SecurityActions.ReadWrite.All
Allows the app to read or update security actions, on behalf of the signed-in user.
Merill's Note
For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the
SecurityActions.ReadWrite.Allpermission.If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the
Export-MsIdAppConsentGrantReportcommand. See How To: Run a quick OAuth app audit of your tenant
| Category | Application | Delegated |
|---|---|---|
| Identifier | f2bf083f-0179-402a-bedb-b2784de8a49b | dc38509c-b87d-4da0-bd92-6bec988bac4a |
| DisplayText | Read and update your organization's security actions | Read and update your organization's security actions |
| Description | Allows the app to read or update security actions, without a signed-in user. | Allows the app to read or update security actions, on behalf of the signed-in user. |
| AdminConsentRequired | Yes | Yes |
Graph Methods
→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)
| Methods |
|---|
Resources
Granting this permission allows the calling application to access (and/or update) the following information in your tenant.
Graph reference: securityAction
| Property | Type | Description |
|---|---|---|
| actionReason | String | Reason for invoking this action. |
| appId | String | The Application ID of the calling application that submitted (POST) the action. The appId should be extracted from the auth token and not entered manually by the calling application. |
| azureTenantId | String | Azure tenant ID of the entity to determine which tenant the entity belongs to (multi-tenancy support). The azureTenantId should be extracted from the auth token and not entered manually by the calling application. |
| clientContext | String | Unique client context string. Can have a maximum of 256 characters. |
| completedDateTime | DateTimeOffset | Timestamp when the action was completed. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| createdDateTime | DateTimeOffset | Timestamp when the action is created. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| errorInfo | resultInfo | Error info when the action fails. |
| id | String | Created by the system when the action is ingested. Generated GUID/unique identifier. Read-only. |
| lastActionDateTime | DateTimeOffset | Timestamp when this action was last updated. The Timestamp type represents date and time information using ISO 8601 format and is always in UTC time. For example, midnight UTC on Jan 1, 2014 is 2014-01-01T00:00:00Z. |
| name | String | Action name. |
| parameters | keyValuePair collection | Collection of parameters (key-value pairs) necessary to invoke the action, for example, URL or fileHash to block.). Required. |
| states | securityActionState collection | Collection of securityActionState to keep the history of an action. |
| status | string | Status of the action. Possible values are: NotStarted, Running, Completed, Failed. |
| user | String | The user principal name of the signed-in user that submitted (POST) the action. The user should be extracted from the auth token and not entered manually by the calling application. |
| vendorInformation | securityVendorInformation | Complex Type containing details about the Security product/service vendor, provider, and sub-provider (for example, vendor=Microsoft; provider=Windows Defender ATP; sub-provider=AppLocker). |