Share via

Is Microsoft Graph Security going away and being replaced with Microsoft Graph Security API V2

Gray, Jeff 1 Reputation point
2026-02-04T21:50:16.3666667+00:00

We currently are using Sophos for our mdr. We have a Microsoft Graph Security integration to our 365 tenent (i think that is correct). Microsoft states: Organizations currently using the legacy Alerts API must migrate to the v2 API to ensure continued data ingestion and functionality before its retirement. Which it says is April 2026, and this is also stated on Sophos website. I am really confused on this. Our current MS365 licenses are Business Basic and I cannot get the v2 to work within Sophos. Is this because of our MS365 license level? Microsoft Graph Security V1 is currently working.

Thanks,

Microsoft Security | Microsoft Graph
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Marcin Policht 91,060 Reputation points MVP Volunteer Moderator
    2026-02-04T22:52:25.1666667+00:00

    It is possible that you're running into licensing limitations. Microsoft’s retirement notice refers to the legacy alerts endpoint being discontinued in April 2026, after which integrations are expected to pull alerts from Microsoft Defender XDR through Microsoft Graph. If your tenant only has Business Basic and no Defender for Endpoint, Defender for Office 365, Defender for Business, or similar Defender licensing enabled, then there might be no Defender XDR alerts or incidents available for Sophos MDR to ingest through the newer Microsoft Graph security model.

    To confirm this in your environment you might want to check whether you have access to the Microsoft Defender portal at security.microsoft.com and whether it contains active alerts or incidents; if it does not, then the Microsoft Graph security endpoints Sophos is trying to use will have no data source because Defender XDR is not present in your licensing.

    For additional info, refer to https://learn.microsoft.com/en-us/answers/questions/1338594/i-can-run-legacy-alert-api-(-v1-0-security-alerts)

    If the above response helps answer your question, remember to "Accept Answer" so that others in the community facing similar issues can easily find the solution. Your contribution is highly appreciated.

    hth

    Marcin

    Was this answer helpful?

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.