列出 alertDefinitions
命名空间:microsoft.graph
重要
Microsoft Graph /beta
版本下的 API 可能会发生更改。 不支持在生产应用程序中使用这些 API。 若要确定 API 是否在 v1.0 中可用,请使用 版本 选择器。
获取 unifiedRoleManagementAlertDefinition 对象及其属性的列表。
此 API 可用于以下国家级云部署。
全局服务 | 美国政府 L4 | 美国政府 L5 (DOD) | 由世纪互联运营的中国 |
---|---|---|---|
✅ | ✅ | ✅ | ❌ |
权限
为此 API 选择标记为最低特权的权限。 只有在应用需要它时,才使用更高的特权权限。 有关委派权限和应用程序权限的详细信息,请参阅权限类型。 要了解有关这些权限的详细信息,请参阅 权限参考。
权限类型 | 最低特权权限 | 更高特权权限 |
---|---|---|
委派(工作或学校帐户) | RoleManagementAlert.Read.Directory | RoleManagementAlert.ReadWrite.Directory |
委派(个人 Microsoft 帐户) | 不支持。 | 不支持。 |
应用程序 | RoleManagementAlert.Read.Directory | RoleManagementAlert.ReadWrite.Directory |
重要
在具有工作或学校帐户的委托方案中,必须为登录用户分配受支持的Microsoft Entra角色或具有支持的角色权限的自定义角色。 此操作支持以下最低特权角色。
- 特权角色管理员
- 全局读取者
- 安全管理员
- 安全信息读取者
HTTP 请求
GET /identityGovernance/roleManagementAlerts/alertDefinitions?$filter=scopeId eq 'scopeId' and scopeType eq 'scopeType'
可选的查询参数
此方法支持 $select
、 $filter
和 $expand
OData 查询参数,以帮助自定义响应。 若要了解一般信息,请参阅 OData 查询参数。
请求标头
名称 | 说明 |
---|---|
Authorization | 持有者 {token}。 必填。 详细了解 身份验证和授权。 |
请求正文
请勿提供此方法的请求正文。
响应
如果成功,此方法在响应正文中返回响应 200 OK
代码和 unifiedRoleManagementAlertDefinition 对象的集合。
示例
请求
以下示例显示了一个请求。
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alertDefinitions?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alertDefinitions",
"value": [
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_InvalidLicenseAlert",
"displayName": "The organization doesn't have Azure AD Premium P2",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "Azure AD Privileged Identity Management requires a license, but the tenant either doesn't have an Azure AD Premium P2 license, or a trial license has expired. If you do not obtain a license, Azure AD Privileged Identity Management and its configuration will be removed from the tenant.",
"severityLevel": "high",
"securityImpact": "Administrators in the tenant will not be able to use Azure AD Privileged Identity Management for role activation, access reviews or other management tasks unless a license is present.",
"mitigationSteps": "Purchase a license plan which includes Azure AD Premium P2 for all users who will be interacting with Azure AD PIM or with Azure AD Identity Protection. More information on pricing and purchase options is at https://azure.microsoft.com/en-us/pricing/details/active-directory/",
"howToPrevent": "To dismiss this alert, ensure there is a license on the tenant for Azure AD Premium P2.",
"isRemediatable": false,
"isConfigurable": false
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_NoMfaOnRoleActivationAlert",
"displayName": "Roles don't require multi-factor authentication for activation",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "Roles are configured for activation without requiring multifactor authentication. This is highly discouraged.",
"severityLevel": "medium",
"securityImpact": "Without multi-factor authentication, compromised users can activate privileged roles.",
"mitigationSteps": "Review the list of roles and require multi-factor authentication for every role.",
"howToPrevent": "Every privileged role should be configured to require MFA for activation.",
"isRemediatable": true,
"isConfigurable": false
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_RedundantAssignmentAlert",
"displayName": "Eligible administrators aren't activating their privileged role",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "{0} user(s) haven't activated their privileged roles in the past {1} days",
"severityLevel": "low",
"securityImpact": "Users that have been assigned privileged roles they don't need increases the chance of an attack. It is also easier for attackers to remain unnoticed in accounts that are not actively being used.",
"mitigationSteps": "Review the users in the list and remove them from privileged roles they do not need.",
"howToPrevent": "·Assign privileged roles to users that have a business justification.·Schedule regular access reviews to verify that users still need their access.",
"isRemediatable": true,
"isConfigurable": true
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_RolesAssignedOutsidePimAlert",
"displayName": "Roles are being assigned outside of Privileged Identity Management",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "{0} privileged assignment(s) were made outisde of Azure AD PIM",
"severityLevel": "high",
"securityImpact": "Privileged role assignments made outside of Privileged Identity Management are not properly monitored and may indicate an active attack.",
"mitigationSteps": "Review the users in the list and remove them from privileged roles assigned outside of Privileged Identity Management.",
"howToPrevent": "Investigate where users are being assigned privileged roles outside of Privileged Identity Management and prohibit future assignments from there.",
"isRemediatable": true,
"isConfigurable": false
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_SequentialActivationRenewalsAlert",
"displayName": "Roles are being activated too frequently",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "{0} multiple activations for a privileged role were made by the same user",
"severityLevel": "medium",
"securityImpact": "Multiple activations to the same privileged role by the same user is a sign of an attack.",
"mitigationSteps": "Review the users in the list and ensure that the activation duration for their privileged role is set long enough for them to perform their tasks.",
"howToPrevent": "·Ensure that the activation duration for privileged roles is set long enough for users to perform their tasks.·Require multi-factor authentication for privileged roles that have accounts shared by multiple administrators.",
"isRemediatable": false,
"isConfigurable": true
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_StaleSignInAlert",
"displayName": "Potential stale accounts in a privileged role",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "{0} account(s) in privileged roles that have not signed in to Azure AD in the past {1} day(s)",
"severityLevel": "medium",
"securityImpact": "Accounts in a privileged role have not signed in recently. These accounts might be service or shared accounts that aren't being maintained and are vulnerable to attackers.",
"mitigationSteps": "Review the accounts in the list. If they no longer need access, remove them from their privileged roles.",
"howToPrevent": "Regularly review accounts with privileged roles using <a href=\"https://docs.microsoft.com/en-us/azure/active-directory/governance/access-reviews-overview\" target=\"_blank\" >access reviews</a> and remove role assignments which are no longer needed.",
"isRemediatable": true,
"isConfigurable": true
},
{
"id": "DirectoryRole_19356be4-7e93-4ed6-a7c6-0ae28454d125_TooManyGlobalAdminsAssignedToTenantAlert",
"displayName": "There are too many global administrators",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "The percentage of global administrators is high, relative to other privileged roles. It is recommended to use least privileged roles, with just enough privileges to perform the required tasks.",
"severityLevel": "low",
"securityImpact": "Global administrator is the highest privileged role. If a Global Administrator is compromised, the attacker gains access to all of their permissions, which puts your whole system at risk.",
"mitigationSteps": "·Review the users in the list and remove any that do not absolutely need the Global Administrator role.·Assign lower privileged roles to these users instead.",
"howToPrevent": "Assign users the least privileged role they need.",
"isRemediatable": true,
"isConfigurable": true
}
]
}