Privileged Identity Management (Microsoft Entra角色的 PIM) 在检测到租户中Microsoft Entra角色的可疑或不安全设置时会生成警报。 本文介绍使用 Microsoft Graph 管理 PIM 警报的方案。
有关用于管理 PIM 安全警报的 API 资源的详细信息,请参阅Microsoft Entra角色的安全警报。
注意
PIM 安全警报当前仅在终结点上/beta,仅适用于Microsoft Entra角色。
先决条件
列出所有 PIM 警报
请求
仅支持与Microsoft Entra内置角色相关且范围限定为租户 (/) 的警报。 可以使用以下请求检索这些警报。 如果未指定正确的 scope 和 scopeType,则请求将返回错误 400 Bad Request 。
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts?$filter=scopeId eq '/' and scopeType eq 'DirectoryRole'
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestFilter := "scopeId eq '/' and scopeType eq 'DirectoryRole'"
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetQueryParameters{
Filter: &requestFilter,
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Get(context.Background(), configuration)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().get(requestConfiguration -> {
requestConfiguration.queryParameters.filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
});
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
let alerts = await client.api('/identityGovernance/roleManagementAlerts/alerts')
.version('beta')
.filter('scopeId eq \'/\' and scopeType eq \'DirectoryRole\'')
.get();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityGovernance\RoleManagementAlerts\Alerts\AlertsRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new AlertsRequestBuilderGetRequestConfiguration();
$queryParameters = AlertsRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'";
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->get($requestConfiguration)->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceRoleManagementAlert -Filter "scopeId eq '/' and scopeType eq 'DirectoryRole'"
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.alerts_request_builder import AlertsRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = AlertsRequestBuilder.AlertsRequestBuilderGetQueryParameters(
filter = "scopeId eq '/' and scopeType eq 'DirectoryRole'",
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.get(request_configuration = request_configuration)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts?$select=alertDefinitionId,incidentCount",
"value": [
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_InvalidLicenseAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_InvalidLicenseAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:05:57.457Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_NoMfaOnRoleActivationAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_NoMfaOnRoleActivationAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:06:01.25Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RedundantAssignmentAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RedundantAssignmentAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:06:00.603Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:05:57.78Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_SequentialActivationRenewalsAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_SequentialActivationRenewalsAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:05:57.857Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_StaleSignInAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_StaleSignInAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 0,
"isActive": false,
"lastModifiedDateTime": "0001-01-01T08:00:00Z",
"lastScannedDateTime": "2023-09-20T17:06:03.117Z"
},
{
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z"
}
]
}
获取 PIM 警报
请求
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
let unifiedRoleManagementAlert = await client.api('/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')
.version('beta')
.get();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->get()->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceRoleManagementAlert -UnifiedRoleManagementAlertId $unifiedRoleManagementAlertId
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get()
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z"
}
获取安全警报并展开关系以读取定义、配置和事件
请求
可以在单个查询中读取租户中的安全警报及其定义、配置和相关事件。 使用通配符 (*) 展开所有关系,或使用 单独 $expand=alertDefinition,alertConfiguration,alertIncidents展开关系。 此请求有助于避免单独检索警报定义、配置和事件,然后将其关联到警报。
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert?$expand=*
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].GetAsync((requestConfiguration) =>
{
requestConfiguration.QueryParameters.Expand = new string []{ "*" };
});
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestParameters := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetQueryParameters{
Expand: [] string {"*"},
}
configuration := &graphidentitygovernance.RoleManagementAlertsAlertsItemRequestBuilderGetRequestConfiguration{
QueryParameters: requestParameters,
}
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Get(context.Background(), configuration)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").get(requestConfiguration -> {
requestConfiguration.queryParameters.expand = new String []{"*"};
});
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityGovernance\RoleManagementAlerts\Alerts\Item\UnifiedRoleManagementAlertItemRequestBuilderGetRequestConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestConfiguration = new UnifiedRoleManagementAlertItemRequestBuilderGetRequestConfiguration();
$queryParameters = UnifiedRoleManagementAlertItemRequestBuilderGetRequestConfiguration::createQueryParameters();
$queryParameters->expand = ["*"];
$requestConfiguration->queryParameters = $queryParameters;
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->get($requestConfiguration)->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceRoleManagementAlert -UnifiedRoleManagementAlertId $unifiedRoleManagementAlertId -ExpandProperty "*"
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identity_governance.role_management_alerts.alerts.item.unified_role_management_alert_item_request_builder import UnifiedRoleManagementAlertItemRequestBuilder
from kiota_abstractions.base_request_configuration import RequestConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
query_params = UnifiedRoleManagementAlertItemRequestBuilder.UnifiedRoleManagementAlertItemRequestBuilderGetQueryParameters(
expand = ["*"],
)
request_configuration = RequestConfiguration(
query_parameters = query_params,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').get(request_configuration = request_configuration)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts(alertConfiguration(),alertDefinition(),alertIncidents())/$entity",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')?$select=alertDefinitionId,incidentCount",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeId": "/",
"scopeType": "DirectoryRole",
"incidentCount": 7,
"isActive": true,
"lastModifiedDateTime": "2023-09-20T17:06:01.363Z",
"lastScannedDateTime": "2023-09-20T17:06:01.363Z",
"alertConfiguration": {
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"alertDefinitionId": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"scopeType": "DirectoryRole",
"scopeId": "/",
"isEnabled": true,
"globalAdminCountThreshold": 3,
"percentageOfGlobalAdminsOutOfRolesThreshold": 10
},
"alertDefinition": {
"id": "DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert",
"displayName": "There are too many global administrators",
"scopeType": "DirectoryRole",
"scopeId": "/",
"description": "The percentage of global administrators is high, relative to other privileged roles. It is recommended to use least privileged roles, with just enough privileges to perform the required tasks.",
"severityLevel": "low",
"securityImpact": "Global administrator is the highest privileged role. If a Global Administrator is compromised, the attacker gains access to all of their permissions, which puts your whole system at risk.",
"mitigationSteps": "·Review the users in the list and remove any that do not absolutely need the Global Administrator role.·Assign lower privileged roles to these users instead.",
"howToPrevent": "Assign users the least privileged role they need.",
"isRemediatable": true,
"isConfigurable": true
},
"alertIncidents@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"alertIncidents": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@Contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@Contoso.com"
}
]
}
获取触发警报的事件的详细信息
请求
GET https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert/alertIncidents
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents.GetAsync();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertIncidents, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().Get(context.Background(), nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlertIncidentCollectionResponse result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().get();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
let alertIncidents = await client.api('/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert/alertIncidents')
.version('beta')
.get();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->alertIncidents()->get()->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Get-MgBetaIdentityGovernanceRoleManagementAlertIncident -UnifiedRoleManagementAlertId $unifiedRoleManagementAlertId
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.get()
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
以下示例显示了相应的响应。
注意:为了提高可读性,可能缩短了此处显示的响应对象。
HTTP/1.1 200 OK
Content-Type: application/json
{
"@odata.context": "https://graph.microsoft.com/beta/$metadata#identityGovernance/roleManagementAlerts/alerts('DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')/alertIncidents",
"@microsoft.graph.tips": "Use $select to choose only the properties your app needs, as this can lead to performance improvements. For example: GET identityGovernance/roleManagementAlerts/alerts('<key>')/alertIncidents?$select=id",
"value": [
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeId": "143ebd3d-e522-485c-aa52-94675ee83e6c",
"assigneeDisplayName": "Lidia Holloway",
"assigneeUserPrincipalName": "LidiaH@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeId": "2832ca72-700e-4f20-a3c7-97028803a95b",
"assigneeDisplayName": "Microsoft Service Account",
"assigneeUserPrincipalName": "ms-serviceaccount@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeId": "308110a6-4f71-49c2-bbef-c6dbda50b392",
"assigneeDisplayName": "Allan Deyoung",
"assigneeUserPrincipalName": "AllanD@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeId": "31336492-bf1b-48bb-a072-e554e4f992fc",
"assigneeDisplayName": "Megan Bowen",
"assigneeUserPrincipalName": "MeganB@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeId": "60caa50f-7863-4f48-bf97-2a8fb990b681",
"assigneeDisplayName": "MOD Administrator",
"assigneeUserPrincipalName": "admin@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeId": "6dd82b18-d45f-4346-bf87-e9700db41849",
"assigneeDisplayName": "Nestor Wilke",
"assigneeUserPrincipalName": "NestorW@contoso.com"
},
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertIncident",
"id": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeId": "87404028-0c5b-4d0a-9d9d-3150e4b5ce74",
"assigneeDisplayName": "Isaiah Langer",
"assigneeUserPrincipalName": "IsaiahL@contoso.com"
}
]
}
消除警报
通过将 isActive 属性设置为 来 false消除警报。 消除警报时,PIM 不再扫描租户中的警报以查找事件。 仍可查询现有事件,但不会生成新事件。 可以通过将 属性设置为 isActivetrue 或 刷新警报类型来重新启用警报。
请求返回 204 No Content 响应。
PATCH https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert
Content-Type: application/json
{
"isActive": false
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new UnifiedRoleManagementAlert
{
IsActive = false,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].PatchAsync(requestBody);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlert()
isActive := false
requestBody.SetIsActive(&isActive)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alerts, err := graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Patch(context.Background(), requestBody, nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
UnifiedRoleManagementAlert unifiedRoleManagementAlert = new UnifiedRoleManagementAlert();
unifiedRoleManagementAlert.setIsActive(false);
UnifiedRoleManagementAlert result = graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").patch(unifiedRoleManagementAlert);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementAlert = {
isActive: false
};
await client.api('/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert')
.version('beta')
.update(unifiedRoleManagementAlert);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\UnifiedRoleManagementAlert;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new UnifiedRoleManagementAlert();
$requestBody->setIsActive(false);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->patch($requestBody)->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.unified_role_management_alert import UnifiedRoleManagementAlert
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = UnifiedRoleManagementAlert(
is_active = False,
)
result = await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').patch(request_body)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
刷新警报
在 PIM 中,可以刷新租户中的单个警报类型或所有警报。 刷新任一类型时,PIM 会扫描租户中与警报匹配的事件。 此请求是一个长时间运行的作,并返回一个 Location 标头,可用于轮询作的状态 - 刷新是成功还是失败。 在成功刷新中,PIM 包括以前消除的警报、重新激活已消除的警报 (更新 对) 处于活动状态true ,以及扫描并生成警报的新事件。
刷新单个警报类型
请求
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/refresh
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].Refresh.PostAsync();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").Refresh().Post(context.Background(), nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").refresh().post();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
await client.api('/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/refresh')
.version('beta')
.post();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->refresh()->post()->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Update-MgBetaIdentityGovernanceRoleManagementAlert -UnifiedRoleManagementAlertId $unifiedRoleManagementAlertId
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').refresh.post()
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
HTTP/1.1 202 Accepted
Location: https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/operations/refresh:DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert
刷新租户中的所有警报类型
请求
仅支持租户范围 (/) 和 DirectoryRole 范围类型。
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/refresh
Content-Type: application/json
{
"scopeId" : "/",
"scopeType" : "DirectoryRole"
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh;
var requestBody = new RefreshPostRequestBody
{
ScopeId = "/",
ScopeType = "DirectoryRole",
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts.Refresh.PostAsync(requestBody);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphidentitygovernance "github.com/microsoftgraph/msgraph-beta-sdk-go/identitygovernance"
//other-imports
)
requestBody := graphidentitygovernance.NewRefreshPostRequestBody()
scopeId := "/"
requestBody.SetScopeId(&scopeId)
scopeType := "DirectoryRole"
requestBody.SetScopeType(&scopeType)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().Refresh().Post(context.Background(), requestBody, nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody refreshPostRequestBody = new com.microsoft.graph.beta.identitygovernance.rolemanagementalerts.alerts.refresh.RefreshPostRequestBody();
refreshPostRequestBody.setScopeId("/");
refreshPostRequestBody.setScopeType("DirectoryRole");
graphClient.identityGovernance().roleManagementAlerts().alerts().refresh().post(refreshPostRequestBody);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
const refresh = {
scopeId: '/',
scopeType: 'DirectoryRole'
};
await client.api('/identityGovernance/roleManagementAlerts/alerts/refresh')
.version('beta')
.post(refresh);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\IdentityGovernance\RoleManagementAlerts\Alerts\Refresh\RefreshPostRequestBody;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new RefreshPostRequestBody();
$requestBody->setScopeId('/');
$requestBody->setScopeType('DirectoryRole');
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->refresh()->post($requestBody)->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.identitygovernance.rolemanagementalerts.alerts.refresh.refresh_post_request_body import RefreshPostRequestBody
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = RefreshPostRequestBody(
scope_id = "/",
scope_type = "DirectoryRole",
)
await graph_client.identity_governance.role_management_alerts.alerts.refresh.post(request_body)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
HTTP/1.1 202 Accepted
Location: https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/operations/refresh:DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert
更新警报配置
更新警报配置意味着更改特定于租户的设置,这些设置控制 PIM 如何扫描租户以查找与警报类型匹配的事件。 例如,可以更改是扫描租户中的警报,也可以更改在越界时触发已知事件的阈值。
PATCH https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alertConfigurations/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert
Content-Type: application/json
{
"@odata.type": "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
"isEnabled": true,
"globalAdminCountThreshold": 4,
"percentageOfGlobalAdminsOutOfRolesThreshold": 10
}
// Code snippets are only available for the latest version. Current version is 5.x
// Dependencies
using Microsoft.Graph.Beta.Models;
var requestBody = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration
{
OdataType = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
IsEnabled = true,
GlobalAdminCountThreshold = 4,
PercentageOfGlobalAdminsOutOfRolesThreshold = 10,
};
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
var result = await graphClient.IdentityGovernance.RoleManagementAlerts.AlertConfigurations["{unifiedRoleManagementAlertConfiguration-id}"].PatchAsync(requestBody);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
graphmodels "github.com/microsoftgraph/msgraph-beta-sdk-go/models"
//other-imports
)
requestBody := graphmodels.NewUnifiedRoleManagementAlertConfiguration()
isEnabled := true
requestBody.SetIsEnabled(&isEnabled)
globalAdminCountThreshold := int32(4)
requestBody.SetGlobalAdminCountThreshold(&globalAdminCountThreshold)
percentageOfGlobalAdminsOutOfRolesThreshold := int32(10)
requestBody.SetPercentageOfGlobalAdminsOutOfRolesThreshold(&percentageOfGlobalAdminsOutOfRolesThreshold)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
alertConfigurations, err := graphClient.IdentityGovernance().RoleManagementAlerts().AlertConfigurations().ByUnifiedRoleManagementAlertConfigurationId("unifiedRoleManagementAlertConfiguration-id").Patch(context.Background(), requestBody, nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
TooManyGlobalAdminsAssignedToTenantAlertConfiguration unifiedRoleManagementAlertConfiguration = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration();
unifiedRoleManagementAlertConfiguration.setOdataType("#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration");
unifiedRoleManagementAlertConfiguration.setIsEnabled(true);
unifiedRoleManagementAlertConfiguration.setGlobalAdminCountThreshold(4);
unifiedRoleManagementAlertConfiguration.setPercentageOfGlobalAdminsOutOfRolesThreshold(10);
UnifiedRoleManagementAlertConfiguration result = graphClient.identityGovernance().roleManagementAlerts().alertConfigurations().byUnifiedRoleManagementAlertConfigurationId("{unifiedRoleManagementAlertConfiguration-id}").patch(unifiedRoleManagementAlertConfiguration);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
const unifiedRoleManagementAlertConfiguration = {
'@odata.type': '#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration',
isEnabled: true,
globalAdminCountThreshold: 4,
percentageOfGlobalAdminsOutOfRolesThreshold: 10
};
await client.api('/identityGovernance/roleManagementAlerts/alertConfigurations/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_TooManyGlobalAdminsAssignedToTenantAlert')
.version('beta')
.update(unifiedRoleManagementAlertConfiguration);
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
use Microsoft\Graph\Beta\Generated\Models\TooManyGlobalAdminsAssignedToTenantAlertConfiguration;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$requestBody = new TooManyGlobalAdminsAssignedToTenantAlertConfiguration();
$requestBody->setOdataType('#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration');
$requestBody->setIsEnabled(true);
$requestBody->setGlobalAdminCountThreshold(4);
$requestBody->setPercentageOfGlobalAdminsOutOfRolesThreshold(10);
$result = $graphServiceClient->identityGovernance()->roleManagementAlerts()->alertConfigurations()->byUnifiedRoleManagementAlertConfigurationId('unifiedRoleManagementAlertConfiguration-id')->patch($requestBody)->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
$params = @{
"@odata.type" = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration"
isEnabled = $true
globalAdminCountThreshold =
percentageOfGlobalAdminsOutOfRolesThreshold =
}
Update-MgBetaIdentityGovernanceRoleManagementAlertConfiguration -UnifiedRoleManagementAlertConfigurationId $unifiedRoleManagementAlertConfigurationId -BodyParameter $params
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
from msgraph_beta.generated.models.too_many_global_admins_assigned_to_tenant_alert_configuration import TooManyGlobalAdminsAssignedToTenantAlertConfiguration
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
request_body = TooManyGlobalAdminsAssignedToTenantAlertConfiguration(
odata_type = "#microsoft.graph.tooManyGlobalAdminsAssignedToTenantAlertConfiguration",
is_enabled = True,
global_admin_count_threshold = 4,
percentage_of_global_admins_out_of_roles_threshold = 10,
)
result = await graph_client.identity_governance.role_management_alerts.alert_configurations.by_unified_role_management_alert_configuration_id('unifiedRoleManagementAlertConfiguration-id').patch(request_body)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
请求返回 204 No Content 响应。
修正警报事件意味着请求Microsoft Entra ID应用警报定义中定义的缓解步骤。 例如,如果警报定义建议从角色中删除用户,则修正事件意味着Microsoft Entra ID从角色中删除该用户。
请求
POST https://graph.microsoft.com/beta/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/alertIncidents/9e864769-63e3-4635-8069-551bcd46183d/remediate
// Code snippets are only available for the latest version. Current version is 5.x
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=csharp
await graphClient.IdentityGovernance.RoleManagementAlerts.Alerts["{unifiedRoleManagementAlert-id}"].AlertIncidents["{unifiedRoleManagementAlertIncident-id}"].Remediate.PostAsync();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest major version. Current major version is $v0.*
// Dependencies
import (
"context"
msgraphsdk "github.com/microsoftgraph/msgraph-beta-sdk-go"
//other-imports
)
// To initialize your graphClient, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=go
graphClient.IdentityGovernance().RoleManagementAlerts().Alerts().ByUnifiedRoleManagementAlertId("unifiedRoleManagementAlert-id").AlertIncidents().ByUnifiedRoleManagementAlertIncidentId("unifiedRoleManagementAlertIncident-id").Remediate().Post(context.Background(), nil)
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
// Code snippets are only available for the latest version. Current version is 6.x
GraphServiceClient graphClient = new GraphServiceClient(requestAdapter);
graphClient.identityGovernance().roleManagementAlerts().alerts().byUnifiedRoleManagementAlertId("{unifiedRoleManagementAlert-id}").alertIncidents().byUnifiedRoleManagementAlertIncidentId("{unifiedRoleManagementAlertIncident-id}").remediate().post();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
const options = {
authProvider,
};
const client = Client.init(options);
await client.api('/identityGovernance/roleManagementAlerts/alerts/DirectoryRole_3b0e753b-22fa-4c16-9bf2-470b80be80d6_RolesAssignedOutsidePimAlert/alertIncidents/9e864769-63e3-4635-8069-551bcd46183d/remediate')
.version('beta')
.post();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
<?php
use Microsoft\Graph\Beta\GraphServiceClient;
$graphServiceClient = new GraphServiceClient($tokenRequestContext, $scopes);
$graphServiceClient->identityGovernance()->roleManagementAlerts()->alerts()->byUnifiedRoleManagementAlertId('unifiedRoleManagementAlert-id')->alertIncidents()->byUnifiedRoleManagementAlertIncidentId('unifiedRoleManagementAlertIncident-id')->remediate()->post()->wait();
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
Import-Module Microsoft.Graph.Beta.Identity.Governance
Invoke-MgBetaRemediateIdentityGovernanceRoleManagementAlertIncident -UnifiedRoleManagementAlertId $unifiedRoleManagementAlertId -UnifiedRoleManagementAlertIncidentId $unifiedRoleManagementAlertIncidentId
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
# Code snippets are only available for the latest version. Current version is 1.x
from msgraph_beta import GraphServiceClient
# To initialize your graph_client, see https://learn.microsoft.com/en-us/graph/sdks/create-client?from=snippets&tabs=python
await graph_client.identity_governance.role_management_alerts.alerts.by_unified_role_management_alert_id('unifiedRoleManagementAlert-id').alert_incidents.by_unified_role_management_alert_incident_id('unifiedRoleManagementAlertIncident-id').remediate.post()
请阅读 SDK 文档,了解如何将 SDK 添加到项目并创建 authProvider 实例的详细信息。
响应
HTTP/1.1 200 OK
相关内容