SignIn Events Azure AD Graph API wrong next link. Wrong http usage

Nikita Krivets 481 Reputation points
2020-11-25T09:06:57.637+00:00

Hello,

There is a bug in Azure AD Graph API (graph.windows.net).
The endpoint for querying sign-in activities is "https://graph.windows.net/tenant/activities/signinEvents?api-version=beta".

The next link for sign-in activities has become "http://graph.windows.net/..." instead of "https://graph.windows.net/...".
You can get the same data via the same Access Token via both "http://graph.windows.net/..." and "https://graph.windows.net/...".

So, NO customer data is encrypted anymore.

Please, confirm!

42607-tempsnip.png

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
19,664 questions
0 comments
Accepted answer
  1. AmanpreetSingh-MSFT 56,311 Reputation points
    2020-11-25T10:41:22.777+00:00

    Hello @Nikita Krivets · Thank you for pointing this out. I will report it to graph api product team.

    However, Azure AD Graph API (graph.windows.net) is being deprecated in favor of Microsoft Graph API (graph) You should consider using Microsoft Graph API to list sign ins as documented here. In Microsoft Graph API, both Odata.context and odata.nextLink are with HTTPS.

    -----------------------------------------------------------------------------------------------------------

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

    0 comments

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest