SecurityIdentitiesSensors.ReadWrite.All

Allows the app to read and write identity security sensors on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the SecurityIdentitiesSensors.ReadWrite.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category	Application	Delegated
Identifier	d4dcee6d-0774-412a-b06c-aeabbd99e816	087c3ad9-c2ca-4b82-9885-d5e25ce9e183
DisplayText	Read and write all identity security sensors	Read and write identity security sensors
Description	Allows the app to read and write identity security sensors without a signed-in user.	Allows the app to read and write identity security sensors on behalf of the signed-in user.
AdminConsentRequired	Yes	Yes

Graph Methods

• API [v1.0]
• API [beta]
• PowerShell [v1.0]
• PowerShell [beta]

→ API supports delegated access (access on behalf of a user)
→ API supports app-only access (access without a user)

	Methods
	DELETE /security/identities/sensors/{sensorId}
	GET /security/identities/sensors/getDeploymentAccessKey
	PATCH /security/identities/sensors/{sensorId}
	POST /security/identities/sensors/regenerateDeploymentAccessKey

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

• deploymentAccessKeyType
• sensor
• sensorSettings

Graph reference: deploymentAccessKeyType

Property	Type	Description
deploymentAccessKey	String	The deployment access key.