadable IoT Defender packages information
Microsoft.Security/iotDefenderSettings/DownloadManagerActivation/action Download manager activation file with subscription quota data
Microsoft.Security/iotSecuritySolutions/write Creates or updates IoT security solutions
Microsoft.Security/iotSecuritySolutions/delete Deletes IoT security solutions
Microsoft.Security/iotSecuritySolutions/read Gets IoT security solutions
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets IoT security analytics model
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets IoT alert types
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets IoT alerts
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets IoT recommendation types
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets IoT recommendations
Microsoft.Security/iotSecuritySolutions/analyticsModels/read Gets devices
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts/read Gets IoT aggregated alerts
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedAlerts/dismiss/action Dismisses IoT aggregated alerts
Microsoft.Security/iotSecuritySolutions/analyticsModels/aggregatedRecommendations/read Gets IoT aggregated recommendations
Microsoft.Security/iotSensors/read Gets IoT Sensors
Microsoft.Security/iotSensors/write Create or updates IoT Sensors
Microsoft.Security/iotSensors/delete Deletes IoT Sensors
Microsoft.Security/iotSensors/DownloadActivation/action Downloads activation file for IoT Sensors
Microsoft.Security/iotSensors/TriggerTiPackageUpdate/action Triggers threat intelligence package update
Microsoft.Security/iotSensors/DownloadResetPassword/action Downloads reset password file for IoT Sensors
Microsoft.Security/iotSite/read Gets IoT site
Microsoft.Security/iotSite/write Creates or updates IoT site
Microsoft.Security/iotSite/delete Deletes IoT site
Microsoft.Security/jitNetworkAccessPolicies/read Gets the just-in-time network access policies
Microsoft.Security/locations/read Gets the security data location
Microsoft.Security/locations/alerts/read Gets all available security alerts
Microsoft.Security/locations/alerts/dismiss/action Dismiss a security alert
Microsoft.Security/locations/alerts/activate/action Activate a security alert
Microsoft.Security/locations/alerts/resolve/action Resolve a security alert
Microsoft.Security/locations/alerts/simulate/action Simulate a security alert
Microsoft.Security/locations/externalSecuritySolutions/read Gets the external security solutions
Microsoft.Security/locations/jitNetworkAccessPolicies/read Gets the just-in-time network access policies
Microsoft.Security/locations/jitNetworkAccessPolicies/write Creates a new just-in-time network access policy or updates an existing one
Microsoft.Security/locations/jitNetworkAccessPolicies/delete Deletes the just-in-time network access policy
Microsoft.Security/locations/jitNetworkAccessPolicies/initiate/action Initiates a just-in-time network access policy request
Microsoft.Security/locations/securitySolutions/read Gets the security solutions
Microsoft.Security/locations/securitySolutions/write Creates a new security solution or updates an existing one
Microsoft.Security/locations/securitySolutions/delete Deletes a security solution
Microsoft.Security/locations/tasks/read Gets all available security recommendations
Microsoft.Security/locations/tasks/start/action Start a security recommendation
Microsoft.Security/locations/tasks/resolve/action Resolve a security recommendation
Microsoft.Security/locations/tasks/activate/action Activate a security recommendation
Microsoft.Security/locations/tasks/dismiss/action Dismiss a security recommendation
Microsoft.Security/mdeOnboardings/read Get Microsoft Defender for Endpoint onboarding script
Microsoft.Security/policies/read Gets the security policy
Microsoft.Security/policies/write Updates the security policy
Microsoft.Security/pricings/read Gets the pricing settings for the scope
Microsoft.Security/pricings/write Updates the pricing settings for the scope
Microsoft.Security/pricings/delete Deletes the pricing settings for the scope
Microsoft.Security/pricings/securityoperators/read Gets the security operators for the scope
Microsoft.Security/pricings/securityoperators/write Updates the security operators for the scope
Microsoft.Security/pricings/securityoperators/delete Deletes the security operators for the scope
Microsoft.Security/secureScoreControlDefinitions/read Get secure score control definition
Microsoft.Security/secureScoreControls/read Get calculated secure score control for your subscription
Microsoft.Security/secureScores/read Get calculated secure score for your subscription
Microsoft.Security/secureScores/secureScoreControls/read Get calculated secure score control for your secure score calculation
Microsoft.Security/securityConnectors/read Gets the security connector
Microsoft.Security/securityConnectors/write Updates the security connector
Microsoft.Security/securityConnectors/delete Deletes the security connector
Microsoft.Security/securityConnectors/devops/listAvailableAzureDevOpsOrgs/action Returns a list of all Azure DevOps organizations accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/write Creates or updates a DevOps Configuration.
Microsoft.Security/securityConnectors/devops/delete Deletes a DevOps Connector.
Microsoft.Security/securityConnectors/devops/read Gets a DevOps Configuration.
Microsoft.Security/securityConnectors/devops/read List DevOps Configurations.
Microsoft.Security/securityConnectors/devops/write Updates a DevOps Configuration.
Microsoft.Security/securityConnectors/devops/listAvailableGitHubOwners/action Returns a list of all GitHub owners accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/listAvailableGitLabGroups/action Returns a list of all GitLab groups accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/write Creates or updates monitored Azure DevOps organization details.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/delete Deletes a monitored Azure DevOps organization.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/read Returns a monitored Azure DevOps organization resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/read Returns a list of Azure DevOps organizations onboarded to the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/write Updates monitored Azure DevOps organization details.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/listAvailableProjects/action Returns a list of all Azure DevOps projects accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/write Creates or updates a monitored Azure DevOps project resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/delete Deletes a monitored Azure DevOps project resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/read Returns a monitored Azure DevOps project resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/read Returns a list of Azure DevOps projects onboarded to the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/write Updates a monitored Azure DevOps project resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/listAvailableRepos/action Returns a list of all Azure DevOps repositories accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/write Creates or updates a monitored Azure DevOps repository resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/delete Deletes a monitored Azure DevOps repository resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/read Returns a monitored Azure DevOps repository resource.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/read Returns a list of Azure DevOps repositories onboarded to the connector.
Microsoft.Security/securityConnectors/devops/azureDevOpsOrgs/projects/repos/write Updates a monitored Azure DevOps repository resource.
Microsoft.Security/securityConnectors/devops/gitHubOwners/write Creates or updates a monitored GitHub owner.
Microsoft.Security/securityConnectors/devops/gitHubOwners/delete Deletes a monitored GitHub owner.
Microsoft.Security/securityConnectors/devops/gitHubOwners/read Returns a monitored GitHub owner.
Microsoft.Security/securityConnectors/devops/gitHubOwners/read Returns a list of GitHub owners onboarded to the connector.
Microsoft.Security/securityConnectors/devops/gitHubOwners/write Updates a monitored GitHub owner.
Microsoft.Security/securityConnectors/devops/gitHubOwners/listAvailableRepos/action Returns a list of all GitHub repositories accessible by the user token and app installation used by the connector.
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/write Creates or updates a monitored GitHub repository.
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/delete Deletes a monitored GitHub repository.
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/read Returns a monitored GitHub repository.
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/read Returns a list of GitHub repositories onboarded to the connector.
Microsoft.Security/securityConnectors/devops/gitHubOwners/repos/write Updates a monitored GitHub repository.
Microsoft.Security/securityConnectors/devops/gitLabGroups/write Creates or updates monitored GitLab Group details.
Microsoft.Security/securityConnectors/devops/gitLabGroups/delete Deletes a monitored GitLab Group.
Microsoft.Security/securityConnectors/devops/gitLabGroups/read Returns a monitored GitLab Group resource for a given fully-qualified name.
Microsoft.Security/securityConnectors/devops/gitLabGroups/read Returns a list of GitLab groups onboarded to the connector.
Microsoft.Security/securityConnectors/devops/gitLabGroups/write Updates monitored GitLab Group details.
Microsoft.Security/securityConnectors/devops/gitLabGroups/listAvailableProjects/action Gets a list of all GitLab projects that are directly owned by given group and accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/gitLabGroups/listSubgroups/action Gets nested subgroups of given GitLab Group which are onboarded to the connector.
Microsoft.Security/securityConnectors/devops/gitLabGroups/listAvailableSubgroups/action Gets all nested subgroups of given GitLab Group which are accessible by the user token consumed by the connector.
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/write Creates or updates monitored GitLab Project details.
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/delete Deletes a monitored GitLab Project.
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/read Returns a monitored GitLab Project resource for a given fully-qualified group name and project name.
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/read Gets a list of GitLab projects that are directly owned by given group and onboarded to the connector.
Microsoft.Security/securityConnectors/devops/gitLabGroups/projects/write Updates monitored GitLab Project details.
Microsoft.Security/securityConnectors/devops/operationResults/read Get devops long running operation result.
Microsoft.Security/securityContacts/read Gets the security contact
Microsoft.Security/securityContacts/write Updates the security contact
Microsoft.Security/securityContacts/delete Deletes the security contact
Microsoft.Security/securitySolutions/read Gets the security solutions
Microsoft.Security/securitySolutions/write Creates a new security solution or updates an existing one
Microsoft.Security/securitySolutions/delete Deletes a security solution
Microsoft.Security/securitySolutionsReferenceData/read Gets the security solutions reference data
Microsoft.Security/securityStandards/read Get the security standards
Microsoft.Security/securityStandards/write Create or update the security standard
Microsoft.Security/securityStandards/delete Deletes the security standard
Microsoft.Security/securityStatuses/read Gets the security health statuses for Azure resources
Microsoft.Security/securityStatusesSummaries/read Gets the security statuses summaries for the scope
Microsoft.Security/sensitivitySettings/read Gets tenant level sensitivity settings
Microsoft.Security/sensitivitySettings/write Updates tenant level sensitivity settings
Microsoft.Security/serverVulnerabilityAssessments/read Get server vulnerability assessments onboarding status on a given resource
Microsoft.Security/serverVulnerabilityAssessments/write Create or update a server vulnerability assessments solution on resource
Microsoft.Security/serverVulnerabilityAssessments/delete Remove a server vulnerability assessments solution from a resource
Microsoft.Security/serverVulnerabilityAssessmentsSettings/read Get server vulnerability assessments settings onboarding status for a given subscription
Microsoft.Security/serverVulnerabilityAssessmentsSettings/write Create or update server vulnerability assessments settings on a given subscription
Microsoft.Security/serverVulnerabilityAssessmentsSettings/delete Remove server vulnerability assessments settings from a given subscription
Microsoft.Security/settings/read Gets the settings for the scope
Microsoft.Security/settings/write Updates the settings for the scope
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/action Add a list of rules result to the baseline.
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/read Return the databases' baseline (all rules that were added to the baseline) or get a rule baseline results for the specified rule ID.
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/write Change the rule baseline result.
Microsoft.Security/sqlVulnerabilityAssessments/baselineRules/delete Remove the rule result from the baseline.
Microsoft.Security/sqlVulnerabilityAssessments/scans/read Return the list of vulnerability assessment scan records or get the scan record for the specified scan ID.
Microsoft.Security/sqlVulnerabilityAssessments/scans/scanResults/read Return the list of vulnerability assessment rule results or get the rule result for the specified rule ID.
Microsoft.Security/standardAssignments/read Get the standard assignments
Microsoft.Security/standardAssignments/write Create or update the standard assignment
Microsoft.Security/standardAssignments/delete Deletes the standard assignment
Microsoft.Security/standards/read Get the security standard
Microsoft.Security/standards/write Create or update the security standard
Microsoft.Security/standards/delete Deletes the security standard
Microsoft.Security/tasks/read Gets all available security recommendations
Microsoft.Security/webApplicationFirewalls/read Gets the web application firewalls
Microsoft.Security/webApplicationFirewalls/write Creates a new web application firewall or updates an existing one
Microsoft.Security/webApplicationFirewalls/delete Deletes a web application firewall
Microsoft.Security/workspaceSettings/read Gets the workspace settings
Microsoft.Security/workspaceSettings/write Updates the workspace settings
Microsoft.Security/workspaceSettings/delete Deletes the workspace settings
Microsoft.Security/workspaceSettings/connect/action Change workspace settings reconnection settings

Microsoft.SecurityGraph

Azure service: Microsoft Monitoring Insights

Action Description
Microsoft.SecurityGraph/diagnosticsettings/write Writing a diagnostic setting
Microsoft.SecurityGraph/diagnosticsettings/read Reading a diagnostic setting
Microsoft.SecurityGraph/diagnosticsettings/delete Deleting a diagnostic setting
Microsoft.SecurityGraph/diagnosticsettingscategories/read Reading a diagnostic setting categories

Microsoft.SecurityInsights

Azure service: Microsoft Sentinel

Action Description
Microsoft.SecurityInsights/register/action Registers the subscription to Azure Sentinel
Microsoft.SecurityInsights/unregister/action Unregisters the subscription from Azure Sentinel
Microsoft.SecurityInsights/dataConnectorsCheckRequirements/action Check user authorization and license
Microsoft.SecurityInsights/contentTranslators/action Check a translation of content
Microsoft.SecurityInsights/Aggregations/read Gets aggregated information
Microsoft.SecurityInsights/alertRules/read Gets the alert rules
Microsoft.SecurityInsights/alertRules/write Updates alert rules
Microsoft.SecurityInsights/alertRules/delete Deletes alert rules
Microsoft.SecurityInsights/alertRules/triggerRuleRun/action Trigger on-demand rule run execution
Microsoft.SecurityInsights/alertRules/actions/read Gets the response actions of an alert rule
Microsoft.SecurityInsights/alertRules/actions/write Updates the response actions of an alert rule
Microsoft.SecurityInsights/alertRules/actions/delete Deletes the response actions of an alert rule
Microsoft.SecurityInsights/automationRules/read Gets an automation rule
Microsoft.SecurityInsights/automationRules/write Updates an automation rule
Microsoft.SecurityInsights/automationRules/delete Deletes an automation rule
Microsoft.SecurityInsights/BillingStatistics/read Read BillingStatistics
Microsoft.SecurityInsights/Bookmarks/read Gets bookmarks
Microsoft.SecurityInsights/Bookmarks/write Updates bookmarks
Microsoft.SecurityInsights/Bookmarks/delete Deletes bookmarks
Microsoft.SecurityInsights/Bookmarks/expand/action Gets related entities of an entity by a specific expansion
Microsoft.SecurityInsights/bookmarks/relations/read Gets a bookmark relation
Microsoft.SecurityInsights/bookmarks/relations/write Updates a bookmark relation
Microsoft.SecurityInsights/bookmarks/relations/delete Deletes a bookmark relation
Microsoft.SecurityInsights/businessApplicationAgents/read Gets a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/write Create or Updates a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/delete Deletes a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/systems/read Gets a System of a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/systems/write Create or Updates a System of a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/systems/delete Deletes a System of a Business Application Agent
Microsoft.SecurityInsights/businessApplicationAgents/systems/listActions/action Lists the actions of a system
Microsoft.SecurityInsights/businessApplicationAgents/systems/reportActionStatus/action Reports the status of an action
Microsoft.SecurityInsights/businessApplicationAgents/systems/undoAction/action Undoes an action
Microsoft.SecurityInsights/cases/read Gets a case
Microsoft.SecurityInsights/cases/write Updates a case
Microsoft.SecurityInsights/cases/delete Deletes a case
Microsoft.SecurityInsights/cases/comments/read Gets the case comments
Microsoft.SecurityInsights/cases/comments/write Creates the case comments
Microsoft.SecurityInsights/cases/investigations/read Gets the case investigations
Microsoft.SecurityInsights/cases/investigations/write Updates the metadata of a case
Microsoft.SecurityInsights/ConfidentialWatchlists/read Gets Confidential Watchlists
Microsoft.SecurityInsights/ConfidentialWatchlists/write Creates Confidential Watchlists
Microsoft.SecurityInsights/ConfidentialWatchlists/delete Deletes Confidential Watchlists
Microsoft.SecurityInsights/ContentPackages/read Read available Content Packages.
Microsoft.SecurityInsights/ContentPackages/write Install or uninstall Content Packages.
Microsoft.SecurityInsights/ContentTemplates/read Read installed Content Templates.
Microsoft.SecurityInsights/ContentTemplates/delete Delete installed Content Templates.
Microsoft.SecurityInsights/dataConnectors/read Gets the data connectors
Microsoft.SecurityInsights/dataConnectors/write Updates a data connector
Microsoft.SecurityInsights/dataConnectors/delete Deletes a data connector
Microsoft.SecurityInsights/enrichment/domain/whois/read Get whois enrichment for a domain
Microsoft.SecurityInsights/enrichment/ip/geodata/read Get geodata enrichment for an IP
Microsoft.SecurityInsights/entities/read Gets the sentinel entities graph
Microsoft.SecurityInsights/entities/gettimeline/action Gets entity timeline for a specific range
Microsoft.SecurityInsights/entities/getInsights/action Gets entity Insights for a specific range
Microsoft.SecurityInsights/entities/runPlaybook/action Run playbook on entity
Microsoft.SecurityInsights/entities/relations/read Gets a relation between the entity and related resources
Microsoft.SecurityInsights/entities/relations/write Updates a relation between the entity and related resources
Microsoft.SecurityInsights/entities/relations/delete Deletes a relation between the entity and related resources
Microsoft.SecurityInsights/entityQueries/read Gets the investigation expansions for entities
Microsoft.SecurityInsights/ExportConnections/read Read ExportConnections
Microsoft.SecurityInsights/ExportConnections/write write ExportConnections
Microsoft.SecurityInsights/ExportConnections/delete Delete ExportConnections
Microsoft.SecurityInsights/ExportConnections/ExportJobs/read Read ExportJobs
Microsoft.SecurityInsights/ExportConnections/ExportJobs/write write ExportJobs
Microsoft.SecurityInsights/ExportConnections/ExportJobs/delete Delete ExportJobs
Microsoft.SecurityInsights/fileimports/read Reads File Import objects
Microsoft.SecurityInsights/fileimports/write Creates or updates a File Import
Microsoft.SecurityInsights/fileimports/delete Deletes a File Import
Microsoft.SecurityInsights/hunts/read Get Hunts
Microsoft.SecurityInsights/hunts/write Create Hunts
Microsoft.SecurityInsights/hunts/delete Deletes Hunts
Microsoft.SecurityInsights/hunts/comments/read Get Hunt Comments
Microsoft.SecurityInsights/hunts/comments/write Create Hunt Comments
Microsoft.SecurityInsights/hunts/comments/delete Deletes Hunt Comments
Microsoft.SecurityInsights/hunts/relations/read Get Hunt Relations
Microsoft.SecurityInsights/hunts/relations/write Create Hunt Relations
Microsoft.SecurityInsights/hunts/relations/delete Deletes Hunt Relations
Microsoft.SecurityInsights/incidents/read Gets an incident
Microsoft.SecurityInsights/incidents/write Updates an incident
Microsoft.SecurityInsights/incidents/delete Deletes an incident
Microsoft.SecurityInsights/incidents/createTeam/action Creates a Microsoft team to investigate the incident by sharing information and insights between participants
Microsoft.SecurityInsights/incidents/runPlaybook/action Run playbook on incident
Microsoft.SecurityInsights/incidents/comments/read Gets the incident comments
Microsoft.SecurityInsights/incidents/comments/write Creates a comment on the incident
Microsoft.SecurityInsights/incidents/comments/delete Deletes a comment on the incident
Microsoft.SecurityInsights/incidents/relations/read Gets a relation between the incident and related resources
Microsoft.SecurityInsights/incidents/relations/write Updates a relation between the incident and related resources
Microsoft.SecurityInsights/incidents/relations/delete Deletes a relation between the incident and related resources
Microsoft.SecurityInsights/incidents/tasks/read Gets a task on the incident
Microsoft.SecurityInsights/incidents/tasks/write Updates a task on the incident
Microsoft.SecurityInsights/incidents/tasks/delete Deletes a task on the incident
Microsoft.SecurityInsights/Metadata/read Read Metadata for Sentinel content.
Microsoft.SecurityInsights/Metadata/write Write Metadata for Sentinel content.
Microsoft.SecurityInsights/Metadata/delete Delete Metadata for Sentinel content.
Microsoft.SecurityInsights/officeConsents/read Gets consents from Microsoft Office
Microsoft.SecurityInsights/officeConsents/delete Deletes consents from Microsoft Office
Microsoft.SecurityInsights/onboardingStates/read Gets an onboarding state
Microsoft.SecurityInsights/onboardingStates/write Updates an onboarding state
Microsoft.SecurityInsights/onboardingStates/delete Deletes an onboarding state
Microsoft.SecurityInsights/operations/read Gets operations
Microsoft.SecurityInsights/securityMLAnalyticsSettings/read Gets the analytics settings
Microsoft.SecurityInsights/securityMLAnalyticsSettings/write Update the analytics settings
Microsoft.SecurityInsights/securityMLAnalyticsSettings/delete Delete an analytics setting
Microsoft.SecurityInsights/settings/read Gets settings
Microsoft.SecurityInsights/settings/write Updates settings
Microsoft.SecurityInsights/settings/delete Deletes setting
Microsoft.SecurityInsights/SourceControls/read Read SourceControls
Microsoft.SecurityInsights/SourceControls/write write SourceControls
Microsoft.SecurityInsights/SourceControls/delete Delete SourceControls
Microsoft.SecurityInsights/threatintelligence/read Gets Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/write Updates Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/delete Deletes Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/query/action Query Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/metrics/action Collect Threat Intelligence Metrics
Microsoft.SecurityInsights/threatintelligence/bulkDelete/action Bulk Delete Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/bulkTag/action Bulk Tags Threat Intelligence
Microsoft.SecurityInsights/threatintelligence/createIndicator/action Create Threat Intelligence Indicator
Microsoft.SecurityInsights/threatintelligence/queryIndicators/action Query Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/bulkactions/read Reads TI Bulk Action objects
Microsoft.SecurityInsights/threatintelligence/bulkactions/write Creates or updates a TI Bulk Action
Microsoft.SecurityInsights/threatintelligence/bulkactions/delete Deletes a TI Bulk Action
Microsoft.SecurityInsights/threatintelligence/bulkactions/query/action Query Threat Intelligence STIX objects
Microsoft.SecurityInsights/threatintelligence/bulkactions/count/action Query Threat Intelligence STIX object count
Microsoft.SecurityInsights/threatintelligence/indicators/write Updates Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/delete Deletes Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/query/action Query Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/metrics/action Get Threat Intelligence Indicator Metrics
Microsoft.SecurityInsights/threatintelligence/indicators/bulkDelete/action Bulk Delete Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/bulkTag/action Bulk Tags Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/read Gets Threat Intelligence Indicators
Microsoft.SecurityInsights/threatintelligence/indicators/appendTags/action Append tags to Threat Intelligence Indicator
Microsoft.SecurityInsights/threatintelligence/indicators/replaceTags/action Replace Tags of Threat Intelligence Indicator
Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/read Reads the set of TI Ingestion Rule objects
Microsoft.SecurityInsights/threatintelligence/ingestionrulelist/write Creates or updates a set of TI Ingestion Rules
Microsoft.SecurityInsights/threatintelligence/metrics/read Collect Threat Intelligence Metrics
Microsoft.SecurityInsights/threatintelligence/threatactors/read Reads TI Threat Actor objects
Microsoft.SecurityInsights/threatintelligence/threatactors/write Creates or updates a TI Threat Actor
Microsoft.SecurityInsights/threatintelligence/threatactors/delete Deletes a TI Threat Actor
Microsoft.SecurityInsights/triggeredAnalyticsRuleRuns/read Gets the triggered analytics rule runs
Microsoft.SecurityInsights/Watchlists/read Gets Watchlists
Microsoft.SecurityInsights/Watchlists/write Create Watchlists
Microsoft.SecurityInsights/Watchlists/delete Deletes Watchlists
Microsoft.SecurityInsights/WorkspaceManagerAssignments/read Gets WorkspaceManager Assignments
Microsoft.SecurityInsights/WorkspaceManagerAssignments/write Creates WorkspaceManager Assignments
Microsoft.SecurityInsights/WorkspaceManagerAssignments/delete Deletes WorkspaceManager Assignments
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/read Gets WorkspaceManagerAssignments jobs
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/write Creates WorkspaceManagerAssignments jobs
Microsoft.SecurityInsights/workspaceManagerAssignments/jobs/delete Deletes WorkspaceManagerAssignments jobs
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/read Gets WorkspaceManager Configurations
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/write Creates WorkspaceManager Configurations
Microsoft.SecurityInsights/WorkspaceManagerConfigurations/delete Deletes WorkspaceManager Configurations
Microsoft.SecurityInsights/WorkspaceManagerGroups/read Gets WorkspaceManager Groups
Microsoft.SecurityInsights/WorkspaceManagerGroups/write Creates WorkspaceManager Groups
Microsoft.SecurityInsights/WorkspaceManagerGroups/delete Deletes WorkspaceManager Groups
Microsoft.SecurityInsights/WorkspaceManagerMembers/read Gets WorkspaceManager Members
Microsoft.SecurityInsights/WorkspaceManagerMembers/write Creates WorkspaceManager Members
Microsoft.SecurityInsights/WorkspaceManagerMembers/delete Deletes WorkspaceManager Members

Next steps