msgraph-sdk-powershell icon indicating copy to clipboard operation
msgraph-sdk-powershell copied to clipboard

Published 20 hours ago verified publisher icon microsoftgraph

Invoke-MgGraphRequest not working for "api.securitycenter.microsoft.com"

Open PrzemyslawKlys opened this issue 1 year ago • 1 comments

Describe the bug

I was trying to use Invoke-MgGraphRequest with api.securitycenter and it doesn't work. It works using old MSAL.PS methods so I would guess it's the same thing. Is that expected?

Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome

# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose

Expected behavior

Invoke-MgGraphRequest should work with all URL's

How to reproduce

Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome

# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose

SDK Version

2.23.0

Latest version known to work for scenario above?

No response

Known Workarounds

MSAL.PS module

Debug output

Click to expand log ``` Invoke-MgGraphRequest : GET https://api.securitycenter.microsoft.com/api/alerts HTTP/1.1 401 Unauthorized Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 20 Sep 2024 10:37:16 GMT WWW-Authenticate: Bearer Content-Type: application/json; charset=utf-8 {"error":{"code":"Unauthorized","message":"Invalid Authorization payload.","target":"|bacd29ce-4fb3ae258a3201fc."}} At C:\Support\GitHub\GraphEssentials\Examples\GraphTest.ps1:5 char:1 + Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Method: GET, Re...4ea93e814321 }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest ```

Configuration

  • Windows 11 PS 7

Other information

Not relevant

PrzemyslawKlys avatar Sep 20 '24 10:09 PrzemyslawKlys

It seems there are also graph.microsoft.com security endpoints as available:

  • https://developer.microsoft.com/en-us/graph/graph-explorer?request=security/alerts_v2&method=GET&version=beta&GraphUrl=https://graph.microsoft.com

And this works:

$T = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/security/alerts_v2" -Method Get -Verbose
$T.Value

So I would guess the question is - if that's the right approach and api.securitycenter.microsoft.com is deprecated?

PrzemyslawKlys avatar Sep 20 '24 10:09 PrzemyslawKlys

Hi @PrzemyslawKlys apologies for the delayed response. Yes, that particular endpoint was deprecated in favour of Microsoft Defender XDR alerts API. You can find the documentation here.

timayabi2020 avatar Jan 28 '25 10:01 timayabi2020

This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.

microsoft-github-policy-service[bot] avatar Feb 02 '25 08:02 microsoft-github-policy-service[bot]

Closing this issue due to inactivity.

timayabi2020 avatar Feb 04 '25 12:02 timayabi2020