Microsoft introduces Defender for Identity Health Alert API: Enhance security integration and response

Microsoft Defender for Identity (MDI) is a cloud-based security solution that helps you monitor and protect identities & infrastructure across your organization.

Now, the Redmond tech giant has released a new feature, the Defender for Identity Health Alert API, which can be recognized as a direct line to keep tabs on your organization’s security health, and it could be a game-changer.

In the blog, Microsoft mentioned that these alerts could prove to be crucial in ensuring a secure environment and are into two main areas:

• Domain-related or aggregated health issues, listed on the Global health issues tab in the Microsoft 365 portal. 
• Sensor-specific health issues, listed on the Sensor health issues tab in the Microsoft 365 portal.  

Now that you know the areas it covers, let us talk about the benefits of Health API:

• Dashboarding – You can now seamlessly integrate MDI health alert information into your favorite dashboarding tool, which ensures real-time visibility.
• Automation – If you use ticketing systems for IT support, this new API enables automatic ticket creation when a new health alert is opened.
• Status updates – MDI closes a health alert automatically once it detects resolution. And, you can suppress the alerts for up to 7 days if you know the issues will last for a few days.

To start using the MDI health alerts APIs, you need to fulfill these requirements mentioned on the Microsoft website:

• Permissions: user requires at a minimum M365 role permission:  Authorization and settings –> System Setting –> Read only (Defender for Office, Defender for Identity). 
• Entra ID Enterprise Application consent permissions for Graph Explorer.
  • SecurityIdenitiesHeath
    • SecurityIdentitiesHealth.Read.All
    • SecurityIdentitiesHealthRead Write.All (only required to update the status of a health alert.) 

 

If you are wondering how to kickstart your journey with the MDI Health Alert API, you can use Graph Explorer. First, check you have the minimum necessary permissions, then mention the query in the Graph Explorer’s query bar. Now execute the query and start leveraging the MDI Health Alert API’s power. To check out the sample API queries, you can go to the official website.

To sum up, the newly introduced feature will strengthen your organization’s security further, thereby offering unparalleled visibility, automation, and better control over health alerts and issues.

Have you tried it yet? If yes, please share your experience with our readers in the comments section below.