SlideShare a Scribd company logo

Unlocking security insights with Microsoft Graph API

Download as PPTX, PDF
M
Microsoft Tech Community

As organizations deploy additional security controls to combat today’s evolving threats, integration challenges often limit the return of investment. The new security API in the Microsoft Graph makes it easier for enterprise developers and ISVs to unlock insights from these solutions by unifying and standardizing alerts for easier integration and correlation, bringing together contextual data to inform investigations, and enabling automation for greater SecOps efficiency. We will walk through real world examples of applications that leverage the security API to help customers realize the full value of their security investments.

Technology
1 of 20
Agenda
dozens of security solutions
Disconnected alerts Different schemas and APIs Isolated security insights Inaccessible contextual info Operational complexity
Unified gateway to security insights and actions across Microsoft products, services, and partners Unify and standardize alert management Automate SecOps for greater efficiency Unlock security context to drive investigation !
Alerts Security Profiles Host | User | File | App | IP Actions Configurations Insights and relationships OAuth 2.0 and OpenID Connect 1.0 Azure AD Identity Protection IntuneWindows Defender ATP Office 365 ATP Cloud Application Security Azure ATP Azure Security Center Azure Information Protection Ecosystem Partners Other Microsoft Graph Services Office 365 | Intune | Active Directory | More… Users Groups Mail Files Calendar
Customers control access to their security data App Access Customer grants permission for the application to access their data via the Security API in AAD Requests are brokered by the Security API, no data is stored Access can be revoked by the customer at any time Resources https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference#security-permissions https://techcommunity.microsoft.com/t5/Using-Microsoft-Graph-Security/Authorization-and-Microsoft-Graph-Security-API/m-p/184376#M2 User Access User permissions can be managed in either of the following ways: Delegated access Customer assigns users to AAD role(s): Security Reader or Security Administrator App only Application implements role-based access for users +
Security dashboards Surface aggregated alerts in security operations dashboards along with rich contextual information about related entities ! ! ! ! Security operations tools Stream alerts in near real- time to a ticketing or IT management system, keep alert status and assignments in sync, automate common tasks Threat protection solutions Correlate alerts and contextual information for improved detections, take action on threats - block an IP on firewall, run AV scan… Other applications Add security functionality to non-security applications – HR, financial, healthcare apps… Integration Partners Anomali integrates with the Security API to correlate alerts from Microsoft Graph with threat intelligence, providing earlier detection and response to cyber threats. Alerts from the Microsoft Graph will combine with Palo Alto Networks threat data to speed detection and prevention of cyberattacks for our shared customers. PwC uses alerts and context from Microsoft Graph in its Secure Terrain solution to deliver improved visibility and protection.
C# SDK: graphClient.Security.Alerts.Request().Asynch(); REST: GET graph.microsoft.com/beta/security/alerts C# SDK: graphService.UpdateAlert(alert, updateAlertModel); REST: PATCH graph.Microsoft.com/beta/security/alerts/7f590b04-0cb3-478f-88ca-974a8bb5a46f { “status”:”InProgress”, “assignedTo”:”janedoe@contoso.com” } Unified alert management: /security/alerts alerts alerts
C# SDK: graphClient.Security.UserSecurityProfiles.Request().Filter(”userPrincipalName eq ‘janedoe@contoso.com’”) REST: GET …/hostSecurityProfiles?$filter=fqdn eq ‘johnedoe-surfpro.contoso.com’&$select=riskScore REST: GET …/fileSecurityProfiles?$filter=sha256 eq ‘091835b16192e526ee1b8a04d0fcef534b44cad306672066f2ad6973a4b18b19’ REST: GET …/hostSecurityProfiles?$select=platform,osVersion Unlock security context: /security/securityProfiles securityProfiles securityProfiles Host | User | File | App | IP
REST: POST graph.microsoft.com/beta/security/actions?$ref { “id”: ”7f590b04-0cb3-478f-88ca-974a8bb5a46f”, // (required) id of SecurityProfile entity to act upon “provider”: ”MCAS”, // (required) security provider to take the action “name”: ”restrictAccess”, // provider specific action metadata “cloudService”: ”OneDrive” // provider specific action metadata } Automate security operations: /security/actions actions actions
REST: POST graph.microsoft.com/beta/security/configuration?$ref { “provider”: ”intune”, // (required) security provider set the configuration “name”: ”microsoft.graph.iosGeneralDeviceConfiguration”, // (required) configuration setting to modify “displayName”: ”iOS Lock Policy”, // provider specific configuration metadata “description”: ”My iOS Policy”, // provider specific configuration metadata “lockScreenBlockNotificationView”: true // provider specific configuration metadata } configuration configuration Automate security configurations: /security/configuration
16 Public Preview (available now) Beta of Security API in Microsoft Graph Client C# SDK available for integration Code samples for C# and Python Support for Alerts from Azure Security Center and Azure Active Directory Identity Protection with Intune and Azure Information Protection coming soon Unified SIEM integration through Azure Monitor (QRadar, Splunk, SumoLogic) Developer forums on Microsoft Tech Community & Stack Overflow General Availability (H2 2018) Onboarding additional Microsoft and ecosystem products Unlock new security context through Security Inventory Adding automation through Actions and Configuration Provider SDK and documentation for broad ecosystem integration Additional client SDKs and sample code through Microsoft Graph
Channel 9 videos Lab Live demos in the Microsoft Graph boothExpo WRK2506 How to Build Security Applications using the Microsoft Graph API Tuesday, 3:00 PM-4:15 PM TCC: Tahoma 2
Documentation Read the documentation https://aka.ms/graphsecuritydocs Learn how to stream alerts to your SIEM https://aka.ms/graphsecuritySIEM GitHub Get started with C# samples https://aka.ms/graphsecurityaspnet Get started with Python samples https://aka.ms/graphsecuritypython Download the C# SDK https://aka.ms/graphsecuritysdk Communities Join the Tech Community https://aka.ms/graphsecuritycommunity Follow the discussion on Stack Overflow https://stackoverflow.com/questions/tagged/ microsoft-graph-security https://aka.ms/graphsecurityapi
Unlocking security insights with Microsoft Graph API
Unlocking security insights with Microsoft Graph API

Recommended

Azure Functions and Microsoft Graph
Azure Functions and Microsoft GraphAzure Functions and Microsoft Graph
Azure Functions and Microsoft GraphMicrosoft Tech Community
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Best practices with Microsoft Graph: Making your applications more performant...
Best practices with Microsoft Graph: Making your applications more performant...Best practices with Microsoft Graph: Making your applications more performant...
Best practices with Microsoft Graph: Making your applications more performant...Microsoft Tech Community
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 

Recommended

Azure Functions and Microsoft Graph
Azure Functions and Microsoft GraphAzure Functions and Microsoft Graph
Azure Functions and Microsoft GraphMicrosoft Tech Community
 
Removing Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessRemoving Security Roadblocks to IoT Deployment Success
Removing Security Roadblocks to IoT Deployment SuccessMicrosoft Tech Community
 
Best practices with Microsoft Graph: Making your applications more performant...
Best practices with Microsoft Graph: Making your applications more performant...Best practices with Microsoft Graph: Making your applications more performant...
Best practices with Microsoft Graph: Making your applications more performant...Microsoft Tech Community
 
Azure Security Center- Zero to Hero
Azure Security Center- Zero to HeroAzure Security Center- Zero to Hero
Azure Security Center- Zero to HeroKasun Rajapakse
 
MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021MCAS High Level Architecture May 2021
MCAS High Level Architecture May 2021Matt Soseman
 
Microsoft Azure Security Overview
Microsoft Azure Security OverviewMicrosoft Azure Security Overview
Microsoft Azure Security OverviewAlert Logic
 
CSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewCSS17: Houston - Azure Shared Security Model Overview
CSS17: Houston - Azure Shared Security Model OverviewAlert Logic
 
Azure Sentinel Tips
Azure Sentinel Tips Azure Sentinel Tips
Azure Sentinel Tips Mario Worwell
 
Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinelMarius Sandbu
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Azure security basics
Azure security basicsAzure security basics
Azure security basicsStas Lebedenko
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelAshwin Patil, GCIH, GCIA, GCFE
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
What's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureWhat's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureMicrosoft Tech Community
 
Protect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelProtect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelNanddeep Nachan
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeAxel Dittmann
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...wwwally
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft 365 Developer
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introductionLalit Rawat
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issuesElasticsearch
 
Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champKumton Suttiraksiri
 
Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft 365 Developer
 

More Related Content

What's hot

Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
What's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureWhat's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureMicrosoft Tech Community
 
Protect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelProtect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelNanddeep Nachan
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeAxel Dittmann
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...wwwally
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft 365 Developer
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introductionLalit Rawat
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issuesElasticsearch
 

What's hot (20)

Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
What's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureWhat's new for Serverless Computing in Azure
What's new for Serverless Computing in Azure
 
Protect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelProtect Office 365 with Azure Sentinel
Protect Office 365 with Azure Sentinel
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edge
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overviewMicrosoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp overview
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
 
Azure vm introduction
Azure vm introductionAzure vm introduction
Azure vm introduction
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
 

Similar to Unlocking security insights with Microsoft Graph API

Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champKumton Suttiraksiri
 
Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft 365 Developer
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Todd Whitehead
 
An introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersAn introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersMicrosoft 365 Developer
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfChristopher Doman
 
Building 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesBuilding 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesJakarta_EE
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Erkang Zheng
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Free 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionsFree 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionswilliamLeo13
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Jeremy Gray
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020Issei Hiraoka
 

Similar to Unlocking security insights with Microsoft Graph API (20)

Microsoft graph and power platform champ
Microsoft graph and power platform champMicrosoft graph and power platform champ
Microsoft graph and power platform champ
 
Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...
 
An introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersAn introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developers
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
 
Building 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesBuilding 12-factor Cloud Native Microservices
Building 12-factor Cloud Native Microservices
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
Free 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionsFree 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam Questions
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Android - Api & Debugging in Android
Android - Api & Debugging in AndroidAndroid - Api & Debugging in Android
Android - Api & Debugging in Android
 

More from Microsoft Tech Community

Building mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinBuilding mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinMicrosoft Tech Community
 
Interactive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsInteractive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsMicrosoft Tech Community
 
Break through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsBreak through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsMicrosoft Tech Community
 
Multiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMultiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMicrosoft Tech Community
 
Media Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMedia Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMicrosoft Tech Community
 
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityReal-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityMicrosoft Tech Community
 
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightIngestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightMicrosoft Tech Community
 
Getting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIGetting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIMicrosoft Tech Community
 
Mobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMicrosoft Tech Community
 
Cognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionCognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionMicrosoft Tech Community
 
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1Microsoft Tech Community
 
Building document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftBuilding document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftMicrosoft Tech Community
 
Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Microsoft Tech Community
 

More from Microsoft Tech Community (20)

100 ways to use Yammer
100 ways to use Yammer100 ways to use Yammer
100 ways to use Yammer
 
10 Yammer Group Suggestions
10 Yammer Group Suggestions10 Yammer Group Suggestions
10 Yammer Group Suggestions
 
Building mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinBuilding mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and Xamarin
 
Interactive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsInteractive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive Cards
 
Break through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsBreak through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable Functions
 
Multiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMultiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container Instances
 
Explore Azure Cosmos DB
Explore Azure Cosmos DBExplore Azure Cosmos DB
Explore Azure Cosmos DB
 
Media Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMedia Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and Xamarin
 
DevOps for Data Science
DevOps for Data ScienceDevOps for Data Science
DevOps for Data Science
 
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityReal-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
 
Azure Functions and Microsoft Graph
Azure Functions and Microsoft GraphAzure Functions and Microsoft Graph
Azure Functions and Microsoft Graph
 
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightIngestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
 
Getting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIGetting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AI
 
Using AML Python SDK
Using AML Python SDKUsing AML Python SDK
Using AML Python SDK
 
Mobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing Maps
 
Cognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionCognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detection
 
Speech Devices SDK
Speech Devices SDKSpeech Devices SDK
Speech Devices SDK
 
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
 
Building document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftBuilding document processes using Adobe + Microsoft
Building document processes using Adobe + Microsoft
 
Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...
 

Recently uploaded

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 

Recently uploaded (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 

Unlocking security insights with Microsoft Graph API

  • 1.
  • 2.
  • 5. Disconnected alerts Different schemas and APIs Isolated security insights Inaccessible contextual info Operational complexity
  • 6. Unified gateway to security insights and actions across Microsoft products, services, and partners Unify and standardize alert management Automate SecOps for greater efficiency Unlock security context to drive investigation !
  • 7. Alerts Security Profiles Host | User | File | App | IP Actions Configurations Insights and relationships OAuth 2.0 and OpenID Connect 1.0 Azure AD Identity Protection IntuneWindows Defender ATP Office 365 ATP Cloud Application Security Azure ATP Azure Security Center Azure Information Protection Ecosystem Partners Other Microsoft Graph Services Office 365 | Intune | Active Directory | More… Users Groups Mail Files Calendar
  • 8. Customers control access to their security data App Access Customer grants permission for the application to access their data via the Security API in AAD Requests are brokered by the Security API, no data is stored Access can be revoked by the customer at any time Resources https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference#security-permissions https://techcommunity.microsoft.com/t5/Using-Microsoft-Graph-Security/Authorization-and-Microsoft-Graph-Security-API/m-p/184376#M2 User Access User permissions can be managed in either of the following ways: Delegated access Customer assigns users to AAD role(s): Security Reader or Security Administrator App only Application implements role-based access for users +
  • 9. Security dashboards Surface aggregated alerts in security operations dashboards along with rich contextual information about related entities ! ! ! ! Security operations tools Stream alerts in near real- time to a ticketing or IT management system, keep alert status and assignments in sync, automate common tasks Threat protection solutions Correlate alerts and contextual information for improved detections, take action on threats - block an IP on firewall, run AV scan… Other applications Add security functionality to non-security applications – HR, financial, healthcare apps… Integration Partners Anomali integrates with the Security API to correlate alerts from Microsoft Graph with threat intelligence, providing earlier detection and response to cyber threats. Alerts from the Microsoft Graph will combine with Palo Alto Networks threat data to speed detection and prevention of cyberattacks for our shared customers. PwC uses alerts and context from Microsoft Graph in its Secure Terrain solution to deliver improved visibility and protection.
  • 10.
  • 11. C# SDK: graphClient.Security.Alerts.Request().Asynch(); REST: GET graph.microsoft.com/beta/security/alerts C# SDK: graphService.UpdateAlert(alert, updateAlertModel); REST: PATCH graph.Microsoft.com/beta/security/alerts/7f590b04-0cb3-478f-88ca-974a8bb5a46f { “status”:”InProgress”, “assignedTo”:”janedoe@contoso.com” } Unified alert management: /security/alerts alerts alerts
  • 12. C# SDK: graphClient.Security.UserSecurityProfiles.Request().Filter(”userPrincipalName eq ‘janedoe@contoso.com’”) REST: GET …/hostSecurityProfiles?$filter=fqdn eq ‘johnedoe-surfpro.contoso.com’&$select=riskScore REST: GET …/fileSecurityProfiles?$filter=sha256 eq ‘091835b16192e526ee1b8a04d0fcef534b44cad306672066f2ad6973a4b18b19’ REST: GET …/hostSecurityProfiles?$select=platform,osVersion Unlock security context: /security/securityProfiles securityProfiles securityProfiles Host | User | File | App | IP
  • 13. REST: POST graph.microsoft.com/beta/security/actions?$ref { “id”: ”7f590b04-0cb3-478f-88ca-974a8bb5a46f”, // (required) id of SecurityProfile entity to act upon “provider”: ”MCAS”, // (required) security provider to take the action “name”: ”restrictAccess”, // provider specific action metadata “cloudService”: ”OneDrive” // provider specific action metadata } Automate security operations: /security/actions actions actions
  • 14. REST: POST graph.microsoft.com/beta/security/configuration?$ref { “provider”: ”intune”, // (required) security provider set the configuration “name”: ”microsoft.graph.iosGeneralDeviceConfiguration”, // (required) configuration setting to modify “displayName”: ”iOS Lock Policy”, // provider specific configuration metadata “description”: ”My iOS Policy”, // provider specific configuration metadata “lockScreenBlockNotificationView”: true // provider specific configuration metadata } configuration configuration Automate security configurations: /security/configuration
  • 15.
  • 16. 16 Public Preview (available now) Beta of Security API in Microsoft Graph Client C# SDK available for integration Code samples for C# and Python Support for Alerts from Azure Security Center and Azure Active Directory Identity Protection with Intune and Azure Information Protection coming soon Unified SIEM integration through Azure Monitor (QRadar, Splunk, SumoLogic) Developer forums on Microsoft Tech Community & Stack Overflow General Availability (H2 2018) Onboarding additional Microsoft and ecosystem products Unlock new security context through Security Inventory Adding automation through Actions and Configuration Provider SDK and documentation for broad ecosystem integration Additional client SDKs and sample code through Microsoft Graph
  • 17. Channel 9 videos Lab Live demos in the Microsoft Graph boothExpo WRK2506 How to Build Security Applications using the Microsoft Graph API Tuesday, 3:00 PM-4:15 PM TCC: Tahoma 2
  • 18. Documentation Read the documentation https://aka.ms/graphsecuritydocs Learn how to stream alerts to your SIEM https://aka.ms/graphsecuritySIEM GitHub Get started with C# samples https://aka.ms/graphsecurityaspnet Get started with Python samples https://aka.ms/graphsecuritypython Download the C# SDK https://aka.ms/graphsecuritysdk Communities Join the Tech Community https://aka.ms/graphsecuritycommunity Follow the discussion on Stack Overflow https://stackoverflow.com/questions/tagged/ microsoft-graph-security https://aka.ms/graphsecurityapi

Editor's Notes

  1. EMS Overview
  2. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  3. EMS Overview