SlideShare a Scribd company logo
Agenda
dozens of security
solutions
Disconnected alerts
Different schemas and APIs
Isolated security insights
Inaccessible contextual info
Operational complexity
Unified gateway to security insights and actions across Microsoft products, services, and partners
Unify and standardize
alert management
Automate SecOps for
greater efficiency
Unlock security context
to drive investigation
!
Alerts
Security Profiles
Host | User | File | App | IP
Actions Configurations
Insights and relationships
OAuth 2.0 and OpenID Connect 1.0
Azure AD Identity
Protection IntuneWindows
Defender ATP
Office 365 ATP Cloud Application
Security
Azure ATP Azure Security
Center
Azure Information
Protection
Ecosystem
Partners
Other Microsoft Graph Services
Office 365 | Intune | Active Directory | More…
Users Groups Mail Files Calendar
Customers control access to their security data
App Access
Customer grants permission for
the application to access their data
via the Security API in AAD
Requests are brokered by the
Security API, no data is stored
Access can be revoked by the
customer at any time
Resources
https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference#security-permissions
https://techcommunity.microsoft.com/t5/Using-Microsoft-Graph-Security/Authorization-and-Microsoft-Graph-Security-API/m-p/184376#M2
User Access
User permissions can be managed in
either of the following ways:
Delegated access
Customer assigns users to AAD role(s):
Security Reader or Security
Administrator
App only
Application implements role-based
access for users
+
Security
dashboards
Surface aggregated alerts in
security operations
dashboards along with rich
contextual information
about related entities
!
!
!
!
Security
operations tools
Stream alerts in near real-
time to a ticketing or IT
management system, keep
alert status and assignments
in sync, automate common
tasks
Threat protection
solutions
Correlate alerts and
contextual information for
improved detections, take
action on threats - block an
IP on firewall, run AV scan…
Other applications
Add security functionality
to non-security
applications – HR,
financial, healthcare apps…
Integration Partners
Anomali integrates with the Security API to
correlate alerts from Microsoft Graph with threat
intelligence, providing earlier detection and
response to cyber threats.
Alerts from the Microsoft Graph will combine with
Palo Alto Networks threat data to speed detection
and prevention of cyberattacks for our shared
customers.
PwC uses alerts and context from Microsoft Graph
in its Secure Terrain solution to deliver improved
visibility and protection.
C# SDK: graphClient.Security.Alerts.Request().Asynch();
REST: GET graph.microsoft.com/beta/security/alerts
C# SDK: graphService.UpdateAlert(alert, updateAlertModel);
REST: PATCH graph.Microsoft.com/beta/security/alerts/7f590b04-0cb3-478f-88ca-974a8bb5a46f
{
“status”:”InProgress”,
“assignedTo”:”janedoe@contoso.com”
}
Unified alert management: /security/alerts
alerts
alerts
C# SDK: graphClient.Security.UserSecurityProfiles.Request().Filter(”userPrincipalName eq ‘janedoe@contoso.com’”)
REST: GET …/hostSecurityProfiles?$filter=fqdn eq ‘johnedoe-surfpro.contoso.com’&$select=riskScore
REST: GET …/fileSecurityProfiles?$filter=sha256 eq ‘091835b16192e526ee1b8a04d0fcef534b44cad306672066f2ad6973a4b18b19’
REST: GET …/hostSecurityProfiles?$select=platform,osVersion
Unlock security context: /security/securityProfiles
securityProfiles
securityProfiles Host | User | File | App | IP
REST: POST graph.microsoft.com/beta/security/actions?$ref
{ “id”: ”7f590b04-0cb3-478f-88ca-974a8bb5a46f”, // (required) id of SecurityProfile entity to act upon
“provider”: ”MCAS”, // (required) security provider to take the action
“name”: ”restrictAccess”, // provider specific action metadata
“cloudService”: ”OneDrive” // provider specific action metadata
}
Automate security operations: /security/actions
actions
actions
REST: POST graph.microsoft.com/beta/security/configuration?$ref
{
“provider”: ”intune”, // (required) security provider set the configuration
“name”: ”microsoft.graph.iosGeneralDeviceConfiguration”, // (required) configuration setting to modify
“displayName”: ”iOS Lock Policy”, // provider specific configuration metadata
“description”: ”My iOS Policy”, // provider specific configuration metadata
“lockScreenBlockNotificationView”: true // provider specific configuration metadata
}
configuration
configuration
Automate security configurations:
/security/configuration
16
Public Preview (available now)
Beta of Security API in Microsoft Graph
Client C# SDK available for integration
Code samples for C# and Python
Support for Alerts from Azure Security Center and
Azure Active Directory Identity Protection with Intune
and Azure Information Protection coming soon
Unified SIEM integration through Azure Monitor
(QRadar, Splunk, SumoLogic)
Developer forums on Microsoft Tech Community &
Stack Overflow
General Availability (H2 2018)
Onboarding additional Microsoft and ecosystem
products
Unlock new security context through Security
Inventory
Adding automation through Actions and
Configuration
Provider SDK and documentation for broad
ecosystem integration
Additional client SDKs and sample code through
Microsoft Graph
Channel 9 videos
Lab
Live demos in the Microsoft Graph boothExpo
WRK2506
How to Build Security Applications using the Microsoft Graph API
Tuesday, 3:00 PM-4:15 PM
TCC: Tahoma 2
Documentation
Read the documentation
https://aka.ms/graphsecuritydocs
Learn how to stream alerts to your SIEM
https://aka.ms/graphsecuritySIEM
GitHub
Get started with C# samples
https://aka.ms/graphsecurityaspnet
Get started with Python samples
https://aka.ms/graphsecuritypython
Download the C# SDK
https://aka.ms/graphsecuritysdk
Communities
Join the Tech Community
https://aka.ms/graphsecuritycommunity
Follow the discussion on Stack Overflow
https://stackoverflow.com/questions/tagged/
microsoft-graph-security
https://aka.ms/graphsecurityapi
Unlocking security insights with Microsoft Graph API
Unlocking security insights with Microsoft Graph API

More Related Content

What's hot

Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASBAmmar Hasayen
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure SentinelRobert Crane
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security CenterCheah Eng Soon
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architectureKarl Ots
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRJürgen Ambrosi
 
What's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureWhat's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureMicrosoft Tech Community
 
Protect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelProtect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelNanddeep Nachan
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceVignesh Ganesan I Microsoft MVP
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeAxel Dittmann
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...wwwally
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft 365 Developer
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionalityvivekbhat
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp  overviewMicrosoft threat protection + wdatp+ aatp  overview
Microsoft threat protection + wdatp+ aatp overviewAllessandra Negri
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSAlert Logic
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessAlert Logic
 
Azure vm introduction
Azure  vm introductionAzure  vm introduction
Azure vm introductionLalit Rawat
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issuesElasticsearch
 

What's hot (20)

Microsoft Cloud App Security CASB
Microsoft Cloud App Security CASBMicrosoft Cloud App Security CASB
Microsoft Cloud App Security CASB
 
Azure sentinel
Azure sentinelAzure sentinel
Azure sentinel
 
introduction to Azure Sentinel
introduction to Azure Sentinelintroduction to Azure Sentinel
introduction to Azure Sentinel
 
Azure security basics
Azure security basicsAzure security basics
Azure security basics
 
Getting Started with Azure Security Center
Getting Started with Azure Security CenterGetting Started with Azure Security Center
Getting Started with Azure Security Center
 
Threat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure SentinelThreat Hunting on AWS using Azure Sentinel
Threat Hunting on AWS using Azure Sentinel
 
Azure security architecture
Azure security architectureAzure security architecture
Azure security architecture
 
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPRIdentity and Data protection with Enterprise Mobility Security in ottica GDPR
Identity and Data protection with Enterprise Mobility Security in ottica GDPR
 
What's new for Serverless Computing in Azure
What's new for Serverless Computing in AzureWhat's new for Serverless Computing in Azure
What's new for Serverless Computing in Azure
 
Protect Office 365 with Azure Sentinel
Protect Office 365 with Azure SentinelProtect Office 365 with Azure Sentinel
Protect Office 365 with Azure Sentinel
 
Secure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity GovernanceSecure your M365 resources using Azure AD Identity Governance
Secure your M365 resources using Azure AD Identity Governance
 
BRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edgeBRK2122 IOT - From the cloud to the edge
BRK2122 IOT - From the cloud to the edge
 
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
Haal de mist uit de monitoring van je cloud met System Center 2012 R2 Operati...
 
Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018Microsoft Graph community call May, 2018
Microsoft Graph community call May, 2018
 
Windows Azure Security Features And Functionality
Windows Azure Security Features And FunctionalityWindows Azure Security Features And Functionality
Windows Azure Security Features And Functionality
 
Microsoft threat protection + wdatp+ aatp overview
Microsoft threat protection + wdatp+ aatp  overviewMicrosoft threat protection + wdatp+ aatp  overview
Microsoft threat protection + wdatp+ aatp overview
 
CSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWSCSS 17: NYC - Building Secure Solutions in AWS
CSS 17: NYC - Building Secure Solutions in AWS
 
Govern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for SuccessGovern Your Cloud: The Foundation for Success
Govern Your Cloud: The Foundation for Success
 
Azure vm introduction
Azure  vm introductionAzure  vm introduction
Azure vm introduction
 
Get full visibility and find hidden security issues
Get full visibility and find hidden security issuesGet full visibility and find hidden security issues
Get full visibility and find hidden security issues
 

Similar to Unlocking security insights with Microsoft Graph API

Microsoft graph and power platform champ
Microsoft graph and power platform   champMicrosoft graph and power platform   champ
Microsoft graph and power platform champKumton Suttiraksiri
 
Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft 365 Developer
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Todd Whitehead
 
An introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersAn introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersMicrosoft 365 Developer
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnNUS-ISS
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsPuma Security, LLC
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfChristopher Doman
 
Building 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesBuilding 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesJakarta_EE
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Community
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Erkang Zheng
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxGenericName6
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Moataz Kamel
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Securityguest2a5a03
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEcscpconf
 
Free 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionsFree 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionswilliamLeo13
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaMongoDB
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Jeremy Gray
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020Issei Hiraoka
 

Similar to Unlocking security insights with Microsoft Graph API (20)

Microsoft graph and power platform champ
Microsoft graph and power platform   champMicrosoft graph and power platform   champ
Microsoft graph and power platform champ
 
Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018Microsoft Graph community call-October 2018
Microsoft Graph community call-October 2018
 
Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...Building Automated Governance Using Code, Platform Services & Several Small P...
Building Automated Governance Using Code, Platform Services & Several Small P...
 
An introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developersAn introduction to Microsoft Graph for developers
An introduction to Microsoft Graph for developers
 
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk MunnSupply Chain Security for Containerised Workloads - Lee Chuk Munn
Supply Chain Security for Containerised Workloads - Lee Chuk Munn
 
DevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit TestsDevSecOps: Let's Write Security Unit Tests
DevSecOps: Let's Write Security Unit Tests
 
Azure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdfAzure Incident Response Cheat Sheet.pdf
Azure Incident Response Cheat Sheet.pdf
 
Building 12-factor Cloud Native Microservices
Building 12-factor Cloud Native MicroservicesBuilding 12-factor Cloud Native Microservices
Building 12-factor Cloud Native Microservices
 
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
aOS Monaco 2019 - A7 - Sécurisez votre SI et vos services Office 365 partie 2...
 
Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...Build a complete security operations and compliance program using a graph dat...
Build a complete security operations and compliance program using a graph dat...
 
microsoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptxmicrosoft-cybersecurity-reference-architectures (1).pptx
microsoft-cybersecurity-reference-architectures (1).pptx
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Adobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES SecurityAdobe PDF and LiveCycle ES Security
Adobe PDF and LiveCycle ES Security
 
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVEDEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
DEVELOPING APPLICATION FOR CLOUD – A PROGRAMMER’S PERSPECTIVE
 
Free 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam QuestionsFree 2022 Updated Microsoft SC-900 Exam Questions
Free 2022 Updated Microsoft SC-900 Exam Questions
 
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di PalmaEvolving your Data Access with MongoDB Stitch - Drew Di Palma
Evolving your Data Access with MongoDB Stitch - Drew Di Palma
 
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
Running Regulated Workloads on Azure PaaS services (DogFoodCon 2018)
 
20201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 202020201015 Azure PaaS Update at Microsoft Ignite 2020
20201015 Azure PaaS Update at Microsoft Ignite 2020
 
Cloud Security Fundamentals Webinar
Cloud Security Fundamentals WebinarCloud Security Fundamentals Webinar
Cloud Security Fundamentals Webinar
 
Android - Api & Debugging in Android
Android - Api & Debugging in AndroidAndroid - Api & Debugging in Android
Android - Api & Debugging in Android
 

More from Microsoft Tech Community

Building mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinBuilding mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinMicrosoft Tech Community
 
Interactive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsInteractive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsMicrosoft Tech Community
 
Break through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsBreak through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsMicrosoft Tech Community
 
Multiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMultiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMicrosoft Tech Community
 
Media Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMedia Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMicrosoft Tech Community
 
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityReal-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityMicrosoft Tech Community
 
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightIngestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightMicrosoft Tech Community
 
Getting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIGetting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIMicrosoft Tech Community
 
Mobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMicrosoft Tech Community
 
Cognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionCognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionMicrosoft Tech Community
 
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1Microsoft Tech Community
 
Building document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftBuilding document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftMicrosoft Tech Community
 
Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Microsoft Tech Community
 

More from Microsoft Tech Community (20)

100 ways to use Yammer
100 ways to use Yammer100 ways to use Yammer
100 ways to use Yammer
 
10 Yammer Group Suggestions
10 Yammer Group Suggestions10 Yammer Group Suggestions
10 Yammer Group Suggestions
 
Building mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and XamarinBuilding mobile apps with Visual Studio and Xamarin
Building mobile apps with Visual Studio and Xamarin
 
Interactive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive CardsInteractive emails in Outlook with Adaptive Cards
Interactive emails in Outlook with Adaptive Cards
 
Break through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable FunctionsBreak through the serverless barriers with Durable Functions
Break through the serverless barriers with Durable Functions
 
Multiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container InstancesMultiplayer Server Scaling with Azure Container Instances
Multiplayer Server Scaling with Azure Container Instances
 
Explore Azure Cosmos DB
Explore Azure Cosmos DBExplore Azure Cosmos DB
Explore Azure Cosmos DB
 
Media Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and XamarinMedia Streaming Apps with Azure and Xamarin
Media Streaming Apps with Azure and Xamarin
 
DevOps for Data Science
DevOps for Data ScienceDevOps for Data Science
DevOps for Data Science
 
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexityReal-World Solutions with PowerApps: Tips & tricks to manage your app complexity
Real-World Solutions with PowerApps: Tips & tricks to manage your app complexity
 
Azure Functions and Microsoft Graph
Azure Functions and Microsoft GraphAzure Functions and Microsoft Graph
Azure Functions and Microsoft Graph
 
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsightIngestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
Ingestion in data pipelines with Managed Kafka Clusters in Azure HDInsight
 
Getting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AIGetting Started with Visual Studio Tools for AI
Getting Started with Visual Studio Tools for AI
 
Using AML Python SDK
Using AML Python SDKUsing AML Python SDK
Using AML Python SDK
 
Mobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing MapsMobile Workforce Location Tracking with Bing Maps
Mobile Workforce Location Tracking with Bing Maps
 
Cognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detectionCognitive Services Labs in action Anomaly detection
Cognitive Services Labs in action Anomaly detection
 
Speech Devices SDK
Speech Devices SDKSpeech Devices SDK
Speech Devices SDK
 
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
LinkedIn Learning presents: Securing web applications in ASP.NET Core 2.1
 
Building document processes using Adobe + Microsoft
Building document processes using Adobe + MicrosoftBuilding document processes using Adobe + Microsoft
Building document processes using Adobe + Microsoft
 
Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...Work with files everywhere: Store files, extend user experiences, and build b...
Work with files everywhere: Store files, extend user experiences, and build b...
 

Recently uploaded

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...CzechDreamin
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessUXDXConf
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1DianaGray10
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaRTTS
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Julian Hyde
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationZilliz
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka DoktorováCzechDreamin
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaCzechDreamin
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastUXDXConf
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekCzechDreamin
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxAbida Shariff
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backElena Simperl
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityScyllaDB
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...CzechDreamin
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKUXDXConf
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxJennifer Lim
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty SecureFemke de Vroome
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonDianaGray10
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2DianaGray10
 

Recently uploaded (20)

Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
Behind the Scenes From the Manager's Chair: Decoding the Secrets of Successfu...
 
Structuring Teams and Portfolios for Success
Structuring Teams and Portfolios for SuccessStructuring Teams and Portfolios for Success
Structuring Teams and Portfolios for Success
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1UiPath Test Automation using UiPath Test Suite series, part 1
UiPath Test Automation using UiPath Test Suite series, part 1
 
JMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and GrafanaJMeter webinar - integration with InfluxDB and Grafana
JMeter webinar - integration with InfluxDB and Grafana
 
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
Measures in SQL (a talk at SF Distributed Systems meetup, 2024-05-22)
 
Introduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG EvaluationIntroduction to Open Source RAG and RAG Evaluation
Introduction to Open Source RAG and RAG Evaluation
 
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová10 Differences between Sales Cloud and CPQ, Blanka Doktorová
10 Differences between Sales Cloud and CPQ, Blanka Doktorová
 
Powerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara LaskowskaPowerful Start- the Key to Project Success, Barbara Laskowska
Powerful Start- the Key to Project Success, Barbara Laskowska
 
Designing for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at ComcastDesigning for Hardware Accessibility at Comcast
Designing for Hardware Accessibility at Comcast
 
AI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří KarpíšekAI revolution and Salesforce, Jiří Karpíšek
AI revolution and Salesforce, Jiří Karpíšek
 
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptxIOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
IOS-PENTESTING-BEGINNERS-PRACTICAL-GUIDE-.pptx
 
Knowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and backKnowledge engineering: from people to machines and back
Knowledge engineering: from people to machines and back
 
Optimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through ObservabilityOptimizing NoSQL Performance Through Observability
Optimizing NoSQL Performance Through Observability
 
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
SOQL 201 for Admins & Developers: Slice & Dice Your Org’s Data With Aggregate...
 
Connecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAKConnecting the Dots in Product Design at KAYAK
Connecting the Dots in Product Design at KAYAK
 
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptxWSO2CONMay2024OpenSourceConferenceDebrief.pptx
WSO2CONMay2024OpenSourceConferenceDebrief.pptx
 
ECS 2024 Teams Premium - Pretty Secure
ECS 2024   Teams Premium - Pretty SecureECS 2024   Teams Premium - Pretty Secure
ECS 2024 Teams Premium - Pretty Secure
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2UiPath Test Automation using UiPath Test Suite series, part 2
UiPath Test Automation using UiPath Test Suite series, part 2
 

Unlocking security insights with Microsoft Graph API

  • 1.
  • 2.
  • 5. Disconnected alerts Different schemas and APIs Isolated security insights Inaccessible contextual info Operational complexity
  • 6. Unified gateway to security insights and actions across Microsoft products, services, and partners Unify and standardize alert management Automate SecOps for greater efficiency Unlock security context to drive investigation !
  • 7. Alerts Security Profiles Host | User | File | App | IP Actions Configurations Insights and relationships OAuth 2.0 and OpenID Connect 1.0 Azure AD Identity Protection IntuneWindows Defender ATP Office 365 ATP Cloud Application Security Azure ATP Azure Security Center Azure Information Protection Ecosystem Partners Other Microsoft Graph Services Office 365 | Intune | Active Directory | More… Users Groups Mail Files Calendar
  • 8. Customers control access to their security data App Access Customer grants permission for the application to access their data via the Security API in AAD Requests are brokered by the Security API, no data is stored Access can be revoked by the customer at any time Resources https://developer.microsoft.com/en-us/graph/docs/concepts/permissions_reference#security-permissions https://techcommunity.microsoft.com/t5/Using-Microsoft-Graph-Security/Authorization-and-Microsoft-Graph-Security-API/m-p/184376#M2 User Access User permissions can be managed in either of the following ways: Delegated access Customer assigns users to AAD role(s): Security Reader or Security Administrator App only Application implements role-based access for users +
  • 9. Security dashboards Surface aggregated alerts in security operations dashboards along with rich contextual information about related entities ! ! ! ! Security operations tools Stream alerts in near real- time to a ticketing or IT management system, keep alert status and assignments in sync, automate common tasks Threat protection solutions Correlate alerts and contextual information for improved detections, take action on threats - block an IP on firewall, run AV scan… Other applications Add security functionality to non-security applications – HR, financial, healthcare apps… Integration Partners Anomali integrates with the Security API to correlate alerts from Microsoft Graph with threat intelligence, providing earlier detection and response to cyber threats. Alerts from the Microsoft Graph will combine with Palo Alto Networks threat data to speed detection and prevention of cyberattacks for our shared customers. PwC uses alerts and context from Microsoft Graph in its Secure Terrain solution to deliver improved visibility and protection.
  • 10.
  • 11. C# SDK: graphClient.Security.Alerts.Request().Asynch(); REST: GET graph.microsoft.com/beta/security/alerts C# SDK: graphService.UpdateAlert(alert, updateAlertModel); REST: PATCH graph.Microsoft.com/beta/security/alerts/7f590b04-0cb3-478f-88ca-974a8bb5a46f { “status”:”InProgress”, “assignedTo”:”janedoe@contoso.com” } Unified alert management: /security/alerts alerts alerts
  • 12. C# SDK: graphClient.Security.UserSecurityProfiles.Request().Filter(”userPrincipalName eq ‘janedoe@contoso.com’”) REST: GET …/hostSecurityProfiles?$filter=fqdn eq ‘johnedoe-surfpro.contoso.com’&$select=riskScore REST: GET …/fileSecurityProfiles?$filter=sha256 eq ‘091835b16192e526ee1b8a04d0fcef534b44cad306672066f2ad6973a4b18b19’ REST: GET …/hostSecurityProfiles?$select=platform,osVersion Unlock security context: /security/securityProfiles securityProfiles securityProfiles Host | User | File | App | IP
  • 13. REST: POST graph.microsoft.com/beta/security/actions?$ref { “id”: ”7f590b04-0cb3-478f-88ca-974a8bb5a46f”, // (required) id of SecurityProfile entity to act upon “provider”: ”MCAS”, // (required) security provider to take the action “name”: ”restrictAccess”, // provider specific action metadata “cloudService”: ”OneDrive” // provider specific action metadata } Automate security operations: /security/actions actions actions
  • 14. REST: POST graph.microsoft.com/beta/security/configuration?$ref { “provider”: ”intune”, // (required) security provider set the configuration “name”: ”microsoft.graph.iosGeneralDeviceConfiguration”, // (required) configuration setting to modify “displayName”: ”iOS Lock Policy”, // provider specific configuration metadata “description”: ”My iOS Policy”, // provider specific configuration metadata “lockScreenBlockNotificationView”: true // provider specific configuration metadata } configuration configuration Automate security configurations: /security/configuration
  • 15.
  • 16. 16 Public Preview (available now) Beta of Security API in Microsoft Graph Client C# SDK available for integration Code samples for C# and Python Support for Alerts from Azure Security Center and Azure Active Directory Identity Protection with Intune and Azure Information Protection coming soon Unified SIEM integration through Azure Monitor (QRadar, Splunk, SumoLogic) Developer forums on Microsoft Tech Community & Stack Overflow General Availability (H2 2018) Onboarding additional Microsoft and ecosystem products Unlock new security context through Security Inventory Adding automation through Actions and Configuration Provider SDK and documentation for broad ecosystem integration Additional client SDKs and sample code through Microsoft Graph
  • 17. Channel 9 videos Lab Live demos in the Microsoft Graph boothExpo WRK2506 How to Build Security Applications using the Microsoft Graph API Tuesday, 3:00 PM-4:15 PM TCC: Tahoma 2
  • 18. Documentation Read the documentation https://aka.ms/graphsecuritydocs Learn how to stream alerts to your SIEM https://aka.ms/graphsecuritySIEM GitHub Get started with C# samples https://aka.ms/graphsecurityaspnet Get started with Python samples https://aka.ms/graphsecuritypython Download the C# SDK https://aka.ms/graphsecuritysdk Communities Join the Tech Community https://aka.ms/graphsecuritycommunity Follow the discussion on Stack Overflow https://stackoverflow.com/questions/tagged/ microsoft-graph-security https://aka.ms/graphsecurityapi

Editor's Notes

  1. EMS Overview
  2. © 2016 Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.
  3. EMS Overview