This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(115.19999999999999, 19%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ELB%3C/text%3E%3C/svg%3E)
Hi there,
I am trying to query the security/alerts_v2 API endpoint for a customer, and we receive a 200 OK response, but the data set is empty.
When I send a HTTP GET to https://graph.microsoft.com/v1.0/security/alerts_v2 without any query parameters, the response we receive is:
{"@odata.context":"https://graph.microsoft.com/v1.0/$metadata#security/alerts_v2","value":[]}
The response headers we receive:
{
"Transfer-Encoding": "chunked",
"Content-Type": "application/json;odata.metadata=minimal;odata.streaming=true;IEEE754Compatible=false;charset=utf-8",
"Content-Encoding": "gzip",
"Vary": "Accept-Encoding",
"Strict-Transport-Security": "max-age=31536000",
"request-id": "7d773b29-d6d2-4177-b884-525c42deaabf",
"client-request-id": "7d773b29-d6d2-4177-b884-525c42deaabf",
"x-ms-ags-diagnostic": '{"ServerInfo":{"DataCenter":"Australia Southeast","Slice":"E","Ring":"4","ScaleUnit":"002","RoleInstance":"ML1PEPF0000BB12"}}',
"OData-Version": "4.0",
"Date": "Tue, 27 Jun 2023 06:30:42 GMT",
}
This endpoint is only working for about 26 of the 57 tenants that has our application installed, but we are able to query /security/secureScores for all 57 tenants without issue, using the same application.
I have confirmed the application has the required permissions.
For the sake of troubleshooting, we have re-authorised the application on a problematic tenant, but the issue still remains.
After checking the customer dashboard manually, I have found there are no alerts listed - it looks like this is related to a tenant specific configuration and not the graph API.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(128, 8%, 22%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
Hello Liam Best,
Thanks for reaching out. I was unable to reproduce the issue on my tenant. This may indeed be a tenant specific issue. I would suggest checking the Office 365 health portal for any service incident notifications. The issue may require further investigation and I would also suggest opening a support ticket for the issue.
If the reply is helpful, please click Accept Answer and kindly upvote it. If you have additional questions about this answer, please click Comment.
Thanks.
Hi TH-4749,
It appears this was a licensing issue - the tenants were only licensed with Defender for 365 Plan 1 and not Plan 2.