SecurityCopilotWorkspaces.ReadWrite.All

Allows the app to read and write Security Copilot resources owned by the signed-in user on their behalf.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the SecurityCopilotWorkspaces.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	-	206291b0-2167-47a7-a640-6cdc1df710ba
DisplayText	-	Read and write individually owned Security Copilot resources of the signed-in user
Description	-	Allows the app to read and write Security Copilot resources owned by the signed-in user on their behalf.
AdminConsentRequired	Yes	No

Graph Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	PATCH /security/securityCopilot/workspaces/{workspaceId}/sessions/{sessionId}
	POST /security/securityCopilot/workspaces/{workspaceId}/sessions
	POST /security/securityCopilot/workspaces/{workspaceId}/sessions/{sessionId}/prompts
	POST /security/securityCopilot/workspaces/{workspaceId}/sessions/{sessionId}/prompts/{promptId}/evaluations

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: evaluation

Property	Type	Description
completedDateTime	DateTimeOffset	Evaluation completion time.
createdDateTime	DateTimeOffset	Evaluation created time.
executionCount	Int64	Evaluation execution count.
id	String	Represents the unique ID of the Security Copilot evaluation. Inherits from entity.
isCancelled	Boolean	Evaluation cancellation status.
lastModifiedDateTime	DateTimeOffset	Evaluation modified time.
result	microsoft.graph.security.securityCopilot.evaluationResult	Evaluation results collection.
runStartDateTime	DateTimeOffset	Evaluation Run start time.
state	microsoft.graph.security.securityCopilot.evaluationState	Evaluation state during poll. The possible values are: `unknown`, `created`, `running`, `completed`, `cancelled`, `pending`, `deferred`, `waitingForInput`, `unknownFutureValue`.

Graph reference: security-securitycopilot-prompt

Property	Type	Description
content	String	Input content to the prompt.
createdDateTime	DateTimeOffset	Created time.
id	String	Represents the unique ID of the Security Copilot prompt. Inherits from entity.
inputs	microsoft.graph.Dictionary	Not implemented.
lastModifiedDateTime	DateTimeOffset	Last modified time.
skillInputDescriptors	microsoft.graph.security.securityCopilot.skillInputDescriptor collection	Skill Input descriptor.
skillName	String	Skill name.
type	microsoft.graph.security.securityCopilot.promptType	Prompt types. The possible values are: `unknown`, `context`, `prompt`, `skill`, `feedback`, `unknownFutureValue`. Only `prompt` is currently supported.

Graph reference: session

Property	Type	Description
createdDateTime	DateTimeOffset	Created time of the session (UTC).
displayName	String	Display name for the session.
id	String	Represents the unique ID of the Security Copilot session. Inherits from entity.
lastModifiedDateTime	DateTimeOffset	Last modified time of the session (UTC). Updated when **d

Table of Contents

SecurityCopilotWorkspaces.ReadWrite.All

Graph Methods

Resources