Using the Microsoft Graph Explorer

According to:

https://docs.microsoft.com/en-us/graph/overview

the Microsoft Graph is:

The gateway to data and intelligence in Microsoft 365. Microsoft Graph provides a unified programmability model that you can use to take advantage of the tremendous amount of data in Office 365, Enterprise Mobility + Security, and Windows 10.

In essence, it can give you access to a range of data about your Microsoft cloud environment. You can explore this data quickly and easily via a web page.

image

If you navigate to the URL:

https://developer.microsoft.com/en-us/graph/graph-explorer

You will see the Microsoft Graph Explorer as shown above. You can then select the button on the left to Sign in with Microsoft using your Microsoft 365 credentials.

image

You will then be prompted to login to your tenant as normal, after which you will see a consent acceptance as shown above. This is basically granting the logged in user access to the areas of the Microsoft Graph for your tenant. Select Accept to continue.

image

You should again see the Graph Explorer as shown above but in the top left you should now see the account you used to sign in. Just below that you will notice a hyperlink modify permissions which you should select if you want to access different areas of the Graph information for your tenant.

In this case, if you want to access security alerts from the Graph you’ll need to select this.

image

Scroll down through the window that appears and check the following two options as shown above:

SecurityEvents.ReadAll

SecurityEvents.RewadWrite.All

Then select the Modify Permissions button at the bottom of the screen.

image

You’ll then be prompted to log back into the tenant again because the permissions you require have changed and are only updated after you login to a session.

When you do re-login, you’ll be greet with a consent window again as shown above for the additional security permissions you just selected. Select Accept to continue. This consent option only appears once if you select to accept.

image

If you go back in and look at your permissions you’ll see the ones you selected are now Consented as shown above.

image

If you change the URL line in the Explorer to read:

https://graph.microsoft.com/v1.0/security/alerts

and then select the Run Query button to the right, after a few moments you will see the Response Preview area below fill with information.

image

If you take a close look at this information you’ll see that it contains security alert information. The case above from Microsoft Cloud App Security (MCAS) and reports “Activity from an Infrequent country” as you can see.

Why is this important? Couldn’t you view this same information from the admin console? Probably, but using the Graph provides a since entry point to queries for all this kinds of information, from all different sources in you tenant. You don’t need to jump between different browser windows. You don’t need to load different PowerShell modules. It is all in one place that you can query through a web request. Now, doing this via a browser and the Graph Explorer is only designed to show you what is possible using the Graph. Not only can we browse information using the Graph Explorer as shown here, you can also use PowerShell. That will be the subject of upcoming articles, and that is where things start to get really interesting!

One thought on “Using the Microsoft Graph Explorer

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s