https://graph.microsoft.com/beta/security/threatSubmission/emailThreats saying unauthorized.

91872652 5 Reputation points
2023-10-28T13:58:11.3333333+00:00

We have started to get a number of false positives in Quarantine this last week. We have not changed anything but the basic answer I got from MSoft is - "good luck". These are not merely from external, but internal non-triggering emails and even notifications from Defender itself. It does not even recognize itself!

I suspect they may have meant to turn on Artificial Intelligence, but turned on Artificial Stupidity instead.
:)

I have discovered I am not the only one this is happening to but for now, until MSoft realizes this is a problem and addresses it on their end, our solution would be to have a list of all quarantined items emailed to our IT staff to scan over.

Yes, btw, I do know there is a powershell that can do that (to head off that response) but we wanted to explore using the Graph API.

The query is a beta - GET https://graph.microsoft.com/beta/security/threatSubmission/emailThreats but when I run it I get a 401 Unauthorized. I have approved the required permissions, both in the API Explorer and in Entra, but still get that response. Also, I am a Global Admin in this account.

Am I missing something or is this a case of - it's just broken?

Cheers,

MGraphApiError

Microsoft 365
Microsoft 365
Formerly Office 365, is a line of subscription services offered by Microsoft which adds to and includes the Microsoft Office product line.
4,889 questions
Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,002 questions
0 comments No comments
{count} votes

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.