Gérer les alertes de sécurité pour les rôles Microsoft Entra à l’aide d’API PIM
Article
Privileged Identity Management (PIM) pour les rôles Microsoft Entra génère des alertes lorsqu’il détecte des paramètres suspects ou non sécurisés pour Microsoft Entra rôles dans votre locataire. Cet article décrit les scénarios de gestion des alertes PIM à l’aide de Microsoft Graph.
Les alertes de sécurité PIM se trouvent actuellement uniquement sur le point de /beta terminaison et ne sont disponibles que pour les rôles Microsoft Entra.
Dans cet article, vous appelez les API dans un scénario délégué.
Connectez-vous à un client API tel que Graph Explorer avec des privilèges d’administration pour gérer les règles PIM. Le rôle Administrateur de rôle privilégié est le rôle le moins privilégié suffisant pour gérer les règles PIM.
Seules les alertes relatives aux rôles intégrés Microsoft Entra et étendues au locataire (/) sont prises en charge et peuvent être récupérées à l’aide de la requête suivante. Le fait de ne pas spécifier l’étendue et le type d’étendue appropriés retournent une 400 Bad Request erreur.
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestFilter := "scopeId eq '/' and scopeType eq 'DirectoryRole'"
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.alerts_request_builder import AlertsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AlertsRequestBuilder.AlertsRequestBuilderGetQueryParameters(
filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.get(request_configuration = request_configuration)
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get()
Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z"
}
Obtenir une alerte de sécurité et développer les relations pour lire la définition, la configuration et les incidents
Demande
Vous pouvez lire une alerte de sécurité et sa définition, sa configuration et les incidents associés dans le locataire dans une seule requête. Développez toutes les relations à l’aide du caractère générique (*), ou développez les relations individuellement à l’aide $expand=alertDefinition,alertConfiguration,alertIncidentsde . Cette requête vous permet d’éviter de récupérer la définition, la configuration et les incidents d’alerte séparément, puis de les corréler à l’alerte.
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert?$expand=*
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "*" };
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetQueryParameters{
Expand: [] string {"*"},
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"*"};
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.item.unified_role_management_alert_item_request_builder import UnifiedRoleManagementAlertItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UnifiedRoleManagementAlertItemRequestBuilder.UnifiedRoleManagementAlertItemRequestBuilderGetQueryParameters(
expand = ["*"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get(request_configuration = request_configuration)
Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts(alertConfiguration(),alertDefinition(),alertIncidents())/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z",
"alertConfiguration": {
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeType": "DirectoryRole",
"scopeId": "/",
"isEnabled": true,
"globalAdminCountThreshold": 3,
"percentageOfGlobalAdminsOutOfRolesThreshold": 10
},
"alertDefinition": {
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"displayName": "There are too many global administrators",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "The percentage of global administrators is high, relative to other privileged roles. It is recommended to use least privileged roles, with just enough privileges to perform the required tasks.",
"severityLevel": "low",
"securityImpact": "Global administrator is the highest privileged role. If a Global Administrator is compromised, the attacker gains access to all of their permissions, which puts your whole system at risk.",
"mitigationSteps": "·Review the users in the list and remove any that do not absolutely need the Global Administrator role.·Assign lower privileged roles to these users instead.",
"howToPrevent": "Assign users the least privileged role they need.",
"isRemediatable": true,
"isConfigurable": true
},
"alertIncidents@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"alertIncidents": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@Contoso.com"
}
]
}
Obtenir les détails des incidents qui ont déclenché une alerte
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert/alertIncidents
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertIncidents, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertIncidentCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.get()
Remarque : l’objet de réponse affiché ci-après peut être raccourci pour plus de lisibilité.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')/alertIncidents?$select=id",
"value": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@contoso.com"
}
]
}
Ignorer une alerte
Vous ignorez une alerte en affectant à la propriété isActive la valeur true. Lorsque vous ignorez une alerte, PIM n’analyse plus l’alerte dans votre locataire à la recherche d’incidents. Les incidents existants peuvent toujours être interrogés, mais aucun nouvel incident n’est généré. Vous pouvez réactiver l’alerte en définissant la isActive propriété sur true ou en actualisant le type d’alerte.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleManagementAlert
{
IsActive = false,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlert()
isActive := false
requestBody.SetIsActive(&isActive)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert unifiedRoleManagementAlert = new UnifiedRoleManagementAlert();
unifiedRoleManagementAlert.setIsActive(false);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").patch(unifiedRoleManagementAlert);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleManagementAlert;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementAlert();
$requestBody->setIsActive(false);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->patch($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_management_alert import UnifiedRoleManagementAlert
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleManagementAlert(
is_active = False,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').patch(request_body)
Dans PIM, vous pouvez actualiser un seul type d’alerte ou toutes les alertes dans le locataire. Lorsque vous actualisez l’un ou l’autre type, PIM analyse le locataire à la recherche d’incidents qui correspondent aux alertes. Cette requête est une opération de longue durée et retourne un en-tête Location que vous pouvez utiliser pour interroger le status de l’opération, à savoir si l’actualisation a réussi ou échoué. Lors d’une actualisation réussie, PIM inclut des alertes que vous avez précédemment ignorées, réactive les alertes ignorées (mises à jour isActive vers true), et analyse et génère de nouveaux incidents pour les alertes.
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/refresh
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].Refresh.PostAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Refresh().Post(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").refresh().post();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->refresh()->post()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').refresh.post()
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh;
var requestBody = new RefreshPostRequestBody
{
ScopeId = "/",
ScopeType = "DirectoryRole",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestBody := graphidentitygovernance.NewRefreshPostRequestBody()
scopeId := "/"
requestBody.SetScopeId(&scopeId)
scopeType := "DirectoryRole"
requestBody.SetScopeType(&scopeType)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Refresh().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody refreshPostRequestBody = new com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody();
refreshPostRequestBody.setScopeId("/");
refreshPostRequestBody.setScopeType("DirectoryRole");
graphClient.identityGovernance().roleManagementAlerts().alerts().refresh().post(refreshPostRequestBody);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityGovernance\RoleManagementAlerts\Alerts\Refresh\RefreshPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RefreshPostRequestBody();
$requestBody->setScopeId('/');
$requestBody->setScopeType('DirectoryRole');
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->refresh()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identitygovernance.rolemanagementalerts.alerts.refresh.refresh_post_request_body import RefreshPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = RefreshPostRequestBody(
scope_id = "/",
scope_type = "DirectoryRole",
)
await graph_client.identity_governance.role_management_alerts.alerts.refresh.post(request_body)
La mise à jour d’une configuration d’alerte signifie modifier les paramètres spécifiques au locataire qui contrôlent la façon dont PIM analyse le locataire à la recherche d’incidents qui correspondent au type d’alerte. Par exemple, si vous souhaitez analyser l’alerte dans le locataire ou si vous pouvez modifier le seuil qui, lorsque le croisement déclenche un incident connu.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration
{
OdataType = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
IsEnabled = true,
GlobalAdminCountThreshold = 4,
PercentageOfGlobalAdminsOutOfRolesThreshold = 10,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.AlertConfigurations["{unifiedRoleManagementAlertConfiguration-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlertConfiguration()
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
globalAdminCountThreshold := int32(4)
requestBody.SetGlobalAdminCountThreshold(&globalAdminCountThreshold)
percentageOfGlobalAdminsOutOfRolesThreshold := int32(10)
requestBody.SetPercentageOfGlobalAdminsOutOfRolesThreshold(&percentageOfGlobalAdminsOutOfRolesThreshold)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertConfigurations, err := graphClient.IdentityGovernance().RoleManagementAlerts().AlertConfigurations().ByUnifiedRoleManagementAlertConfigurationId("unifiedRoleManagementAlertConfiguration-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
TooManyGlobalAdminsAssignedToTenantAlertConfiguration unifiedRoleManagementAlertConfiguration = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration();
unifiedRoleManagementAlertConfiguration.setOdataType("#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration");
unifiedRoleManagementAlertConfiguration.setIsEnabled(true);
unifiedRoleManagementAlertConfiguration.setGlobalAdminCountThreshold(4);
unifiedRoleManagementAlertConfiguration.setPercentageOfGlobalAdminsOutOfRolesThreshold(10);
UnifiedRoleManagementAlertConfiguration result = graphClient.identityGovernance().roleManagementAlerts().alertConfigurations().byUnifiedRoleManagementAlertConfigurationId("{unifiedRoleManagementAlertConfiguration-id}").patch(unifiedRoleManagementAlertConfiguration);
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.too_many_global_admins_assigned_to_tenant_alert_configuration import TooManyGlobalAdminsAssignedToTenantAlertConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TooManyGlobalAdminsAssignedToTenantAlertConfiguration(
odata_type = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
is_enabled = True,
global_admin_count_threshold = 4,
percentage_of_global_admins_out_of_roles_threshold = 10,
)
result = await graph_client.identity_governance.role_management_alerts.alert_configurations.by_unified_role_management_alert_configuration_id('unifiedRoleManagementAlertConfiguration-id').patch(request_body)
La correction d’un incident d’alerte signifie demander Microsoft Entra ID d’appliquer les étapes d’atténuation définies dans la définition de l’alerte. Par exemple, si la définition d’alerte recommande de supprimer un utilisateur d’un rôle, la correction de l’incident signifie qu’Microsoft Entra ID supprime l’utilisateur du rôle.
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/alertIncidents/9e864769-63e3-4635-8069-551bcd46183d/remediate
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents["{unifiedRoleManagementAlertIncident-id}"].Remediate.PostAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().ByUnifiedRoleManagementAlertIncidentId("unifiedRoleManagementAlertIncident-id").Remediate().Post(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().byUnifiedRoleManagementAlertIncidentId("{unifiedRoleManagementAlertIncident-id}").remediate().post();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->alertIncidents()->byUnifiedRoleManagementAlertIncidentId('unifiedRoleManagementAlertIncident-id')->remediate()->post()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.by_unified_role_management_alert_incident_id('unifiedRoleManagementAlertIncident-id').remediate.post()