NetworkAccess-Reports.Read.All
Allows the app to read all network access reports on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
NetworkAccess-Reports.Read.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | 40049381-3cc1-42af-94ec-5ce755db4b0d | b0c61509-cfc3-42bd-9bd4-66d81785fee4 |
| DisplayText | Read all network access reports | Read all network access reports |
| Description | Allows the app to read all network access reports without a signed-in user. | Allows the app to read all network access reports on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: networkAccessTraffic
| Property | Type | Description |
|---|---|---|
| action | microsoft.graph.networkaccess.filteringPolicyAction | Indicates the action taken based on filtering policies. The possible values are: block, allow, unknownFutureValue, bypass, alert. Use the Prefer: include-unknown-enum-members request header to get the following values from this {evolvable enum}(/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): bypass , alert. |
| agentVersion | String | Represents the version of the Global Secure Access (GSA) client agent software. Supports $filter (eq) and $orderby. |
| applicationSnapshot | microsoft.graph.networkaccess.applicationSnapshot | Destination Application ID accessed in Azure AD during the transaction. Supports $filter (eq) and $orderby. |
| connectionId | String | Represents a unique identifier assigned to a connection. Supports $filter (eq) and $orderby. |
| createdDateTime | DateTimeOffset | Represents the date and time when a network access traffic log entry was created. Supports $filter (eq) and $orderby. |
| description | String | Informational error message. For example: "Threat intelligence detected a transaction and triggered an alert." or "The Global Secure Access (GSA) policy blocked the destination and triggered an alert." Supports $filter (eq) and $orderby. |
| destinationFQDN | String | Represents the Fully Qualified Domain Name (FQDN) of the destination host or server in a network communication. Supports $filter (eq) and $orderby. |
| destinationIp | String | Represents the IP address of the destination host or server in a network communication. Supports $filter (eq) and $orderby. |
| destinationPort | Int32 | Represents the network port number on the destination host or server in a network communication. Supports $filter (eq) and $orderby. |
| destinationUrl | String | Represents the URL of the destination in a network communication. Supports $filter (eq) and $orderby. |
| destinationWebCategory | microsoft.graph.networkaccess.webCategory | The destination FQDN's Web Category (e.g., Gambling). Supports $filter (eq) and $orderby. |
| deviceCategory | microsoft.graph.networkaccess.deviceCategory | Represents the category classification of a device within a network infrastructure. The possible values are: client, branch, unknownFutureValue. Supports $filter (eq) and $orderby. |
| deviceId | String | Represents a unique identifier assigned to a device within a network infrastructure. Supports $filter (eq) and $orderby. |
| deviceOperatingSystem | String | Represents the operating system installed on a device within a network infrastructure. Supports $filter (eq) and $orderby. |
| deviceOperatingSystemVersion | String | Represents the version or release number of the operating system installed on a device within a network infrastructure. Supports $filter (eq) and $orderby. |
| filteringProfileId | String | The ID of the Filtering Profile associated with the action performed on traffic. Supports $filter (eq) and $orderby. |
| filteringProfileName | String | The name of the Filtering Profile associated with the action performed on traffic. Supports $filter (eq) and $orderby. |
| headers | microsoft.graph.networkaccess.headers | Represents the headers included in a network request or response. Supports $filter (eq) and $orderby. |
| httpMethod | microsoft.graph.networkaccess.httpMethod | The HTTP method inspected in the intercepted HTTP traffic. Supports $filter (eq) and $orderby. |
| initiatingProcessName | String | The process initiating the traffic transaction. Supports $filter (eq) and $orderby. |
| networkProtocol | microsoft.graph.networkaccess.networkingProtocol | Represents the networking protocol used for communication. The possible values are: ip, icmp, igmp, ggp, ipv4, tcp, pup, udp, idp, ipv6, ipv6RoutingHeader, ipv6FragmentHeader, ipSecEncapsulatingSecurityPayload, ipSecAuthenticationHeader, icmpV6, ipv6NoNextHeader, ipv6DestinationOptions, nd, raw, ipx, spx, spxII, unknownFutureValue. Supports $filter (eq) and $orderby. |
| operationStatus | microsoft.graph.networkaccess.networkTrafficOperationStatus | Indication if traffic was successfully processed. The possible values are: success, failure, unknownFutureValue. Supports $filter (eq) and $orderby. |
| policyId | String | Represents a unique identifier assigned to a policy. Supports $filter (eq) and $orderby. |
| policyName | String | The name of the filtering policy associated with the action performed on traffic. Supports $filter (eq) and $orderby. |
| policyRuleId | String | Represents a unique identifier assigned to a policy rule. Supports $filter (eq) and $orderby. |
| policyRuleName | String | The name of the rule associated with the action performed on traffic. Supports $filter (eq) and $orderby. |
| popProcessingRegion | String | The Point-of-Presence processing region of the traffic. Supports $filter (eq) and $orderby. |
| privateAccessDetails | microsoft.graph.networkaccess.privateAccessDetails | Details about private access traffic. Supports $filter (eq) and $orderby. |
| receivedBytes | Int64 | Represents the total number of bytes received in a network communication or data transfer. Supports $filter (eq) and $orderby. |
| remoteNetworkId | String | The ID from which traffic was sent or received, providing visibility into the origin of the traffic. Supports $filter (eq) and $orderby. |
| resourceTenantId | String | Tenant ID that owns the resource. Supports $filter (eq) and $orderby. |
| responseCode | Int32 | The HTTP response code inspected in the intercepted HTTP traffic. Supports $filter (eq) and $orderby. |
| sentBytes | Int64 | Represents the total number of bytes sent in a network communication or data transfer. Supports $filter (eq) and $orderby. |
| sessionId | String | Represents a unique identifier assigned to a session or connection within a network infrastructure. Supports $filter (eq) and $orderby. |
| sourceIp | String | Represents the source IP address in a network communication. Supports $filter (eq) and $orderby. |
| sourcePort | Int32 | Represents the network port number on the source host or device in a network communication. Supports $filter (eq) and $orderby. |
| tenantId | String | Represents a unique identifier assigned to a tenant within a network infrastructure. Supports $filter (eq) and $orderby. |
| threatType | String | The type of threat detected in the traffic. Supports $filter (eq) and $orderby. |
| trafficType | microsoft.graph.networkaccess.trafficType | Represents the type or category of network traffic. The possible values are: internet, private, microsoft365, all, unknownFutureValue. Supports $filter (eq) and $orderby. |
| transactionId | String | Represents a unique identifier assigned to a specific transaction or operation. Key. Supports $filter (eq) and $orderby. |
| transportProtocol | microsoft.graph.networkaccess.networkingProtocol | Represents the transport protocol used for communication. The possible values are: ip, icmp, igmp, ggp, ipv4, tcp, pup, udp, idp, ipv6, ipv6RoutingHeader, ipv6FragmentHeader, ipSecEncapsulatingSecurityPayload, ipSecAuthenticationHeader, icmpV6, ipv6NoNextHeader, ipv6DestinationOptions, nd, raw, ipx, spx, spxII, unknownFutureValue. Supports $filter (eq) and $orderby. |
| userId | String | Represents a unique identifier assigned to a user. Supports $filter (eq) and $orderby. |
| userPrincipalName | String | Represents the user principal name (UPN) associated with a user. Supports $filter (eq) and $orderby. |
| vendorNames | Collection(String) | The name of the vendors who detected the threat. Supports $filter (eq) and $orderby. |