Role Assignment for Implementing Microsoft Graph Security API
Question
To streamline security operations and improve threat protection, detection, and response capabilities you want to implement Microsoft Graph Security API.
You will be calling the Microsoft Graph Security API from Graph Explorer.
The global admin in your tenant has granted consent for the requested permissions to the Graph Explorer application.
What role must you be assigned? The solution must use the principle of least privilege.
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: D
Microsoft Graph Security API requires users to be assigned the Azure AD Security Reader role.
/answer/imgckeditor_18_37_16.png)
Option A is incorrect.
This will grant you permission but is not the least privileged solution.
Option B is incorrect.
Reports Readers can read sign-in and audit reports.
Option C is incorrect.
Directory Readers can read basic directory information.
Commonly used to grant directory read access to applications and guests.
To know more about Microsoft Security Graph API Authorization, please refer to the link below:
To call the Microsoft Graph Security API from Graph Explorer, you need to be assigned the appropriate role with the least privilege necessary to perform the required actions. In this scenario, the global admin has already granted consent for the requested permissions to the Graph Explorer application, so you only need to be assigned the role that meets the requirement.
Out of the given options, the most appropriate role to use is the Security Reader role. This role provides read-only access to security data, including alerts, secure score, and secure configuration information. It is specifically designed for users who need to monitor and investigate security issues but do not need to make any changes or take any action.
Assigning the Security Reader role to the user will allow them to access the Microsoft Graph Security API, which provides access to security data and management capabilities across various Microsoft security products and services. This API enables you to automate threat detection, streamline incident response, and integrate security data into your security operations center (SOC) workflows.
The Security Administrator role is not necessary in this scenario since it provides full access to security-related features and settings, including the ability to manage security policies, configure advanced threat protection, and perform security-related actions across Microsoft 365 services.
The Reports Reader role is designed for users who need to view reports and dashboards, but it does not provide access to security data or management capabilities.
The Directory Reader role provides read-only access to directory data, including user and group information, but it does not provide access to security data or management capabilities.