Microsoft Graph API Connector

overview the microsoft graph api connector facilitates seamless integration with microsoft's cloud services, enabling automated interactions with various microsoft resources within swimlane turbine microsoft graph api serves as a unified gateway to data and intelligence in microsoft 365, providing secure access to a wealth of resources including users, mail, files, and more this connector allows users to automate complex workflows, enhance security automation, streamline processes, and efficiently manage microsoft services without manual intervention limitations refer to the limitations section regarding $filter and $orderby usage, license assignment requirements, and additional field mapping for security alerts supported versions this connector supports microsoft graph api v1 0 and beta endpoints as applicable additional documentation prerequisites to utilize the microsoft graph api connector, ensure you have oauth 2 0 client credentials authentication with the following url client id client secret token url scope client credentials with tenant id authentication url client id client secret tenant id scope delegated flow (password grant) authentication url tenant id username password client id client secret login url (optional) scope (optional) authentication methods oauth 2 0 client credentials url, client id, client secret, token url, scope password grant (delegated authentication) url, tenant id, oauth un, oauth pwd, oauth cl id, oauth cl secret, login url (optional), scope (optional) asset credentials specific to your organization url, client id, client secret, tenant id, scope capabilities this connector provides the following capabilities security alert management (get, update, list alerts) user management (update user, reset password, revoke session) email operations (get emails, send email, delete email) sharepoint operations (create lists, manage files and lists) threat intelligence (create and get threat indicators) incident management (create, get, update incidents) audit logs (get signins, list audit logs) administrative actions (add/remove group members, license management) risk management (get risk detections, security actions) asset setup client credential flow authentication follow these steps to create an azure app register a new app in azure ad via app registration page https //portal azure com/#blade/microsoft aad registeredapps/applicationslistblade configure api permissions as needed generate client secret collect client id and tenant id from the overview tab password flow (delegated auth) use delegated permissions and obtain username and password alongside client id, tenant id, and client secret limit access to specific mailboxes use the powershell command new applicationaccesspolicy to restrict application access action setup odata filters refer to odata filter documentation https //docs microsoft com/en us/graph/query parameters#filter parameter for proper formatting well known folders use well known folder names from mailfolder api reference https //docs microsoft com/en us/graph/api/resources/mailfolder?view=graph rest 1 0 sites actions (get site, create list) requires site hostname and site name extracted from sharepoint urls sharepoint columns setup refer to column definition documentation https //docs microsoft com/en us/graph/api/resources/columndefinition?view=graph rest 1 0#properties for valid property configurations when creating lists or list columns notes introduction to microsoft graph api https //social technet microsoft com/wiki/contents/articles/33525 an introduction to microsoft graph api aspxmicrosoft graph security api homepage https //www microsoft com/en us/security/intelligence security apiazure ad oauth2 flow documentation https //docs microsoft com/en us/azure/active directory/develop/v1 protocols oauth codeoauthlib legacy application client https //requests oauthlib readthedocs io/en/latest/oauth2 workflow\ html#legacy application flowmicrosoft graph reports audit logs api https //learn microsoft com/en us/graph/api/resources/azure ad auditlog overview?view=graph rest 1 0