Microsoft Security | Microsoft Graph
An API that connects multiple Microsoft services, enabling data access and automation across platforms
did you grant the permission?
Fetching security incidents
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(96, 38%, 19%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Shubham Helaskar
10
Reputation points
I have developed a script which fetch security incidents with alerts (https://graph.microsoft.com/v1.0/security/incidents?$expand=alerts) application role have SecurityIncident.Read.All, SecurityAlert.Read.All permission provided, but
Output of the running script: https://graph.microsoft.com/v1.0/security/incidents with response <Response [403]> and response content: {"error":{"code":"Forbidden","message":"Missing application roles. API required roles: SecurityIncident.Read.All,SecurityIncident.ReadWrite.All, application roles: SecurityEvents.Read.All,User.Read.All,AccessReview.Read.All.
Microsoft Security | Microsoft Graph
1 answer
Sort by: Most helpful
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(304, 24%, 39%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EA%3C/text%3E%3C/svg%3E)
AsithwMSFT 1,520 Reputation points Microsoft External Staff2023-12-03T21:26:58.99+00:00 -
Shubham Helaskar 10 Reputation points
2023-12-04T13:05:25.65+00:00 Yes, I grant SecurityIncident.Read.All permission.
Error:
{"error":{"code":"Forbidden","message":"Missing application roles. API required roles: SecurityIncident.Read.All,SecurityIncident.ReadWrite.All, application roles: Device.Read.All,SecurityEvents.Read.All,Group.Read.All.","innerError":{"date":"2023-12-04T12:17:16","request-id":"acf9f63e-3fba-4bdd-9cce-2eeb143fda00","client-request-id":"acf9f63e-3cda-4bdd-9cce-2eeb143fda00"}}} -
AsithwMSFT 1,520 Reputation points Microsoft External Staff
2023-12-04T13:39:28.8766667+00:00 could you decode the access token and verify the "roles" array for above permissions? . you can use https://jwt.ms/ for decoding token.
-
Shubham Helaskar 10 Reputation points
2023-12-05T10:40:20.6266667+00:00 I decode didn't find SecurityIncident.Read.All permission in role section. I believe I needed to double-check whether or not permission was successfully granted.
"roles": ["SecurityActions. ReadWrite.All",
"SecurityEvents.Read.All"
"Directory.ReadWrite.All"
"Directory. Read.All",
"SecurityActions.Read.All"
],
-
AsithwMSFT 1,520 Reputation points Microsoft External Staff
2023-12-06T06:00:45.46+00:00 let us know your actions/observations.
-
AsithwMSFT 1,520 Reputation points Microsoft External Staff
2023-12-10T19:55:41.87+00:00 @Shubham Helaskar was permission successfully granted ?
-
-
AsithwMSFT 1,520 Reputation points Microsoft External Staff
2023-12-11T11:52:49.9133333+00:00 if it was permission issue, could you mark it as the answered.
Sign in to comment -