NetworkAccess-Reports.Read.All

Allows the app to read all network access reports on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the NetworkAccess-Reports.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	40049381-3cc1-42af-94ec-5ce755db4b0d	b0c61509-cfc3-42bd-9bd4-66d81785fee4
DisplayText	Read all network access reports	Read all network access reports
Description	Allows the app to read all network access reports without a signed-in user.	Allows the app to read all network access reports on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	GET /networkAccess/logs/connections
	GET /networkAccess/logs/connections/{connectionId}
	GET /networkAccess/logs/remoteNetworks
	GET /networkAccess/logs/traffic
	GET /networkAccess/logs/traffic/{transactionId}

→ Command supports delegated access (access on behalf of a user)
→ Command supports app-only access (access without a user)

	Commands
	Get-MgBetaNetworkAccessLogRemoteNetwork
	Get-MgBetaNetworkAccessLogTraffic

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: connection

Property	Type	Description
agentVersion	String	The version of the client that initiated the connection.
applicationSnapshot	microsoft.graph.networkaccess.applicationSnapshot	appId (or client ID) of the destination Microsoft Entra application.
createdDateTime	DateTimeOffset	The time the connection was created.
destinationFqdn	String	The destination FQDN of the connection.
destinationIp	String	The destination IP of the connection.
destinationPort	Int32	The destination port of the connection.
deviceCategory	microsoft.graph.networkaccess.deviceCategory	The category of the device. The possible values are: `client`, `branch`, `unknownFutureValue`, `remoteNetwork`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `remoteNetwork`.
deviceId	String	The DeviceID.
deviceOperatingSystem	String	The device operating system type.
deviceOperatingSystemVersion	String	The device operating system version.
endDateTime	DateTimeOffset	The time the connection was terminated.
id	String	The unique identifier for the connection. Inherited from microsoft.graph.entity.
initiatingProcessName	String	The process initiating the traffic connection.
lastUpdateDateTime	DateTimeOffset	When the connection was last updated.
networkProtocol	microsoft.graph.networkaccess.networkingProtocol	The network protocol of the connection. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`, `unknownFutureValue`.
popProcessingRegion	String	The Point-of-Presence processing region of the traffic.
privateAccessDetails	microsoft.graph.networkaccess.privateAccessDetails	Private access details.
receivedBytes	Int64	Accumulative bytes received.
sentBytes	Int64	Accumulative bytes sent.
sourceIp	String	The source IP of the connection.
sourcePort	Int32	The source port of the connection.
status	microsoft.graph.networkaccess.connectionStatus	Status of the connection. The possible values are: `open`, `active`, `closed`, `unknownFutureValue`.
tenantId	String	The ID of the tenant where the connection was initiated.
trafficType	microsoft.graph.networkaccess.trafficType	The type of traffic. The possible values are: `internet`, `private`, `microsoft365`, `all`, `unknownFutureValue`, `microsoft`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this evolvable enum: `microsoft`.
transactionBlockCount	Int32	The number of blocked transactions belonging to the connection.
transactionCount	Int32	The number of transactions belonging to the connection.
transportProtocol	microsoft.graph.networkaccess.networkingProtocol	The transport protocol of the connection. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`, `unknownFutureValue`.
userId	String	The user ID.
userPrincipalName	String	The principal name of the user.

Graph reference: networkAccessTraffic

Property	Type	Description
action	microsoft.graph.networkaccess.filteringPolicyAction	Indicates the action taken based on filtering policies. The possible values are: `block`, `allow`, `unknownFutureValue`, `bypass`, `alert`. Use the `Prefer: include-unknown-enum-members` request header to get the following values from this {evolvable enum}(/graph/best-practices-concept#handling-future-members-in-evolvable-enumerations): `bypass` , `alert`.
agentVersion	String	Represents the version of the Global Secure Access (GSA) client agent software. Supports $filter (`eq`) and `$orderby`.
applicationSnapshot	microsoft.graph.networkaccess.applicationSnapshot	Destination Application ID accessed in Azure AD during the transaction. Supports $filter (`eq`) and `$orderby`.
connectionId	String	Represents a unique identifier assigned to a connection. Supports $filter (`eq`) and `$orderby`.
createdDateTime	DateTimeOffset	Represents the date and time when a network access traffic log entry was created. Supports $filter (`eq`) and `$orderby`.
description	String	Informational error message. For example: "Threat intelligence detected a transaction and triggered an alert." or "The Global Secure Access (GSA) policy blocked the destination and triggered an alert." Supports $filter (`eq`) and `$orderby`.
destinationFQDN	String	Represents the Fully Qualified Domain Name (FQDN) of the destination host or server in a network communication. Supports $filter (`eq`) and `$orderby`.
destinationIp	String	Represents the IP address of the destination host or server in a network communication. Supports $filter (`eq`) and `$orderby`.
destinationPort	Int32	Represents the network port number on the destination host or server in a network communication. Supports $filter (`eq`) and `$orderby`.
destinationUrl	String	Represents the URL of the destination in a network communication. Supports $filter (`eq`) and `$orderby`.
destinationWebCategory	microsoft.graph.networkaccess.webCategory	The destination FQDN's Web Category (e.g., Gambling). Supports $filter (`eq`) and `$orderby`.
deviceCategory	microsoft.graph.networkaccess.deviceCategory	Represents the category classification of a device within a network infrastructure. The possible values are: `client`, `branch`, `unknownFutureValue`. Supports $filter (`eq`) and `$orderby`.
deviceId	String	Represents a unique identifier assigned to a device within a network infrastructure. Supports $filter (`eq`) and `$orderby`.
deviceOperatingSystem	String	Represents the operating system installed on a device within a network infrastructure. Supports $filter (`eq`) and `$orderby`.
deviceOperatingSystemVersion	String	Represents the version or release number of the operating system installed on a device within a network infrastructure. Supports $filter (`eq`) and `$orderby`.
filteringProfileId	String	The ID of the Filtering Profile associated with the action performed on traffic. Supports $filter (`eq`) and `$orderby`.
filteringProfileName	String	The name of the Filtering Profile associated with the action performed on traffic. Supports $filter (`eq`) and `$orderby`.
headers	microsoft.graph.networkaccess.headers	Represents the headers included in a network request or response. Supports $filter (`eq`) and `$orderby`.
httpMethod	microsoft.graph.networkaccess.httpMethod	The HTTP method inspected in the intercepted HTTP traffic. Supports $filter (`eq`) and `$orderby`.
initiatingProcessName	String	The process initiating the traffic transaction. Supports $filter (`eq`) and `$orderby`.
networkProtocol	microsoft.graph.networkaccess.networkingProtocol	Represents the networking protocol used for communication. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`, `unknownFutureValue`. Supports $filter (`eq`) and `$orderby`.
operationStatus	microsoft.graph.networkaccess.networkTrafficOperationStatus	Indication if traffic was successfully processed. The possible values are: `success`, `failure`, `unknownFutureValue`. Supports $filter (`eq`) and `$orderby`.
policyId	String	Represents a unique identifier assigned to a policy. Supports $filter (`eq`) and `$orderby`.
policyName	String	The name of the filtering policy associated with the action performed on traffic. Supports $filter (`eq`) and `$orderby`.
policyRuleId	String	Represents a unique identifier assigned to a policy rule. Supports $filter (`eq`) and `$orderby`.
policyRuleName	String	The name of the rule associated with the action performed on traffic. Supports $filter (`eq`) and `$orderby`.
popProcessingRegion	String	The Point-of-Presence processing region of the traffic. Supports $filter (`eq`) and `$orderby`.
privateAccessDetails	microsoft.graph.networkaccess.privateAccessDetails	Details about private access traffic. Supports $filter (`eq`) and `$orderby`.
receivedBytes	Int64	Represents the total number of bytes received in a network communication or data transfer. Supports $filter (`eq`) and `$orderby`.
remoteNetworkId	String	The ID from which traffic was sent or received, providing visibility into the origin of the traffic. Supports $filter (`eq`) and `$orderby`.
resourceTenantId	String	Tenant ID that owns the resource. Supports $filter (`eq`) and `$orderby`.
responseCode	Int32	The HTTP response code inspected in the intercepted HTTP traffic. Supports $filter (`eq`) and `$orderby`.
sentBytes	Int64	Represents the total number of bytes sent in a network communication or data transfer. Supports $filter (`eq`) and `$orderby`.
sessionId	String	Represents a unique identifier assigned to a session or connection within a network infrastructure. Supports $filter (`eq`) and `$orderby`.
sourceIp	String	Represents the source IP address in a network communication. Supports $filter (`eq`) and `$orderby`.
sourcePort	Int32	Represents the network port number on the source host or device in a network communication. Supports $filter (`eq`) and `$orderby`.
tenantId	String	Represents a unique identifier assigned to a tenant within a network infrastructure. Supports $filter (`eq`) and `$orderby`.
threatType	String	The type of threat detected in the traffic. Supports $filter (`eq`) and `$orderby`.
trafficType	microsoft.graph.networkaccess.trafficType	Represents the type or category of network traffic. The possible values are: `internet`, `private`, `microsoft365`, `all`, `unknownFutureValue`. Supports $filter (`eq`) and `$orderby`.
transactionId	String	Represents a unique identifier assigned to a specific transaction or operation. Key. Supports $filter (`eq`) and `$orderby`.
transportProtocol	microsoft.graph.networkaccess.networkingProtocol	Represents the transport protocol used for communication. The possible values are: `ip`, `icmp`, `igmp`, `ggp`, `ipv4`, `tcp`, `pup`, `udp`, `idp`, `ipv6`, `ipv6RoutingHeader`, `ipv6FragmentHeader`, `ipSecEncapsulatingSecurityPayload`, `ipSecAuthenticationHeader`, `icmpV6`, `ipv6NoNextHeader`, `ipv6DestinationOptions`, `nd`, `raw`, `ipx`, `spx`, `spxII`, `unknownFutureValue`. Supports $filter (`eq`) and `$orderby`.
userId	String	Represents a unique identifier assigned to a user. Supports $filter (`eq`) and `$orderby`.
userPrincipalName	String	Represents the user principal name (UPN) associated with a user. Supports $filter (`eq`) and `$orderby`.
vendorNames	Collection(String)	The name of the vendors who detected the threat. Supports $filter (`eq`) and `$orderby`.

Graph reference: remoteNetworkHealthEvent

Property	Type	Description
bgpRoutesAdvertisedCount	Int32	The number of BGP routes advertised through tunnel.
createdDateTime	DateTimeOffset	The time of the original event generation in UTC. Supports `$filter` (`ge`, `le`) and `$orderby`.
description	String	The description of the event.
destinationIp	String	The IP address of the destination.
id	String	A unique identifier for each remoteNetworkHealthEvent.
remoteNetworkId	String	A unique identifier for each remoteNetwork site. Supports `$filter` (`eq`).
sourceIp	String	The public IP address.
status	microsoft.graph.networkaccess.remoteNetworkStatus	The status of the remote network. The possible values are: `tunnelDisconnected`, `tunnelConnected`, `bgpDisconnected`, `bgpConnected`, `remoteNetworkAlive`, `unknownFutureValue`.
sentBytes	Int64	The number of bytes sent from the source to the destination for the connection or session.
receivedBytes	Int64	The number of bytes sent from the destination to the source.

Table of Contents

NetworkAccess-Reports.Read.All

Graph Methods

Resources