CODEWITHSUNDEEP
microsoft-graph-apiidentity
sivabalaguru
sivabalaguru

Reputation: 39

Issue with dismissing Identity Risk Events via Graph API

I am trying to dismiss/close risk events using an automated process. For this we would need to make use of Graph API https://graph.microsoft.com/beta/riskyUsers/dismiss

I did searched for examples and couldn't find any.

I did tried using Post man by providing OAuth Bearer token in the header and I did tried with a PowerShell script and I also tried with .Net example provided in the page. None of them worked

PowerShell Code

{
$body       = @{grant_type="client_credentials";resource=$resource;client_id=$ClientID;client_secret=$ClientSecret} 
$oauthResponse      = Invoke-RestMethod -Method POST -Uri $loginURL/$TenantName/oauth2/token?api-version=1.0 -Body $body 
return $oauthResponse
}  
$loginURL       = "https://login.windows.net" 
$resource = "https://graph.microsoft.com"
$ClientSecret="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" 
$ClientID="xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx" 
$TenantName="xxxxx.com"
$oauth=RefreshToken -loginURL $loginURL -resource $resource -ClientID $ClientID -clientSecret $ClientSecret -tenantName $TenantName
$headerParams = @{'Authorization'="$($oauth.token_type) $($oauth.access_token)"}
$url="https://graph.microsoft.com/beta/riskyUsers/dismiss"
$userIds=@()
$userIds+="xxxxx-xxxxx-xxxxx-xxxxx-xxxxx"
$body=(@{"userIds"=$userIds})|convertto-json
$Response = Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url -Body $body -Method Post -ContentType "application/Json"

Response: Invoke-WebRequest : The remote server returned an error: (500) Internal Server Error. At C:\SourceCode\MIMSolution\PowerShellScripts\AzurePSMA\RiskyIdentityEvents\ExportScript_debug.ps1:19 char:13 + $Response = Invoke-WebRequest -UseBasicParsing -Headers $headerParams -Uri $url ... + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ + CategoryInfo : InvalidOperation: (System.Net.HttpWebRequest:HttpWebRequest) [Invoke-WebRequest], WebException + FullyQualifiedErrorId : WebCmdletWebResponseException,Microsoft.PowerShell.Commands.InvokeWebRequestCommand

C# Code:

 static void Main(string[] args)
        {
            var userIdsList = new List<String>();
            userIdsList.Add("xxxxx-xxxxx-xxxxx-xxxxx-xxxx");
             dismissUser(userIdsList);

        }

       static async void dismissUser(List<string> userIDs)

        {

            ClientCredential clientCredential = new ClientCredential("xxxxxxxxxxxxxxxxxxxxxxx");
            string clientId = "xxxxxxxxxxxxxxxxxxxxxx";
            IConfidentialClientApplication clientApplication = ClientCredentialProvider.CreateClientApplication(clientId, clientCredential);
            ClientCredentialProvider authProvider = new ClientCredentialProvider(clientApplication);
            GraphServiceClient graphClient = new GraphServiceClient(authProvider);
            await graphClient.RiskyUsers.Dismiss(userIDs).Request().PostAsync();
        }```

Exception:

{"Code: generalException\r\nMessage: An error occurred sending the request.\r\n"}

Inner Exception: 
{"Code: generalException\r\nMessage: Unexpected exception occured while authenticating the request.\r\n"}

Upvotes: 0

Views: 330

Answers (1)

sivabalaguru
sivabalaguru

Reputation: 39

Finally after multiple trails , I have figured out the solution: Issue was with the token which as OAuth 1.0 earlier.

I did fixed this snippet that request OAuth 2.0 and the issue resolved:

function RefreshToken($loginURL,$ClientID,$clientSecret,$tenantName) 
{ $body = @{grant_type="client_credentials";client_id=$ClientID;client_secret=$ClientSecret;scope="https://graph.microsoft.com/.default"}

$oauthResponse = Invoke-RestMethod -Method POST -Uri $loginURL/$TenantName/oauth2/v2.0/token -Body $body return $oauthResponse }

Upvotes: 0

Related Questions