Table of Contents

SecurityActions.Read.All

Allows the app to read security actions, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the SecurityActions.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier 5e0edab9-c148-49d0-b423-ac253e121825 1638cddf-07a4-4de2-8645-69c96cacad73
DisplayText Read your organization's security actions Read your organization's security actions
Description Allows the app to read security actions, without a signed-in user. Allows the app to read security actions, on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: securityAction

Property Type Description
actionReason String Reason for invoking this action.
appId String The Application ID of the calling application that submitted (POST) the action. The appId should be extracted from the auth token and not entered manually by the calling application.
azureTenantId String Azure tenant ID of the entity to determine which tenant the entity belongs to (multi-tenancy support). The azureTenantId should be extracted from the auth token and not entered manually by the calling application.
clientContext String Unique client context string. Can have a maximum of 256 characters.
completedDateTime DateTimeOffset Timestamp when the action was completed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
createdDateTime DateTimeOffset Timestamp when the action is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
errorInfo resultInfo Error info when the action fails.
id String Created by the system when the action is ingested. Generated GUID/unique identifier. Read-only.
lastActionDateTime DateTimeOffset Timestamp when this action was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z.
name String Action name.
parameters keyValuePair collection Collection of parameters (key-value pairs) necessary to invoke the action, for example, URL or fileHash to block.). Required.
states securityActionState collection Collection of securityActionState to keep the history of an action.
status string Status of the action. Possible values are: NotStarted, Running, Completed, Failed.
user String The user principal name of the signed-in user that submitted (POST) the action. The user should be extracted from the auth token and not entered manually by the calling application.
vendorInformation securityVendorInformation Complex Type containing details about the Security product/service vendor, provider, and sub-provider (for example, vendor=Microsoft; provider=Windows Defender ATP; sub-provider=AppLocker).