alert resource type
Namespace: microsoft.graph.healthMonitoring
Important
APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.
Represents a system-detected health monitoring alert associated with common Microsoft Entra authentication and access management scenarios. Anomaly detection catches unusual patterns in health metrics data streams, for example, unusually high MFA sign-in failures, and surfaces these patterns in the form of alerts in Microsoft Entra Health monitoring.
Inherits from microsoft.graph.entity.
Methods
| Method | Return type | Description |
|---|---|---|
| List | microsoft.graph.healthMonitoring.alert collection | Get a list of the microsoft.graph.healthMonitoring.alert objects and their properties. |
| Get | microsoft.graph.healthMonitoring.alert | Read the properties and relationships of a microsoft.graph.healthMonitoring.alert object. |
| Update | microsoft.graph.healthMonitoring.alert | Update the properties of a microsoft.graph.healthMonitoring.alert object. |
Properties
| Property | Type | Description |
|---|---|---|
| alertType | microsoft.graph.healthMonitoring.alertType | Indicates which type of scenario an alert is associated with. The possible values are: unknown, mfaSignInFailure, managedDeviceSignInFailure, compliantDeviceSignInFailure, unknownFutureValue. Supports $filter (eq). |
| category | microsoft.graph.healthMonitoring.category | The classification that groups the scenario. The possible values are: unknown, authentication, unknownFutureValue. |
| createdDateTime | DateTimeOffset | The time when Microsoft Entra Health monitoring generated the alert. Supports $orderby. |
| documentation | microsoft.graph.healthMonitoring.documentation | A key-value pair that contains the name of and link to the documentation to aid in investigation of the alert. |
| enrichment | microsoft.graph.healthMonitoring.enrichment | Investigative information on the alert. This information typically includes counts of impacted objects, which include directory objects such as users, groups, and devices, and a pointer to supporting data. |
| id | String | The unique GUID identifier of this alert in the associated tenant. Inherited from microsoft.graph.entity. |
| scenario | microsoft.graph.healthMonitoring.scenario | The area being monitored on the system that is emitting the source signals. The possible values are: unknown, mfa, devices, unknownFutureValue. |
| signals | microsoft.graph.healthMonitoring.signals | The collection of signals that were used in the generation of the alert. These signals are sourced from serviceActivity APIs and are added to the alert as key-value pairs. |
| state | microsoft.graph.healthMonitoring.alertState | The current lifecycle state of the alert. The possible values are: active, resolved, unknownFutureValue. |
Relationships
None.
JSON representation
The following JSON representation shows the resource type.
{
"@odata.type": "#microsoft.graph.healthMonitoring.alert",
"id": "String (identifier)",
"alertType": "String",
"scenario": "String",
"category": "String",
"createdDateTime": "String (timestamp)",
"state": "String",
"enrichment": {
"@odata.type": "microsoft.graph.healthMonitoring.enrichment"
},
"signals": {
"@odata.type": "microsoft.graph.healthMonitoring.signals"
},
"documentation": {
"@odata.type": "microsoft.graph.healthMonitoring.documentation"
}
}