Graph security alerts v2 API returns error for an invalid serviceSource filter 'microsoftDataLossPrevention'

Pritesh Shah 0 Reputation points
2024-01-30T18:16:28.16+00:00

We use the Microsoft Graph Security Alerts v2 API (https://graph.microsoft.com/v1.0/security/alerts_v2) with the following filters:

filter=(serviceSource eq 'azureAdIdentityProtection' or serviceSource eq 'microsoft365Defender' or serviceSource eq 'microsoftAppGovernance' or serviceSource eq 'microsoftDefenderForCloud' or serviceSource eq 'microsoftDefenderForCloudApps' or serviceSource eq 'microsoftDefenderForEndpoint' or serviceSource eq 'microsoftDefenderForIdentity' or serviceSource eq 'microsoftDefenderForOffice365' or serviceSource eq 'microsoftDataLossPrevention' or serviceSource eq 'unknown') and (createdDateTime gt 2024-01-01T00:00:00.000000000Z)

Since a few hours ago, we have been seeing the following error response:

{
    "error": {
        "code": "",
        "message": "The query specified in the URI is not valid. The string 'microsoftDataLossPrevention' is not a valid enumeration type constant.",
        "details": [],
        "innerError": {
            "date": "2024-01-30T17:52:41",
            "request-id": "xxxxxxx",
            "client-request-id": "xxxxxxx"
        }
    }
}

We do see that the valid value for serviceSources as per the documentation is dataLossPrevention and not microsoftDataLossPrevention. Changing this in the filter fixed the issue.

Docs: https://learn.microsoft.com/en-us/graph/api/resources/security-alert?view=graph-rest-1.0#servicesource-values

Question is what changed, as our scripts worked fine (for many months) until a few hours ago?

  1. Was the serviceSource field microsoftDataLossPrevention renamed to dataLossPrevention?
  2. Or were the underlying checks part of the API changed which caused the API to report this error which it previously did not?

Appreciate clarity on this.

Thanks!

Pritesh

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
10,014 questions
{count} votes