Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Invoke-MgGraphRequest not working for "api.securitycenter.microsoft.com" #2965

Open
PrzemyslawKlys opened this issue Sep 20, 2024 · 1 comment
Open

Invoke-MgGraphRequest not working for "api.securitycenter.microsoft.com" #2965

PrzemyslawKlys opened this issue Sep 20, 2024 · 1 comment
Assignees
@timayabi2020
Labels
Status: Needs Investigation type:bug A broken experience

Comments

@PrzemyslawKlys
Copy link

Describe the bug

I was trying to use Invoke-MgGraphRequest with api.securitycenter and it doesn't work. It works using old MSAL.PS methods so I would guess it's the same thing. Is that expected?

Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome

# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose

Expected behavior

Invoke-MgGraphRequest should work with all URL's

How to reproduce

Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome

# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose

SDK Version

2.23.0

Latest version known to work for scenario above?

No response

Known Workarounds

MSAL.PS module

Debug output

Click to expand log ``` Invoke-MgGraphRequest : GET https://api.securitycenter.microsoft.com/api/alerts HTTP/1.1 401 Unauthorized Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 20 Sep 2024 10:37:16 GMT WWW-Authenticate: Bearer Content-Type: application/json; charset=utf-8 {"error":{"code":"Unauthorized","message":"Invalid Authorization payload.","target":"|bacd29ce-4fb3ae258a3201fc."}} At C:\Support\GitHub\GraphEssentials\Examples\GraphTest.ps1:5 char:1 + Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Method: GET, Re...4ea93e814321 }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest ```

Configuration

  • Windows 11 PS 7

Other information

Not relevant
@PrzemyslawKlys PrzemyslawKlys added status:waiting-for-triage An issue that is yet to be reviewed or assigned type:bug A broken experience labels Sep 20, 2024
@PrzemyslawKlys
Copy link
Author

It seems there are also graph.microsoft.com security endpoints as available:

And this works:

$T = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/security/alerts_v2" -Method Get -Verbose
$T.Value

So I would guess the question is - if that's the right approach and api.securitycenter.microsoft.com is deprecated?

@timayabi2020 timayabi2020 added Status: Needs Investigation and removed status:waiting-for-triage An issue that is yet to be reviewed or assigned labels Sep 23, 2024
@timayabi2020 timayabi2020 self-assigned this Sep 23, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@timayabi2020 timayabi2020

Labels
Status: Needs Investigation type:bug A broken experience
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@timayabi2020 @PrzemyslawKlys