Table of Contents

ThreatHunting.Read.All

Allows the app to run hunting queries, on behalf of the signed-in user.

Merill's Note

For an app to access data in Microsoft Graph, the user or administrator must grant it the permissions it needs. This article lists all the Microsoft Graph APIs and your tenant data that can be accessed by the application (vendor/developer) if you consent to the ThreatHunting.Read.All permission.

If you need to create an audit report of the permissions granted to all the apps in your tenant, you can run the Export-MsIdAppConsentGrantReport command. See How To: Run a quick OAuth app audit of your tenant

Category Application Delegated
Identifier dd98c7f5-2d42-42d3-a0e4-633161547251 b152eca8-ea73-4a48-8c98-1a6742673d99
DisplayText Run hunting queries Run hunting queries
Description Allows the app to run hunting queries, without a signed-in user. Allows the app to run hunting queries, on behalf of the signed-in user.
AdminConsentRequired Yes Yes

Graph Methods

Resources

Granting this permission allows the calling application to access (and/or update) the following information in your tenant.

Graph reference: huntingQueryResults

Property Type Description
schema microsoft.graph.security.singlePropertySchema collection The schema for the response.
results microsoft.graph.security.huntingRowResult collection The results of the hunting query.