Authorization Configuration for Microsoft Graph Security API
Question
You have a Microsoft 365 subscription.
You are setting up Microsoft Graph Security API to access a SIEM solution.
What type of authorization should you configure?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Correct Answer: C
You should choose an application-level authorization when configuring API permissions.
Application-level authorization is suited for scenarios where there is no signed-in user, as in a Security Information and Event Management solution.
/answer/imgckeditor_15.png)
Option A is incorrect.
User delegated authorization allows actions on behalf of a particular user.
Option B is incorrect.
Secrets is an authentication method.
Option D is incorrect.
Certification is also an authentication method.
To know more about Microsoft Graph Security API authorizations, please refer to the link below:
When configuring Microsoft Graph Security API to access a SIEM solution, the type of authorization to use will depend on the specific requirements and context of the scenario. However, in general, there are four types of authorization options available: User delegated authorization, Secret, Application-level authorization, and Certificate.
User delegated authorization is used when the access token is obtained on behalf of a user with their consent. This type of authorization allows the API to access only the data that the user has been granted access to. This is a good option when you want to access data that is specific to a user or when you need to perform actions on behalf of the user. For example, if the SIEM solution needs to access email data for a particular user, user delegated authorization would be appropriate.
A Secret is a shared key that is used to authenticate an application with the Graph API. This type of authorization is often used when the application needs to access data without user interaction. It is important to note that using a secret requires the application to be granted access to the appropriate permissions. This is a good option when you want to access data that is not specific to a user or when you need to perform actions that do not require user interaction.
Application-level authorization is similar to Secret, but instead of using a shared key, it uses an application ID and a certificate. This type of authorization is useful when you need to access data that is not specific to a user and when you want to limit access to the application itself. For example, if you want to access data from SharePoint or Teams, application-level authorization would be appropriate.
Certificate-based authorization is similar to Application-level authorization, but instead of using an application ID and a certificate, it uses a certificate that is installed on the server. This type of authorization is useful when you need to access data that is not specific to a user, but you want to limit access to a specific server or application instance.
In summary, the type of authorization to use when setting up Microsoft Graph Security API to access a SIEM solution will depend on the specific requirements of the scenario. User delegated authorization is appropriate when you want to access data specific to a user, Secret is useful when you need to access data that is not specific to a user, application-level authorization is useful when you want to limit access to the application, and certificate-based authorization is useful when you want to limit access to a specific server or application instance.