Microsoft Graph Risk Assessment

Wagner, Scott 1 Reputation point
2021-03-17T14:46:20.273+00:00

I would like to complete a risk assessment for Microsoft’s Graph (Gateway). I am looking for guidance on understanding the risks and possible data exfiltration channels when using Microsoft Graph. For example, when using the Microsoft Graph, other than the authorized user does Microsoft and/or other 3rd party having access to the queried data via backend channel? When data is queried by the authorized user, are the results either saved locally or in the MS Graph application? Thanks

Not Monitored
Not Monitored
Tag not monitored by Microsoft.
37,525 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. Diana Wanjuhi 1,376 Reputation points
    2021-03-18T10:13:32.62+00:00

    Hello @Wagner, Scott to access your data, Microsoft identity platform helps you build applications and provide authorized access to your own APIs or Microsoft APIs like Microsoft Graph. All graph requests require authentication and your application should have the correct permissions. Please see further documentation on secure data access via Graph and best practices.

    Data queried by authorized users can be saved locally, so permissions should be carefully tuned to prevent unwanted access. Graph also includes a security API to improve threat protection, detection and response capabilities.

    I hope this helps,

    Diana.

    0 comments No comments