1

What I need:

Get access to the Internet Message Id for an email related incident via the Microsoft Graph Security API

My problem:

I used Outlook's reporting module and marked an email that was in my inbox as Phishing. This then created an event in https://security.microsoft.com. See the below image. Incident ID 16. enter image description here

I put together a webhook that is able to pull alerts via the Microsoft Graph Security API. From this call I managed to retrieve the alert's ID. I then used that ID to get more information about the alert by using this call: (https://graph.microsoft.com/v1.0/security/alerts/{alert_id})

In the JSON body of the response there's a property called messageSecurityStates that is always empty. I found this link to Javadoc.io where the object's properties are described and it looks like this property should contain the Internet Message Id. But when querying the Microsoft Graph Security API, the object is always empty. enter image description here

Question:

What do I need to do to ensure that my email related alerts that are queried via the MS Graph Security API have email related information such as Internet Message Id?

Gloire
  • 1,103
  • 3
  • 17
  • 26
  • A related issue is reported at [Github](https://github.com/microsoftgraph/microsoft-graph-docs/issues/11483); have a look at it. – Dev Feb 04 '21 at 13:21
  • @Dev Yep, that's my Github user. Still haven't received any response from the Microsoft team on Github as well. – Gloire Feb 05 '21 at 09:36
  • Aaw, thanks for update. You did the right stuff to log the issue at Github as its directly looked by MSFT teams. Post the update once you hear from them, as it can be useful to others in the community as well. – Dev Feb 05 '21 at 15:53

0 Answers0