Gerir alertas de segurança para funções de Microsoft Entra com APIs PIM
Artigo
Privileged Identity Management (PIM) para Microsoft Entra funções gera alertas quando deteta definições suspeitas ou inseguras para Microsoft Entra funções no seu inquilino. Este artigo descreve cenários para gerir alertas PIM com o Microsoft Graph.
Inicie sessão num cliente de API, como o Graph Explorer com privilégios administrativos para gerir regras PIM. A função Administrador de Função Privilegiada é a função com menos privilégios suficiente para gerir regras PIM.
Conceda a si mesmo a permissão delegada RoleManagementAlert.ReadWrite.Directory .
Listar todos os alertas do PIM
Solicitação
Apenas os alertas relacionados com Microsoft Entra funções incorporadas e no âmbito do inquilino (/) são suportados e podem ser obtidos com o seguinte pedido. Não especificar o âmbito correto e scopeType devolve um 400 Bad Request erro.
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestFilter := "scopeId eq '/' and scopeType eq 'DirectoryRole'"
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.alerts_request_builder import AlertsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AlertsRequestBuilder.AlertsRequestBuilderGetQueryParameters(
filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.get(request_configuration = request_configuration)
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get()
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z"
}
Obter um alerta de segurança e expandir as relações para ler a definição, a configuração e os incidentes
Solicitação
Pode ler um alerta de segurança e a respetiva definição, configuração e incidentes relacionados no inquilino numa única consulta. Expanda todas as relações com o caráter universal (*) ou expanda as relações individualmente com $expand=alertDefinition,alertConfiguration,alertIncidents. Este pedido ajuda-o a evitar obter a definição de alerta, a configuração e os incidentes separadamente e, em seguida, correlacioná-los com o alerta.
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert?$expand=*
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "*" };
});
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetQueryParameters{
Expand: [] string {"*"},
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), configuration)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"*"};
});
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.item.unified_role_management_alert_item_request_builder import UnifiedRoleManagementAlertItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UnifiedRoleManagementAlertItemRequestBuilder.UnifiedRoleManagementAlertItemRequestBuilderGetQueryParameters(
expand = ["*"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get(request_configuration = request_configuration)
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts(alertConfiguration(),alertDefinition(),alertIncidents())/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z",
"alertConfiguration": {
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeType": "DirectoryRole",
"scopeId": "/",
"isEnabled": true,
"globalAdminCountThreshold": 3,
"percentageOfGlobalAdminsOutOfRolesThreshold": 10
},
"alertDefinition": {
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"displayName": "There are too many global administrators",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "The percentage of global administrators is high, relative to other privileged roles. It is recommended to use least privileged roles, with just enough privileges to perform the required tasks.",
"severityLevel": "low",
"securityImpact": "Global administrator is the highest privileged role. If a Global Administrator is compromised, the attacker gains access to all of their permissions, which puts your whole system at risk.",
"mitigationSteps": "·Review the users in the list and remove any that do not absolutely need the Global Administrator role.·Assign lower privileged roles to these users instead.",
"howToPrevent": "Assign users the least privileged role they need.",
"isRemediatable": true,
"isConfigurable": true
},
"alertIncidents@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"alertIncidents": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@Contoso.com"
}
]
}
Obter detalhes dos incidentes que acionaram um alerta
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert/alertIncidents
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents.GetAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertIncidents, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().Get(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertIncidentCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().get();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.get()
Observação: o objeto de resposta mostrado aqui pode ser encurtado para legibilidade.
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')/alertIncidents?$select=id",
"value": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@contoso.com"
}
]
}
Dispensar um alerta
Dispense um alerta ao definir a propriedade isActive como true. Ao dispensar um alerta, o PIM já não analisa o alerta no seu inquilino quanto a incidentes. Os incidentes existentes ainda podem ser consultados, mas não são gerados novos incidentes. Pode reativar o alerta ao definir a isActive propriedade para true ou atualizando o tipo de alerta.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleManagementAlert
{
IsActive = false,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlert()
isActive := false
requestBody.SetIsActive(&isActive)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert unifiedRoleManagementAlert = new UnifiedRoleManagementAlert();
unifiedRoleManagementAlert.setIsActive(false);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").patch(unifiedRoleManagementAlert);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleManagementAlert;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementAlert();
$requestBody->setIsActive(false);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->patch($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_management_alert import UnifiedRoleManagementAlert
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleManagementAlert(
is_active = False,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').patch(request_body)
No PIM, pode atualizar um único tipo de alerta ou todos os alertas no inquilino. Quando atualiza um dos tipos, o PIM analisa o inquilino quanto a incidentes que correspondam aos alertas. Este pedido é uma operação de execução prolongada e devolve um cabeçalho de Localização que pode utilizar para consultar a status da operação, quer a atualização tenha sido concluída com êxito ou falhada. Numa atualização bem-sucedida, o PIM inclui alertas que dispensou anteriormente, reativa alertas dispensados (atualizações isActive to true) e analisa e gera novos incidentes para os alertas.
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/refresh
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].Refresh.PostAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Refresh().Post(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").refresh().post();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->refresh()->post()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').refresh.post()
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh;
var requestBody = new RefreshPostRequestBody
{
ScopeId = "/",
ScopeType = "DirectoryRole",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh.PostAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestBody := graphidentitygovernance.NewRefreshPostRequestBody()
scopeId := "/"
requestBody.SetScopeId(&scopeId)
scopeType := "DirectoryRole"
requestBody.SetScopeType(&scopeType)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Refresh().Post(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody refreshPostRequestBody = new com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody();
refreshPostRequestBody.setScopeId("/");
refreshPostRequestBody.setScopeType("DirectoryRole");
graphClient.identityGovernance().roleManagementAlerts().alerts().refresh().post(refreshPostRequestBody);
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityGovernance\RoleManagementAlerts\Alerts\Refresh\RefreshPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RefreshPostRequestBody();
$requestBody->setScopeId('/');
$requestBody->setScopeType('DirectoryRole');
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->refresh()->post($requestBody)->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identitygovernance.rolemanagementalerts.alerts.refresh.refresh_post_request_body import RefreshPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = RefreshPostRequestBody(
scope_id = "/",
scope_type = "DirectoryRole",
)
await graph_client.identity_governance.role_management_alerts.alerts.refresh.post(request_body)
Atualizar uma configuração de alerta significa alterar as definições específicas do inquilino que controlam a forma como o PIM analisa o inquilino quanto a incidentes que correspondam ao tipo de alerta. Por exemplo, se pretende analisar o alerta no inquilino ou pode alterar o limiar que, quando cruzado, aciona um incidente conhecido.
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration
{
OdataType = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
IsEnabled = true,
GlobalAdminCountThreshold = 4,
PercentageOfGlobalAdminsOutOfRolesThreshold = 10,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.AlertConfigurations["{unifiedRoleManagementAlertConfiguration-id}"].PatchAsync(requestBody);
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlertConfiguration()
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
globalAdminCountThreshold := int32(4)
requestBody.SetGlobalAdminCountThreshold(&globalAdminCountThreshold)
percentageOfGlobalAdminsOutOfRolesThreshold := int32(10)
requestBody.SetPercentageOfGlobalAdminsOutOfRolesThreshold(&percentageOfGlobalAdminsOutOfRolesThreshold)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertConfigurations, err := graphClient.IdentityGovernance().RoleManagementAlerts().AlertConfigurations().ByUnifiedRoleManagementAlertConfigurationId("unifiedRoleManagementAlertConfiguration-id").Patch(context.Background(), requestBody, nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
TooManyGlobalAdminsAssignedToTenantAlertConfiguration unifiedRoleManagementAlertConfiguration = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration();
unifiedRoleManagementAlertConfiguration.setOdataType("#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration");
unifiedRoleManagementAlertConfiguration.setIsEnabled(true);
unifiedRoleManagementAlertConfiguration.setGlobalAdminCountThreshold(4);
unifiedRoleManagementAlertConfiguration.setPercentageOfGlobalAdminsOutOfRolesThreshold(10);
UnifiedRoleManagementAlertConfiguration result = graphClient.identityGovernance().roleManagementAlerts().alertConfigurations().byUnifiedRoleManagementAlertConfigurationId("{unifiedRoleManagementAlertConfiguration-id}").patch(unifiedRoleManagementAlertConfiguration);
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.too_many_global_admins_assigned_to_tenant_alert_configuration import TooManyGlobalAdminsAssignedToTenantAlertConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TooManyGlobalAdminsAssignedToTenantAlertConfiguration(
odata_type = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
is_enabled = True,
global_admin_count_threshold = 4,
percentage_of_global_admins_out_of_roles_threshold = 10,
)
result = await graph_client.identity_governance.role_management_alerts.alert_configurations.by_unified_role_management_alert_configuration_id('unifiedRoleManagementAlertConfiguration-id').patch(request_body)
Remediar um incidente de alerta significa pedir Microsoft Entra ID para aplicar os passos de mitigação definidos na definição de alerta. Por exemplo, se a definição de alerta recomendar que remova um utilizador de uma função, remediar o incidente significa que Microsoft Entra ID remove o utilizador da função.
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/alertIncidents/9e864769-63e3-4635-8069-551bcd46183d/remediate
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents["{unifiedRoleManagementAlertIncident-id}"].Remediate.PostAsync();
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().ByUnifiedRoleManagementAlertIncidentId("unifiedRoleManagementAlertIncident-id").Remediate().Post(context.Background(), nil)
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().byUnifiedRoleManagementAlertIncidentId("{unifiedRoleManagementAlertIncident-id}").remediate().post();
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->alertIncidents()->byUnifiedRoleManagementAlertIncidentId('unifiedRoleManagementAlertIncident-id')->remediate()->post()->wait();
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.by_unified_role_management_alert_incident_id('unifiedRoleManagementAlertIncident-id').remediate.post()