Skip to main content

API calls for Microsoft Entra ID

The Microsoft Entra ID connector makes API calls to Microsoft Graph API to retrieve data.

Authentication token

The call uses the POST operation to retrieve an auth token used in other Graph API calls.

URI: https://login.microsoftonline.com/{tenantId}/oauth2/v2.0/token

For more information, see Microsoft Graph docs .

Users

The call uses the GET operation to retrieve information about Microsoft Entra users. The call differs depending on how the Domains field is populated when adding the connector.

URI when populated with *: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}

URI when populated with domains: https://graph.microsoft.com/v1.0/users?$select={userColumns}&$top={maxUsers}&$count=true&ConsistencyLevel=eventual&$filter=endswith(mail,'@{domain1}') OR endswith(mail,'@{domain2}') ... for all domains added

Required permission: User.Read.All

For more information, see Microsoft Graph docs .

Groups

The call uses the GET operation to retrieve information about Microsoft Entra groups.

URI: https://graph.microsoft.com/v1.0/groups

Required permission: GroupMember.Read.All

For more information, see Microsoft Graph docs .

Group membership

The call uses the GET operation to retrieve information about groups of which the user is a direct member.

URI: https://graph.microsoft.com/v1.0/users/{userId}/memberOf/microsoft.graph.group

Required permission: User.Read.All

For more information, see Microsoft Graph docs .

User credential registration details

The call uses the GET operation to retrieve credentialUserRegistrationDetails report. This report is only fetched if Collect user credential details report is selected when adding the connector.

URI: https://graph.microsoft.com/beta/reports/credentialUserRegistrationDetails

Required permission: Reports.Read.All

For more information, see Microsoft Graph docs .

Service principals

The call uses the GET operation to retrieve a list of service principals.

URI: https://graph.microsoft.com/v1.0/servicePrincipals

Required permission: Application.Read.All

For more information, see Microsoft Graph docs .

Sign Ins

The call uses the GET operation to retrieve a list of Microsoft Entra sign-ins from the last 24 hours or since the last aggregation period.

note

From the list of retrieved applications, the connector only fetches applications that are recognized in the Data Intelligence Service.

URI: https://graph.microsoft.com/v1.0/auditLogs/signIns

Required permission: AuditLog.Read.All

For more information, see Microsoft Graph docs .