Share via

Please allow subscriptions on new Alerts API (/alerts_v2)

Roch AUBURTIN 0 Reputation points
2024-05-28T14:04:05.0833333+00:00

Hi,
To automate the remediation of high-level alerts, we have set up Powerautomate flows for :

  • revoke sessions and block a user concerned by a High alert in cases of phishings or abnormal connections (UserEvidence)
  • isolate workstations in cases of malware or suspicious behavior (DeviceEvidence)

We wanted powerautomate flows to work only with Principal Services (non-human users) so we called directly the graph API with appid and secrets

We tried to create subscriptions on the new Alerts API (/alerts_v2) but this API doesn't support subscriptions. We tried to create subscriptions on legacy alerts, but since they are based on the MDE API, we didn't succeed. We opened a TrackingID#2405090050002397 ticket and MS support confirmed that it didn't work.

Can you envisage enabling subscriptions to be created on the V2 APIs?

Best

Microsoft Graph
Microsoft Graph
A Microsoft programmability model that exposes REST APIs and client libraries to access data on Microsoft 365 services.
12,258 questions
Microsoft Defender for Identity
Microsoft Defender for Identity
A Microsoft service that helps protect enterprise hybrid environments from multiple types of advanced, targeted cyberattacks and insider threats.
210 questions
Azure Startups
Azure Startups
Azure: A cloud computing platform and infrastructure for building, deploying and managing applications and services through a worldwide network of Microsoft-managed datacenters.Startups: Companies that are in their initial stages of business and typically developing a business model and seeking financing.
382 questions
0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.