Use the Microsoft Graph API for security threat detection and protection (preview)

Namespace: microsoft.graph

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

The sophistication of security threats continues to escalate, affecting the global economy. Damage is often done long before organizations even discover it. You can use Microsoft Graph to build or extend security solutions that consolidate and correlate security alerts from multiple sources, detect threats that attempt to compromise user identity, unlock contextual data to inform investigations, and automate security operations for greater efficiency.

Intelligent Security Graph brings together security intelligence from within Microsoft, security operations centers, and partners from around the world to form an ecosystem of integrated security solutions. Using machine learning, behavioral monitoring, and the scale of the cloud, the Intelligent Security Graph can better protect, detect, and respond to threats quickly and comprehensively. The security API connects you to the Intelligent Security Graph, empowering you with solutions that are actionable and holistic.

The identity protection risk events API gives easy access for Microsoft Entra ID P1 and P2 customers to query risk detections made by Microsoft Entra ID Protection and use those events in SIEM systems and security applications.

Related content

• Why use the security API?
• Use the security API to integrate with Intelligent Security Graph
• Why use Microsoft Entra ID to protect identities in your organization?
• Use the Microsoft Graph identity protection APIs