Invoke-MgGraphRequest not working for "api.securitycenter.microsoft.com"
Opened this issue · 1 comments
PrzemyslawKlys commented
Describe the bug
I was trying to use Invoke-MgGraphRequest with api.securitycenter and it doesn't work. It works using old MSAL.PS methods so I would guess it's the same thing. Is that expected?
Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome
# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose
Expected behavior
Invoke-MgGraphRequest should work with all URL's
How to reproduce
Connect-MgGraph -Scopes 'User.Read.All', 'Directory.Read.All', 'SecurityIdentitiesHealth.Read.All', 'SecurityAlert.Read.All' -NoWelcome
# works
Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/v1.0/users" -Method Get -Verbose
# doesn't work
Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/api/alerts" -Method Get -Verbose
SDK Version
2.23.0
Latest version known to work for scenario above?
No response
Known Workarounds
MSAL.PS module
Debug output
Click to expand log
``` Invoke-MgGraphRequest : GET https://api.securitycenter.microsoft.com/api/alerts HTTP/1.1 401 Unauthorized Transfer-Encoding: chunked Connection: keep-alive Strict-Transport-Security: max-age=31536000; includeSubDomains Date: Fri, 20 Sep 2024 10:37:16 GMT WWW-Authenticate: Bearer Content-Type: application/json; charset=utf-8 {"error":{"code":"Unauthorized","message":"Invalid Authorization payload.","target":"|bacd29ce-4fb3ae258a3201fc."}} At C:\Support\GitHub\GraphEssentials\Examples\GraphTest.ps1:5 char:1 + Invoke-MgGraphRequest -Uri "https://api.securitycenter.microsoft.com/ ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (Method: GET, Re...4ea93e814321 }:HttpRequestMessage) [Invoke-MgGraphRequest], HttpResponseException + FullyQualifiedErrorId : InvokeGraphHttpResponseException,Microsoft.Graph.PowerShell.Authentication.Cmdlets.InvokeMgGraphRequest ```Configuration
- Windows 11 PS 7
Other information
Not relevant
PrzemyslawKlys commented
It seems there are also graph.microsoft.com security endpoints as available:
And this works:
$T = Invoke-MgGraphRequest -Uri "https://graph.microsoft.com/beta/security/alerts_v2" -Method Get -Verbose
$T.Value
So I would guess the question is - if that's the right approach and api.securitycenter.microsoft.com is deprecated?