Update secureScoreControlProfiles


APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported.

Update an editable secureScoreControlProfiles property within any integrated solution to change various properties, such as assignedTo or tenantNote.


One of the following permissions is required to call this API. To learn more, including how to choose permissions, see Permissions.

Permission type Permissions (from least to most privileged)
Delegated (work or school account) SecurityEvents.ReadWrite.All.
Delegated (personal Microsoft account) Not supported.
Application SecurityEvents.ReadWrite.All.

HTTP request

PATCH /security/secureScoreControlProfiles/{id}

Request headers

Name Description
Authorization Bearer {code}. Required.
Prefer return=representation.

Request body

In the request body, supply a JSON representation of the values for relevant fields that should be updated. The following table lists the fields that can be updated for a secureScoreControlProfile. The values for existing properties that are not included in the request body will not change. For best performance, don't include existing values that haven't changed.

Property Type Description
assignedTo String Name of the analyst the control is assigned to for triage, implementation, or remediation.
tenantNote String Analyst comments on the control (for customer control management).
controlStateUpdates String Analyst driven setting on the control. Possible values are: ignore, thirdParty, reviewed.


If successful, this method returns a 204 No Content response code.

If the optional request header is used, the method returns a 200 OK response code and the updated secureScoreControlProfiles object in the response body.



The following is an example of the request.

PATCH https://graph.microsoft.com/beta/security/secureScoreControlProfiles/AdminMFA
Content-type: application/json

  "controlStateUpdates": "controlStateUpdates-value"


The following is an example of a successful response.

HTTP/1.1 204 No Content