alert resource type

Namespace: microsoft.graph.healthMonitoring

Important

APIs under the /beta version in Microsoft Graph are subject to change. Use of these APIs in production applications is not supported. To determine whether an API is available in v1.0, use the Version selector.

Represents a system-detected health monitoring alert associated with common Microsoft Entra authentication and access management scenarios. Anomaly detection catches unusual patterns in health metrics data streams, for example, unusually high MFA sign-in failures, and surfaces these patterns in the form of alerts in Microsoft Entra Health monitoring.

Inherits from microsoft.graph.entity.

Methods

Method Return type Description
List microsoft.graph.healthMonitoring.alert collection Get a list of the microsoft.graph.healthMonitoring.alert objects and their properties.
Get microsoft.graph.healthMonitoring.alert Read the properties and relationships of a microsoft.graph.healthMonitoring.alert object.
Update microsoft.graph.healthMonitoring.alert Update the properties of a microsoft.graph.healthMonitoring.alert object.

Properties

Property Type Description
alertType microsoft.graph.healthMonitoring.alertType Indicates which type of scenario an alert is associated with. The possible values are: unknown, mfaSignInFailure, managedDeviceSignInFailure, compliantDeviceSignInFailure, unknownFutureValue. Supports $filter (eq).
category microsoft.graph.healthMonitoring.category The classification that groups the scenario. The possible values are: unknown, authentication, unknownFutureValue.
createdDateTime DateTimeOffset The time when Microsoft Entra Health monitoring generated the alert. Supports $orderby.
documentation microsoft.graph.healthMonitoring.documentation A key-value pair that contains the name of and link to the documentation to aid in investigation of the alert.
enrichment microsoft.graph.healthMonitoring.enrichment Investigative information on the alert. This information typically includes counts of impacted objects, which include directory objects such as users, groups, and devices, and a pointer to supporting data.
id String The unique GUID identifier of this alert in the associated tenant. Inherited from microsoft.graph.entity.
scenario microsoft.graph.healthMonitoring.scenario The area being monitored on the system that is emitting the source signals. The possible values are: unknown, mfa, devices, unknownFutureValue.
signals microsoft.graph.healthMonitoring.signals The collection of signals that were used in the generation of the alert. These signals are sourced from serviceActivity APIs and are added to the alert as key-value pairs.
state microsoft.graph.healthMonitoring.alertState The current lifecycle state of the alert. The possible values are: active, resolved, unknownFutureValue.

Relationships

None.

JSON representation

The following JSON representation shows the resource type.

{
  "@odata.type": "#microsoft.graph.healthMonitoring.alert",
  "id": "String (identifier)",
  "alertType": "String",
  "scenario": "String",
  "category": "String",
  "createdDateTime": "String (timestamp)",
  "state": "String",
  "enrichment": {
    "@odata.type": "microsoft.graph.healthMonitoring.enrichment"
  },
  "signals": {
    "@odata.type": "microsoft.graph.healthMonitoring.signals"
  },
  "documentation": {
    "@odata.type": "microsoft.graph.healthMonitoring.documentation"
  }
}