Microsoft Identity Manager
A family of Microsoft products that manage a user's digital identity using identity synchronization, certificate management, and user provisioning.
706 questions
API Advanced Hunting IdentityLogonEvents error
mehdi dakhama
336
Reputation points MVP
Hi everyone,
I'm trying to get the Identitylogonevents result from the API, and I get a forbidden error message, I gave all rights, read all Microsoft documentation and article I found nothing.
i have test all this API :
#$url = "https://api.securitycenter.microsoft.com/api/advancedqueries/run"
#$url = "https://api.security.microsoft.com/api/advancedhunting/run"
#$url = "https://api-eu.securitycenter.microsoft.com/api/advancedhunting/run"
$url= "https://api.security.microsoft.com/api/advancedhunting/run"
this is my query : $query = "IdentityLogonEvents | limit 2"
i can get a result from other table : Alerte, Emailsevents, Deviceevents, devicelogon...
but not Identityeventslogs.
if any one can help me,
thanks
{count} votes
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(160, 9%, 25%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EFM%3C/text%3E%3C/svg%3E)
Fiona Matu 86 Reputation points Microsoft Employee2024-02-22T09:27:19.62+00:00 Hi Mehdi,
the error you are getting is typical of having insufficient permissions but you mention you have access to other tables accessible via the Advanced Hunting API. Just double check that you have the required permission:
SecurityEvents.Read.AllMy other hunch is that the
IdentityLogonEventsdata might not be available in your environment. This could be due to your organization's data retention policies or if the data source for IdentityLogonEvents is not enabled. Please investigate if this could be a possibility.
Sign in to comment
Sign in to answer