Migrating Microsoft Graph Api alerts_v1 to alerts_v2

Gabe 0 Reputation points

Without given code

I work for a company that is looking to switch from using Microsoft Graph API alerts_v1 to alerts_v2.

I have developed a script that works successfully for the v1 version. However, the script that I build for the v2 version doesn't fully work, I encounter an authentication error that occurs during the testing phase.

The error message indicates that the application is missing certain application roles that are necessary for the API to operate correctly. These required roles include SecurityAlert.Read.All, SecurityAlert.ReadWrite.All, SecurityIncident.Read.All, SecurityIncident.ReadWrite.All, as well as application roles like SecurityActions.ReadWrite.All, SecurityEvents.Read.All, ThreatIndicators.ReadWrite.OwnedBy, SecurityEvents.ReadWrite.All, SecurityActions.Read.All, and AuditLog.Read.All.

I have been unable to find any helpful information about why these roles are necessary through online searches, and I am hoping someone can provide me with more guidance on this issue.

Output of the runned script: {"error":{"code":"Forbidden","message":"Missing application roles. API required roles: SecurityAlert.Read.All,SecurityAlert.ReadWrite.All,SecurityIncident.Read.All,SecurityIncident.ReadWrite.All, application roles: SecurityActions.ReadWrite.All,SecurityEvents.Read.All,ThreatIndicators.ReadWrite.OwnedBy,SecurityEvents.ReadWrite.All,SecurityActions.Read.All,AuditLog.Read.All.","innerError":{"date":"2023-05-03T11:51:41","request-id":"11111-11111-11111-1111","client-request-id":"111111-111111-1111111-11111"}}} [{'ERROR': 403}]

In an attempt to resolve the authentication error that occurs when testing the Microsoft Graph API alerts_v2 with a script that previously worked for alerts_v1, I have tried testing different parts of the script to see if I can gather more information. I was hoping to find some useful output that could help me configure the config file for the tenant ID, among other things.

Additionally, I have conducted extensive online searches to learn more about the migration process and the alerts_v2 functionality, as the Microsoft documentation for the Graph API can be difficult to navigate. Unfortunately, my efforts have not yielded any helpful information so far.

My primary goal is to gain a better understanding of why the application requires such extensive permissions and how I might be able to prevent this from happening in the future to ensure the application works as a whole.

Microsoft Graph Applications API
Microsoft Graph Applications API
A Microsoft API that enables you to manage these resources and actions related to applications in Azure Active Directory.
561 questions
Microsoft Graph Security API
Microsoft Graph Security API
A Microsoft API that provides a unified interface to connect security solutions from multiple Microsoft and third-party providers.
125 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. TH-4749 780 Reputation points

    Hi Gabe,

    Thanks for reaching out. According to List Alerts v2 documentation the following permissions are required to call this api.

    Delegated (work or school account): SecurityAlert.Read.All, SecurityAlert.ReadWrite.All
    Application: SecurityAlert.Read.All, SecurityAlert.ReadWrite.All

    I was able to reproduce the issue. I would suggest post your comments and feedback on the Microsoft Graph Feedback portal or open a support ticket for further troubleshooting.